Hi there. We are setting up a small web server running Nginx and PHP-FPM and have everything working very well at this point (a HUGE improvement over Apache2 for sure). The only stumbling block I'm running into is that I also want to avoid the 777 upload directories that come with mod_php. Right now Nginx runs as www-data, PHP-FPM runs as www-data, and domain webroots are owned by user:usergroup. With this setup, we have to chmod 777 our upload directories and it isn't clear to me how we can get around this requirement.
The only thing I have thought of was to create a unique PHP-FPM pool per domain and specify the user and group the FPM should run as for that domain. This could get unwieldy with a large number of users, and I'm not sure of the performance issues that this may or may not cause.
Hopefully someone here has some advice for me. My ultimate goal is to avoid having 777 directories, thereby separating the domains from each other (We aren't offering hosting, but we do have a few dozen domains on the same server). I'm very fresh to Nginx still, so any advice you can lend would be beneficial.
Thanks in advance!
[link][5 comments]