With NGINX and PHP-FPM, I'm having trouble configuring it for my web directory with the proper security. I have a user and group called example.com and they are chowned on /home/example.com/*. I want to run the PHP-FPM context under that. I then ran chown -R o-rwx /home/example.com/www to remove rwx permissions from anyone besides user and group. Well, when I load the web site, I get a 403 permissions error. So, I take the "other" (o) attribute and turn on r and x on the folder. I then do chmod o+r index.php. Now the 403 error goes away and I can load the page, but that's an improper configuration because I should be able to remove the "other" permission I thought?
In our FPM pool conf file, we set things like:
[example.com]
user: example.com
group: example.com
listen = /var/run/php-fpm-example.com.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
What are we doing wrong such that we have to enable the "other" permission on the web folder in order for the website to load with PHP-FPM?
