I have some trouble running PHP-FPM after the PHP 7.4 update, due to my PostfixAdmin pool getting some permission errors.
The following error is reported when starting php-fpm.service :
$this->bbcode_second_pass_code('', '
$ sudo systemctl status php-fpm
* php-fpm.service - The PHP FastCGI Process Manager
Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2019-12-03 11:26:41 CET; 2h 52min ago
Process: 1030 ExecStart=/usr/bin/php-fpm --nodaemonize --fpm-config /etc/php/php-fpm.conf (code=exited, status=78)
Main PID: 1030 (code=exited, status=78)
Dec 03 11:26:40 rpi3 systemd[1]: Starting The PHP FastCGI Process Manager...
Dec 03 11:26:41 rpi3 php-fpm[1030]: [ERROR] unable to bind listening socket for address '/run/postfixadmin/postfixadmin.sock': Permission denied (13)
Dec 03 11:26:41 rpi3 php-fpm[1030]: [ERROR] unable to bind listening socket for address '/run/postfixadmin/postfixadmin.sock': Permission denied (13)
Dec 03 11:26:41 rpi3 php-fpm[1030]: [ERROR] FPM initialization failed
Dec 03 11:26:41 rpi3 php-fpm[1030]: [ERROR] FPM initialization failed
Dec 03 11:26:41 rpi3 systemd[1]: php-fpm.service: Main process exited, code=exited, status=78/CONFIG
Dec 03 11:26:41 rpi3 systemd[1]: php-fpm.service: Failed with result 'exit-code'.
Dec 03 11:26:41 rpi3 systemd[1]: Failed to start The PHP FastCGI Process Manager.
')
I openend a topic on the Arch forum but got removed because of the fact that I'm running on a Raspberry Pi ...
It is indeed againt the forum rules but I am 100% sure this is gonna happen to some vanilla Arch users too ..
This is linked to the following Arch bug : https://bugs.archlinux.org/task/64683
I have the following configuration set up :
$this->bbcode_second_pass_code('', '
/etc/php/php-fpm.d/postfixadmin.conf
[postfixadmin]
user = postfixadmin
group = postfixadmin
listen = /run/postfixadmin/postfixadmin.sock
;listen.owner = http
;listen.group = http
listen.acl_users = http
listen.acl_groups = http
pm = ondemand
pm.max_children = 4
')
$this->bbcode_second_pass_code('', '
/etc/php/php-fpm.d/www.conf
[www]
user = http
group = http
listen = /run/php-fpm/php-fpm.sock
;listen.owner = http
;listen.group = http
listen.acl_users = http
listen.acl_groups = http
pm = dynamic
pm.max_children = 120
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18
')
$this->bbcode_second_pass_code('', '
$ ls -l /run
...
drwxr-xr-x 2 root root 40 Nov 21 01:29 php-fpm
drwxrwxr-x+ 2 postfixadmin postfixadmin 40 Nov 21 01:29 postfixadmin
...
')
I tried to set up a /etc/tmpfiles.d/postfixadmin.conf to manually set the /run/postfixadmin directory correct permissions, without success
$this->bbcode_second_pass_code('', '
/etc/tmpfiles.d/postfixadmin.conf
z /etc/webapps/postfixadmin/*.php 0640 postfixadmin postfixadmin
Z %C/postfixadmin - postfixadmin postfixadmin
d %t/postfixadmin 755 postfixadmin postfixadmin
a+ %t/postfixadmin - - - - d:user:http:rw-
a+ %t/postfixadmin - - - - d:group:http:rw-
a+ %t/postfixadmin - - - - user:http:rwx
a+ %t/postfixadmin - - - - group:http:rwx
')
Which is setting the following ACL perms :
$this->bbcode_second_pass_code('', '
$ sudo getfacl /run/postfixadmin/
getfacl: Removing leading '/' from absolute path names
# file: run/postfixadmin/
# owner: postfixadmin
# group: postfixadmin
user::rwx
user:http:rwx
group::r-x
group:http:rwx
mask::rwx
other::r-x
default:user::rwx
default:user:http:rw-
default:group::r-x #effective:r--
default:group:http:rw-
default:mask::rw-
default:other::r-x
')
Anybody have an idea ?
Thanks for reading
