让PHP和普通用户编辑相同文件的三种方法 [英] three ways to let PHP and a regular user edit the same files

问题描述

我是一名Web开发人员，对于一些即将到来的项目，我想使用基于文件的CMS.这意味着我在开始时创建的许多文件必须稍后可由PHP用户编辑，但对于我的用户仍然保持可编辑状态(反之亦然).我的PC运行着Debian 9，我很喜欢但我并不了解，但我也刚刚用Debian 9设置了本地网络服务器来进行备份和可能的文件共享.(我正在使用 Webmin 进行配置，这反映了我的命令行技能水平.)

I am a web developer, and for some upcoming projects I would like to use a file-based CMS. This means that many of the files I create at the start must be editable by the PHP user later, but also remain editable for my user (and also the other way around). My PC runs Debian 9, which I love but am not super knowledgeable about, and I have also just set up a local network server with Debian 9 for backups and possibly file sharing. (I'm using Webmin to configure this, which reflects my level of command line skills).

在我的在线共享托管服务器上，PHP用户和FTP用户似乎相同，并且644/755权限可以正常工作，我所使用的CMS也建议这样做.我想在我的计算机上模仿这个，所以我不必一直在弄弄权限.但是我该怎么做呢?目前，我的普通用户( anna )无权访问 www-data 的文件，反之亦然.将它们放在同一组中仍然意味着更改文件权限.使 anna 成为PHP用户是一个坏主意(据我所知)，因为 anna 具有 sudo 权限.

On my online shared hosting server, the PHP user and the FTP user seem to be the same, and 644/755 permissions work fine, this is also recommended by the CMS I'm using. I would like to mimic this on my computer so I don't have to fiddle with permissions all the time. But how do I do this? Currently, my regular user (anna) does not have access to www-data's files and vice versa. Putting them in the same group still means changing file permissions. Making anna the PHP user is a Bad Idea (as far as I understand it) because anna has sudo permissions.

到目前为止，我已经研究了三种我不太了解的可能的解决方案，我想知道哪种是最好的选择.

So far I have researched three possible solutions that I don't really know very much about, and I would like to know which is the best route to take.

1. 在我的计算机上本地开发并使用 apache-mpm-itk 或suPHP让PHP编辑文件(我从另一个ServerFault线程在这里提供帮助).
2. 使用

1. Develop locally on my computer and use apache-mpm-itk or suPHP to let PHP edit the files (I got that idea from this question on ServerFault).
2. Develop locally on my computer and rsync the files to my server with grunt-rsync, and somehow get rsync to set the ownership to www-data (another ServerFault thread helping here).
3. Mount the project's server directory, which is owned by www-data, on my computer with SSHFS and then either edit the files on the server directly or copy them over from my local directory with grunt-copy.

您怎么看:从安全性和易用性的角度来看，哪种方法最好?还是您知道更好的人?

What do you think: from a security and ease of use perspective, which is the best way? Or do you know an even better one?

感谢您抽出宝贵的时间阅读和思考此问题！
安娜〜

Thank you for taking the time to read and think about this!
Anna~

推荐答案

我知道了！最后，我最终阅读了有关将PHP作为CGI而不是作为Apache模块运行的信息，这将解决我的权限问题.另外，据我了解，当我是本地计算机上唯一使用它的人时，无需采取额外的安全预防措施.

I figured it out! I finally ended up reading about running PHP as CGI instead of as an Apache module, and that this would solve my permissions problem. Plus, as far as I understand it, there are no extra security precautions to take when I'm the only one working with it on my local computer.

如果有人发现这可能对您有所帮助，这是我的工作(基本上遵循

In case someone comes across this who might find it helpful, here's what I did (basically following these instructions):

1. 我安装了 php7.0-fpm

2. 编辑/etc/apache2/sites-enabled/000-default.conf ，并将以下内容放在</VirtualHost> 之前:

1. I installed php7.0-fpm

2. Edited /etc/apache2/sites-enabled/000-default.conf and put the following just before </VirtualHost>:

DirectoryIndex index.php
<LocationMatch "^(.*\.php)$">
    ProxyPass fcgi://127.0.0.1:9000/var/www/html
</LocationMatch>

我激活了Apache模块 proxy_fcgi (通过Webmin，显然可以自动重启Apache)

在/etc/php/7.0/fpm/pool.d/www.conf 中，我注释了一条侦听行，并在下面放置了另一行:

I activated the Apache module proxy_fcgi (via Webmin, which apparently does an automatic Apache restart)

In /etc/php/7.0/fpm/pool.d/www.conf I commented out a listen line and put another below like this:

; listen = /run/php/php7.0-fpm.sock
listen = 127.0.0.1:9000

然后我使用以下命令重新启动PHP-FPM:/etc/init.d/php7.0-fpm restart (与说明略有不同，我使用的是Debian 9).之后，phpinfo()给了我服务器API"FPM/FastCGI".

最后，我在三个位置将用户和组从 www-data 更改为 anna ，两次在/etc/php/7.0/fpm/pool.d/www.conf ，然后再次在/usr/lib/tmpfiles.d/php7.0-fpm.conf 中(最后一点可能是特定于Ubuntu/Debian的，我感谢Keith的

I then restarted PHP-FPM with this command: /etc/init.d/php7.0-fpm restart (a little different from the instructions, I'm on Debian 9). After that, phpinfo() gave me the Server API "FPM/FastCGI".

And finally, I changed the user and group from www-data to anna in three places, twice in /etc/php/7.0/fpm/pool.d/www.conf and then once more in /usr/lib/tmpfiles.d/php7.0-fpm.conf (this last bit may be Ubuntu/Debian specific, my thanks go to Keith for a comment on StackExchange).

就是这样！:-)

这篇关于让PHP和普通用户编辑相同文件的三种方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！