If you attempt to use the `listen.acl_users` or `listen.acl_groups` configuration directives, you get: > [04-Dec-2016 16:44:26] ERROR: [/etc/php/fpm-php7.0/fpm.d/www.conf:53] unknown entry 'listen.acl_users' > [04-Dec-2016 16:44:26] ERROR: Unable to include /etc/php/fpm-php7.0/fpm.d/www.conf from /etc/php/fpm-php7.0/php-fpm.conf at line 53 > [04-Dec-2016 16:44:26] ERROR: failed to load configuration file '/etc/php/fpm-php7.0/php-fpm.conf' > [04-Dec-2016 16:44:26] ERROR: FPM initialization failed Recompiling php with EXTRA_ECONF="--with-fpm-acl" enables Posix ACLs for the fpm SAPI and resolves the error when using those directives. > $ getfacl /run/php-fpm.sock > getfacl: Removing leading '/' from absolute path names > # file: run/php-fpm.sock > # owner: root > # group: root > user::rw- > user:www:rw- > group::rw- > mask::rw- > other::---
The latest three revisions -- for 5.6, 7.0 and 7.1 -- should all have this now with USE=acl. commit 50ae0032a52c0a95f8397cb623ee48b7b3292663 Author: Michael Orlitzky <mjo@gentoo.org> Date: Thu Dec 8 19:25:30 2016 -0500 dev-lang/php: three new revisions adding ACL support for php-fpm. The php-fpm backend can be used to host multiple applications with different settings and permissions. Traditionally, permissions on its UNIX socket are granted to the "listen.owner" and "listen.group" defined in php-fpm.conf. However, php-fpm can be compiled with POSIX ACL support, after which the more-powerful "listen.acl_users" and "listen.acl_groups" can be used. This commit adds three new revisions -- one for each supported branch of PHP. To each new revision, the "acl" USE flag has been added. When USE=acl is set, sys-apps/acl gets pulled in as a dependency, and "--with-fpm-acl" is passed to the configure script. Gentoo-Bug: 601634 Package-Manager: portage-2.3.0
