基于最小权限原则正确设置php上传文件目录权限

博客迁移到新的服务器，发现上传图片报错了，一猜就知道肯定是目录权限问题。

之前上传文件目录一般直接给个777，如下

chmod -R 777 uploads

这样设置虽然简单，但是知道肯定是哪里不对，但又说不出来到底该怎么设置。

遇到又研究了一番，先来看看www.conf里面的两点设置

; Start a new pool named 'www'.
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[www]

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
user = nobody
group = nobody

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0660
listen.owner = nobody
listen.group = nobody
listen.mode = 0660

可以看到默认的运行用户和组都是nobody，再打开项目文件看到，这个时候uploads目录的用户和组都是root。

于是我们把uploads目录的用户和组设置成nobody

chown -R nobody:nobody uploads

再给uploads目录赋上可写权限

chmod -R 755 uploads

于是，大功告成，再也不用777了。