lnmp多用户安全运行环境(chroot)(4)
4、安装mini_sendmail,chroot环境下使用
#must install glibc-static under RHEL 6
yum install -y glibc-static
cd /usr/local/src
wget -c http://www.acme.com/software/mini_sendmail/mini_sendmail-1.3.6.tar.gz
tar -zxf mini_sendmail-1.3.6.tar.gz
cd mini_sendmail-1.3.6
wget -c http://dl.icodex.org/mini_sendmail_1.3.6.patch.tar.gz
tar -zxf mini_sendmail_1.3.6.patch.tar.gz
patch -p0 < mini_sendmail_1.3.6.patch
make
/usr/bin/install -m 755 mini_sendmail /home/chroot/usr/sbin/sendmail
四、编译PHP,这里选择了最新版本5.4.19。
1、首先创建用户
/usr/sbin/groupadd -g 999 -o -r www
/usr/sbin/useradd -M -g www -o -r -d /var/www/html -s /bin/false -c "Web Server" -u 999 www
2、开始编译
cd /usr/local/src
wget http://www.php.net/get/php-5.4.19.tar.bz2/from/hk2.php.net/mirror
tar -jxf php-5.4.19.tar.bz2
cd php-5.4.19/
if [ `getconf WORD_BIT` = '32' ] && [ `getconf LONG_BIT` = '64' ] ; then withlib="--with-libdir=lib64" ; else withlib="--with-libdir=lib" ; fi
./configure --prefix=/usr/local/php5.4 --with-config-file-path=/usr/local/php5.4/etc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-libxml-dir --with-pcre-regex --enable-xml --disable-phar --disable-rpath --enable-calendar --enable-bcmath --enable-calendar --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --with-ldap --with-ldap-sasl --enable-exif --enable-soap --enable-fpm --with-fpm-user=www --with-fpm-group=www --enable-soap --with-snmp --enable-wddx --enable-mbstring --with-mcrypt --enable-ftp --with-gd --enable-gd-native-ttf --enable-gd-jis-conv --with-openssl --with-mhash --enable-mysqlnd --with-mysql=mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --enable-pdo --with-sqlite3 --with-pdo-sqlite --enable-pcntl --enable-sockets --with-xmlrpc --with-imap --with-imap-ssl --with-kerberos --with-tidy --with-bz2 --enable-zip --with-zlib --with-zlib-dir --enable-tokenizer --without-pear --with-gettext --disable-ipv6 --disable-debug $withlib
make ZEND_EXTRA_LIBS='-liconv'
make install
3、设置开机启动脚本
/usr/bin/install -m 755 sapi/fpm/init.d.php-fpm /etc/rc.d/init.d/php-fpm
sed -i '/### END INIT INFO/a\umask 072' /etc/rc.d/init.d/php-fpm # 该项是为了使chroot环境下php进程创建的文件(包括临时文件、上传的文件等)符合基本安全权限进行的设置
/sbin/chkconfig --add php-fpm
/sbin/chkconfig php-fpm on
4、安装pear,新版本编译安装时都没pear了
cd /usr/local/src
wget http://pear.php.net/go-pear.phar
/usr/local/php5.4/bin/php go-pear.phar
5、设置php.ini和常用的两个软链接
/bin/cp php.ini-production /usr/local/php5.4/etc/php.ini
ln -s /usr/local/php5.4/bin/php /usr/bin/php
ln -s /usr/local/php5.4/bin/phpize /usr/bin/phpize
6、创建php-fpm配置文件
mkdir /usr/local/php5.4/etc/fpm.d
cat >/usr/local/php5.4/etc/php-fpm.conf <<EOF
include=etc/fpm.d/*.conf
[global]
pid = run/php-fpm.pid
error_log = log/php-fpm.log
log_level = warning
emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 5s
process.max = 500
daemonize = yes
rlimit_files = 51200
rlimit_core = 0
events.mechanism = epoll
EOF
设置第一个php-fpm pool,文件名default.conf。
cat >/usr/local/php5.4/etc/fpm.d/default.conf <<EOF
[www]
listen = 127.0.0.1:9001
;listen = /usr/local/php5.4/var/run/php-fpm-www.sock
listen.allowed_clients = 127.0.0.1
listen.backlog = 8192
listen.mode = 0666
listen.owner = www
listen.group = nobody
user = www
group = nobody
- 上一篇:Linux下时钟同步ntpd服务配置方法汇总
- 下一篇:查看CentOS版本方法
