diff --git a/manifests/fpm/pool.pp b/manifests/fpm/pool.pp index 67ac5751f..a18bf00c8 100644 --- a/manifests/fpm/pool.pp +++ b/manifests/fpm/pool.pp @@ -24,6 +24,14 @@ # # [*listen_mode*] # +# [*listen_acl_users*] +# Array. When POSIX Access Control Lists are supported you can set them using +# this option. When set, listen.owner and listen.group are ignored. Value is +# an array of user names. +# +# [*listen_acl_groups*] +# See listen_acl_users. Value is an array of group names. +# # [*user*] # The user that php-fpm should run as # @@ -128,6 +136,8 @@ $listen_owner = undef, $listen_group = undef, $listen_mode = undef, + Array[String[1]] $listen_acl_users = undef, + Array[String[1]] $listen_acl_groups = undef, $user = $php::fpm::config::user, $group = $php::fpm::config::group, Optional[String[1]] $apparmor_hat = undef, @@ -186,6 +196,16 @@ default => $php::fpm::package, } + # 'php-fpm' expects a comma separated list of user names + unless $listen_acl_users.empty { + $real_listen_acl_users = join(flatten($listen_acl_users).unique, ",") + } + + # 'php-fpm' expects a comma separated list of group names + unless $listen_acl_groups.empty { + $real_listen_acl_groups = join(flatten($listen_acl_groups).unique, ",") + } + $pool_base_dir = pick_default($base_dir, $php::fpm::config::pool_base_dir, $php::params::fpm_pool_dir) if ($ensure == 'absent') { file { "${pool_base_dir}/${pool}.conf": diff --git a/templates/fpm/pool.conf.erb b/templates/fpm/pool.conf.erb index 99981d195..24f2f6f3a 100644 --- a/templates/fpm/pool.conf.erb +++ b/templates/fpm/pool.conf.erb @@ -38,6 +38,12 @@ listen.mode = <%= @listen_mode %> <% else -%> ;listen.mode = 0660 <% end -%> +<% if @real_listen_acl_users -%> +listen.acl_users = <%= @real_listen_acl_users %> +<% end -%> +<% if @real_listen_acl_groups -%> +listen.acl_groups = <%= @real_listen_acl_groups %> +<% end -%> ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group