S.Lukas S.Lukas - 2 months ago 14x
PHP Question

Run PHP under ec2-user on my EC2 instance

I have an EC2 instance hosting my website. I am trying to use the AWS SES PHP API which has installed itself in my home directory (/home/ec2-user/)

My web server (/var/www/html/) needs to reference a credentials file and the API itself which are both stored in the home folder.

The problem is that the user 'apache' which is what PHP runs under by default does not have access to the home folder.

Should I add 'apache' to some kind of group that can access the home folder or should I run PHP under my 'ec2-user'?


These kinds of server restrictions are made deliberately. In a perfect scenario the user running your web server (apache in your instance) should only be able to access files within the web root. This is done to provide security reassurance that malicious scripts cannot exploit your server, e.g. if you've given access to apache to the ec2-user home directory, it's feasible that this could be exploited to access /home/ec2-user/.ssh and its contents (for example).

The best option for you is to install the PHP SDK within your web root. You can do this easily using composer.

Keep files for the web inside your web root. Don't circumvent the default security restrictions unless you know what you're doing and have a good reason for doing it!