Automatically update CentOS 7 with yum-cron

  1. Install yum-cron:
    sudo yum -y install yum-cron
  2. Open /etc/yum/yum-cron.conf in your favorite editor and make sure each of the following values are set to ‘yes’.
    update_messages = yes
    download_updates = yes
    apply_updates = yes
  3. Other optional settings in yum-cron.conf
    # Change from 'default' to 'security'
    # if you only want security fixes.
    update_cmd = security
    # For email alerts (recommended):
    email_to = you@domain.com 
    # If you use a different mail host:
    email_host = smtp.domain.com
  4. Start the service:
    sudo systemctl start yum-cron
  5. Enable the service (makes sure it will start again after a reboot.)
    sudo systemctl enable yum-cron

File ownership considerations with Nginx and php-fpm

I recently switched my CentOS 7 web server over to Nginx and php-fpm.

From my experience with Apache I assumed that PHP scripts would be executed by the same user the web server is running as — ‘nginx’ in this case. But this could no longer be taken for granted since php-fpm is a separate process from the web server.

In my configuration php-fpm was actually running as the ‘apache’ user. This meant any files that need to be writable by PHP scripts should still be owned by that user or group rather than ‘nginx’.

A common scenario where this matters is if your users need to be able to install WordPress updates, Plugins, or Themes via the browser without entering additional credentials. In order for this to work, the web server (or in this case, php-fpm) must be able to write to the files in question.

If you are wrestling with file permissions, or are unsure of the correct permissions to set in this scenario, be sure to confirm which user and group are specified in /etc/php-fpm.d/www.conf

# grep "^user\|^group" /etc/php-fpm.d/www.conf 
user = apache
group = apache

Or you can check the actual running process with pstree:

$ pstree -ua | grep "nginx\|php"
  |-nginx
  |   |-nginx,nginx
  |   |-nginx,nginx
  |   |-nginx,nginx
  |   |-nginx,nginx
  |   |-nginx,nginx
  |   |-nginx,nginx
  |   |-nginx,nginx
  |   `-nginx,nginx
  |-php-fpm
  |   |-php-fpm,apache              
  |   |-php-fpm,apache              
  |   |-php-fpm,apache              
  |   |-php-fpm,apache              
  |   |-php-fpm,apache              
  |   |-php-fpm,apache              
  |   `-php-fpm,apache