I successfully managed to make mod_fastcgi work with fpm, which enables me to set the user:group running the scripts via fpm pools definition. However, there is no similar alternative for, say, a python script run through mod_fastcgi, so i'm trying to learn how to use suexec to run whatever script through mod_fastcgi with the user:group i choose.
I'm starting from this working configuration:
#/etc/apache2/sites-available/test1
<VirtualHost *:80>
    ServerName test1.slothcompany.net
    DocumentRoot /var/www/test1
    LogLevel Debug
    ErrorLog /var/www/test1/error.log
    <Directory /var/www/test1/>
        Options Indexes Includes FollowSymLinks ExecCGI
        AllowOverride All
        DirectoryIndex index.php
        AddHandler php5-fastcgi .php
        Action php5-fastcgi /php5.fcgi
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
#/var/www/test1/php5.fcgi
#!/bin/bash
PHPRC="/var/www/test1/php.ini"
PHP_FCGI_CHILDREN=5
export PHPRC
export PHP_FCGI_CHILDREN
exec /usr/bin/php5-cgi
I put a phpInfo() inside /var/www/test1/index.php, which shows the correct php.ini path.
Now, to activate suexec i:
apache2-suexec: sudo apt-get install apache2-suexec
mod_suexec: sudo a2enmod suexec
sudo chown -R michele:michele /var/www/test1
SuexecUserGroup michele michele
sudo a2dissite test1 && sudo a2ensite test1 && sudo service apache2 restart
The user:group michele:michele exists in the system. When running test1.slothcompany.net i see the phpInfo() output exactly as before, and echo exec('whoami'); prints www-data instead of michele.
sudo /usr/lib/apache2/suexec -V tells me that the log file should be in /var/log/apache2/suexec.log, but no such file exists. Then, i know that apache should log in the error.log file the activation of the suexec wrapper, as a notice, but in the error.log no such notice is found as well. So, i suspect that for some reason suexec isn't starting at all.
I read here the list of checks suexec does to decide if the call is successfull, but i don't know how to check what the results of these checks are..it says they should be written in the suexec log file, but this file is never created, as it seems.
So, what i'm doing wrong?
Thank you all so much.
I finally managed to make it work, with the help of this post. There were two big issues with my first configuration: the first was that i didn't enable suexec to work with fastcgi (this requires to edit the fastcgi.conf configuration file); the second was that in my first virtual host i wasn't using fastcgi at all! I got this when i realized that the system worked the same after disabling fastcgi.
However, these are the final steps that worked for me (i tried them inside a Debian virtual machine created just for this):
Install packages (after adding non-free to /etc/apt/sources.list for libapache2-mod-fastcgi):
sudo apt-get install apache2 libapache2-mod-fastcgi apache2-suexec php5-cgi
Add a global fastcgi configuration:
sudo nano /etc/apache2/conf.d/fastcgi
# /etc/apache2/conf.d/fastcgi
FastCGIConfig -killInterval 60 -maxClassProcesses 1 -maxProcesses 50 -minProcesses 0 -startDelay 5
Enable suexec inside fastcgi configuration (remove the # from the FastCgiWrapper line):
sudo a2dismod fastcgi
sudo nano /etc/apache2/mods-available/fastcgi.conf
# /etc/apache2/mods-available/fastcgi.conf
<IfModule mod_fastcgi.c>
    AddHandler fastcgi-script .fcgi
    FastCgiWrapper /usr/lib/apache2/suexec
    FastCgiIpcDir /var/lib/apache2/fastcgi
</IfModule>
Enable apache modules:
sudo a2enmod fastcgi suexec actions
Create test site files:
sudo mkdir -p /var/www/vhosts/test
cd /var/www/vhosts/test
sudo mkdir cgi-bin etc httpdocs logs
sudo nano httpdocs/index.php
# /var/www/vhosts/test/httpdocs/index.php
<?php
echo exec('whoami');
phpInfo();
sudo nano cgi-bin/php5.fcgi
# /var/www/vhosts/test/cgi-bin/php5.fcgi
#!/bin/bash
export PHPRC=/var/www/vhosts/test/etc
export PHP_FCGI_CHILDREN=5
exec /usr/bin/php5-cgi
sudo chmod +x cgi-bin/php5.fcgi
sudo cp /etc/php5/cgi/php.ini etc/
sudo chown -R michele:michele .
Create apache virtual host:
sudo nano /etc/apache2/sites-available/test
# /etc/apache2/sites-available/test
<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName test.slothcompany.net
    LogLevel notice
    ErrorLog /var/www/vhosts/test/logs/error.log
    CustomLog /var/www/vhosts/test/logs/access.log combined
    ScriptAlias /php5.fcgi /var/www/vhosts/test/cgi-bin/php5.fcgi
    FastCgiServer /var/www/vhosts/test/cgi-bin/php5.fcgi -processes 1 -user michele -group michele -idle-timeout 310 -flush
    SuexecUserGroup michele michele
    DocumentRoot /var/www/vhosts/test/httpdocs
    <Directory /var/www/vhosts/test/httpdocs/>
        Options FollowSymLinks ExecCGI
        AllowOverride All
        Action php5.fcgi /php5.fcgi
        AddHandler php5.fcgi .php
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
sudo a2ensite test
Restart apache
sudo service apache2 restart
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With