Suexec: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 9: | Line 9: | ||
'''-r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi''' |
'''-r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi''' |
||
#!/bin/sh |
#!/bin/sh |
||
export PHP_FCGI_CHILDREN= |
export PHP_FCGI_CHILDREN=0 |
||
export PHP_FCGI_MAX_REQUESTS=4000 |
export PHP_FCGI_MAX_REQUESTS=4000 |
||
exec /usr/bin/php5-cgi |
exec /usr/bin/php5-cgi |
Revision as of 19:45, 22 January 2010
suexec is used allow Apache to isolate certain sites from the rest of the system by running them as users other than www-data (for example, webmail is run as www-webmail). The global suexec configuration is /etc/apache2/suexec/www-data, and suexec logs to /var/log/apache2/suexec.log.
Site Setup
Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the webmail).
dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper -r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi #!/bin/sh export PHP_FCGI_CHILDREN=0 export PHP_FCGI_MAX_REQUESTS=4000 exec /usr/bin/php5-cgi -rwxr-xr-x 1 root root 71 2010-01-20 21:34 php-cgi-suexec #!/bin/sh exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi
And here is the relevant line in the vhost configuration:
FCGIWrapper "/var/lib/roundcube/fcgi-wrapper/php-cgi-suexec" .php