Suexec: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 9: Line 9:
'''-r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi'''
'''-r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi'''
#!/bin/sh
#!/bin/sh
export PHP_FCGI_CHILDREN=3
export PHP_FCGI_CHILDREN=0
export PHP_FCGI_MAX_REQUESTS=4000
export PHP_FCGI_MAX_REQUESTS=4000
exec /usr/bin/php5-cgi
exec /usr/bin/php5-cgi

Revision as of 19:45, 22 January 2010

suexec is used allow Apache to isolate certain sites from the rest of the system by running them as users other than www-data (for example, webmail is run as www-webmail). The global suexec configuration is /etc/apache2/suexec/www-data, and suexec logs to /var/log/apache2/suexec.log.

Site Setup

Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the webmail).

dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper

-r-xr-xr-x 1 www-webmail www-webmail   95 2010-01-20 21:57 php-cgi
#!/bin/sh
export PHP_FCGI_CHILDREN=0
export PHP_FCGI_MAX_REQUESTS=4000
exec /usr/bin/php5-cgi

-rwxr-xr-x 1 root        root          71 2010-01-20 21:34 php-cgi-suexec
#!/bin/sh
exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi

And here is the relevant line in the vhost configuration:

FCGIWrapper "/var/lib/roundcube/fcgi-wrapper/php-cgi-suexec" .php