Suexec: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
This approach is not currently in use. View the history if you wish to learn about how it used to be set up. |
|||
[http://httpd.apache.org/docs/2.2/suexec.html suexec] is used allow [[Apache]] to isolate certain sites from the rest of the system by running them as users other than www-data (for example, webmail is run as www-webmail). The global suexec configuration is /etc/apache2/suexec/www-data, and suexec logs to /var/log/apache2/suexec.log. |
|||
[[Category:Software]] |
|||
== Site Setup == |
|||
Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the [[Webmail|webmail]]). |
|||
'''dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper''' |
|||
'''-r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi''' |
|||
#!/bin/sh |
|||
export PHP_FCGI_CHILDREN=0 |
|||
export PHP_FCGI_MAX_REQUESTS=4000 |
|||
exec /usr/bin/php5-cgi |
|||
'''-rwxr-xr-x 1 root root 71 2010-01-20 21:34 php-cgi-suexec''' |
|||
#!/bin/sh |
|||
exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi |
|||
And here is the relevant line in the vhost configuration: |
|||
FCGIWrapper "/var/lib/roundcube/fcgi-wrapper/php-cgi-suexec" .php |
|||
Note: As Apache seems to hang on reload, the init.d script for Apache has been modified to kill off all processes belonging to www-wiki and www-webmail. Though not an ideal solution, this should alleviate the immediate issue. |
Latest revision as of 14:08, 21 May 2012
This approach is not currently in use. View the history if you wish to learn about how it used to be set up.