Suexec: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
This approach is not currently in use. View the history if you wish to learn about how it used to be set up.
[http://httpd.apache.org/docs/2.2/suexec.html suexec] is used allow [[Apache]] to isolate certain sites from the rest of the system by running them as users other than www-data (for example, webmail is run as www-webmail). The global suexec configuration is /etc/apache2/suexec/www-data, and suexec logs to /var/log/apache2/suexec.log.


[[Category:Software]]
== Site Setup ==

Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the [[Webmail|webmail]]).

'''dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper'''
'''-r-xr-xr-x 1 www-webmail www-webmail 95 2010-01-20 21:57 php-cgi'''
#!/bin/sh
export PHP_FCGI_CHILDREN=0
export PHP_FCGI_MAX_REQUESTS=4000
exec /usr/bin/php5-cgi
'''-rwxr-xr-x 1 root root 71 2010-01-20 21:34 php-cgi-suexec'''
#!/bin/sh
exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi

And here is the relevant line in the vhost configuration:

FCGIWrapper "/var/lib/roundcube/fcgi-wrapper/php-cgi-suexec" .php

Note: As Apache seems to hang on reload, the init.d script for Apache has been modified to kill off all processes belonging to www-wiki and www-webmail. Though not an ideal solution, this should alleviate the immediate issue.

Latest revision as of 14:08, 21 May 2012

This approach is not currently in use. View the history if you wish to learn about how it used to be set up.