Difference between revisions of "Suexec"

From CSCWiki
Jump to navigation Jump to search
(created suexec entry)
 
Line 3: Line 3:
 
== Site Setup ==
 
== Site Setup ==
   
Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the [[Webmail|webmail]].
+
Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the [[Webmail|webmail]]).
   
 
'''dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper'''
 
'''dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper'''

Revision as of 00:08, 21 January 2010

suexec is used allow Apache to isolate certain sites from the rest of the system by running them as users other than www-data (for example, webmail is run as www-webmail). The global suexec configuration is /etc/apache2/suexec/www-data, and suexec logs to /var/log/apache2/suexec.log.

Site Setup

Here's an example of what's needed to suexec isolate a specific site (this example is the setup for the webmail).

dr-xr-xr-x 2 www-webmail www-webmail 4096 2010-01-20 21:57 /var/lib/roundcube/fcgi-wrapper

-r-xr-xr-x 1 www-webmail www-webmail   95 2010-01-20 21:57 php-cgi
#!/bin/sh
export PHP_FCGI_CHILDREN=3
export PHP_FCGI_MAX_REQUESTS=4000
exec /usr/bin/php5-cgi

-rwxr-xr-x 1 root        root          71 2010-01-20 21:34 php-cgi-suexec
#!/bin/sh
exec /usr/lib/apache2/suexec www-webmail www-webmail php-cgi

And here is the relevant line in the vhost configuration:

FCGIWrapper "/var/lib/roundcube/fcgi-wrapper/php-cgi-suexec" .php