Reputation: 5957
How to enable suexec on a virtual host?
I'm using Apache2.2 and FastCgi to run PHP code (with php-fpm).
My FCGI config is the following and works fine:
User apache
Group apache
LoadModule fastcgi_module modules/mod_fastcgi.so
FastCgiIpcDir /var/run/mod_fastcgi
FastCgiConfig -idle-timeout 20 -maxClassProcesses 1
AddHandler php-script .php
Action php-script /php5-fcgi
AddType application/x-httpd-php .php
<Location "/php5-fcgi">
Order Deny,Allow
Deny from all
Allow from env=REDIRECT_STATUS
</Location>
My Virtual host is configured as following and works fine too:
<VirtualHost XX.XX.XXX.XXX:80>
DocumentRoot "/srv/apache/test"
ServerName my.domain.com
ErrorLog /srv/apache/test/logs/test.log
DirectoryIndex index.php
LogLevel debug
<Directory "/srv/apache/test/www">
Options +Indexes
Order allow,deny
Allow from all
</Directory>
Alias /php5-fcgi /var/www/cgi-bin/test/php.fcgi
FastCgiExternalServer /var/www/cgi-bin/test/php.fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization -idle-timeout 3600
<Directory "/var/www/cgi-bin/test">
Options +ExecCGI
SetHandler fastcgi-script
Order Deny,Allow
Allow from env=REDIRECT_STATUS
</Directory>
</VirtualHost>
My phpinfo() on my test page is shown. Now I would like to make it working with Apache's Suexec mod. So I add following lines to apache config:
# Into my virtualhost config
SuexecUserGroup www-test www-test
# Into my fastcgi config
FastCgiWrapper On
Then I chown to www-test user my fcgi script (/var/www/cgi-bin/test/php.fcgi) and my document root (/srv/apache/test).
I restart httpd and php-fpm services, I refresh my test page, and I got an error 500 with following logs:
==> /var/log/httpd/error_log <==
suexec failure: could not open log file
fopen: Permission denied
[Tue Nov 10 21:35:48 2015] [warn] FastCGI: (dynamic) server "/var/www/cgi-bin/test/php.fcgi" (pid 29704) terminated by calling exit with status '1'
[Tue Nov 10 21:35:53 2015] [warn] FastCGI: (dynamic) server "/var/www/cgi-bin/test/php.fcgi" (uid 505, gid 506) restarted (pid 29711)
==> /srv/apache/test/logs/test.log <==
[Tue Nov 10 21:36:05 2015] [error] [client 90.XXX.30.XX] FastCGI: comm with (dynamic) server "/var/www/cgi-bin/test/php.fcgi" aborted: (first read) idle timeout (20 sec)
[Tue Nov 10 21:36:05 2015] [error] [client 90.XXX.30.XX] FastCGI: incomplete headers (0 bytes) received from server "/var/www/cgi-bin/test/php.fcgi"
Do you have an idea of the configuration I may missed?
Edit : I've edit one of my Vhost directive as following:
FastCgiExternalServer /var/www/cgi-bin/test/php.fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization -user www-test -group www-test
Now my test page is working, but I execute a whoiam command with php and I get the apache user instead of my Suexec user (www-test).
Do you have any idea of the reason my Suexec config doesn't work.
Upvotes: 1
Views: 1675
Answers (1)
Reputation: 69937
PHP FPM needs to be configured to use a specific user.
Make sure the value in your pool configuration for user matches the Unix user you want PHP to execute as. Usually it defaults to www-data but this may have changed to www-user depending on how you compiled PHP.
Upvotes: 1
Related Questions
- Apache suExec is not working in Plesk 11 [Still using www-data default user]
- how to enable shell_exec and exec on php?
- suexec policy violation
- Unable to make suexec work with mod_fastcgi
- Apache FastCgi, PHP-FPM, Suexec Permission Denied Error
- Warning: SuexecUserGroup directive requires SUEXEC wrapper error
- apache + fastcgi + fpm Why is suexec required?
- how to check if my shared hosting has suexec or suphp
- PHP exec enabled?
- Enable exec function