Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SuExec on Apache not working
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
r00t440
Tux's lil' helper
Tux's lil' helper


Joined: 14 Sep 2005
Posts: 89

PostPosted: Tue Jul 09, 2013 6:18 pm    Post subject: SuExec on Apache not working Reply with quote

Hello Gentooers,

I have installed php, apache, and fastcgi_handler by:
Code:
emerge dev-lang/php www-apache/mod_fastcgi_handler


I managed to make it work by updating the relevant lines in /etc/apache2/modules.d/70_mod_php5.conf

to:
Code:
# AddHandler application/x-httpd-php .php .php5 .phtml
# AddHandler application/x-httpd-php-source .phps
AddHandler fcgi:/var/run/php-fpm.socket .php .php5


and /etc/conf.d/apache2 to
Code:
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D SUEXEC -D LANGUAGE -D PHP5 -D FASTCGI_HANDLER"


In my document root, I have the following file (test.php) to verify the installation:
Code:
<?php
echo '<pre>';
var_dump(exec('whoami'));
var_dump(php_sapi_name());


I then have the following vhost:
Code:
<IfDefine DEFAULT_VHOST>
        <VirtualHost localhost:80>
                ServerName local.testdomain.com
                ServerAlias local.testdomain.com
                SuExecUserGroup foobar foobar
                DocumentRoot "/home/foobar/workspace/local.testdomain.com"
                <Directory "/home/foobar/workspace/local.testdomain.com">
                        Options Indexes FollowSymLinks
                        AllowOverride All
                        Order allow,deny
                        Allow from all
                </Directory>
        </VirtualHost>
</IfDefine>


Which results to: 501 Error
Code:
[Wed Jul 10 01:52:10 2013] [error] [client ::1] (13)Permission denied: access to / denied (filesystem path '/home/foobar/workspace/') because search permissions are missing on a component of the path


Moving the document root outside the user directory, the test.php seems to be executed properly, however I get this result:
Code:
string(6) "nobody"
string(8) "fpm-fcgi"


I'm expecting it to be:
Code:
string(6) "foobar"
string(8) "fpm-fcgi"


My assumption is that if I could get SuExec to work properly, it could traverse the user's directory without a problem.

In my deduction, this confirms that PHP-FPM is working correctly, however this directive: " SuExecUserGroup foobar foobar" doesn't. SuExec is surely working because I get the following line in the logs:
Code:
[Wed Jul 10 02:09:47 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)


I hope somebody could point to me what I am missing, and how I may possibly fix it.

Thanks in advance.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum