Hello About two weeks ago, I upgraded by box that hosts several sites from FreeBSD 9.x to 10.x. The server was configured with suexec in-order to ensure that php scripts run as certain users, not as www.
However, after the upgrade, suexec is broken. All sites now run as apache user www instead of their respective users. I maintained apache22 and php55. The sites load, but I've permission issues whenever website owner tries to upload content.
I've done everything I can, read all the tutorials, but still my suexec is failing to work when I test php script. What could I be doing wrong? Kindly double check my configurations below. Thanks
//loaded modules shows fscgi and suexec are loaded.
//additional info on modules
//php -v
//sample virtual host file
//php.cgi
However, after the upgrade, suexec is broken. All sites now run as apache user www instead of their respective users. I maintained apache22 and php55. The sites load, but I've permission issues whenever website owner tries to upload content.
I've done everything I can, read all the tutorials, but still my suexec is failing to work when I test php script. What could I be doing wrong? Kindly double check my configurations below. Thanks
Code:
//Apache22
# httpd -v
Server version: Apache/2.2.21 (FreeBSD
Code:
# apachectl -M
Loaded Modules:
core_module (static)
mpm_prefork_module (static)
http_module (static)
so_module (static)
authn_file_module (shared)
authn_dbm_module (shared)
authn_anon_module (shared)
authn_default_module (shared)
authn_alias_module (shared)
authz_host_module (shared)
authz_groupfile_module (shared)
authz_user_module (shared)
authz_dbm_module (shared)
authz_owner_module (shared)
authz_default_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
file_cache_module (shared)
cache_module (shared)
disk_cache_module (shared)
dumpio_module (shared)
reqtimeout_module (shared)
filter_module (shared)
charset_lite_module (shared)
deflate_module (shared)
log_config_module (shared)
logio_module (shared)
env_module (shared)
mime_magic_module (shared)
cern_meta_module (shared)
expires_module (shared)
headers_module (shared)
usertrack_module (shared)
unique_id_module (shared)
setenvif_module (shared)
version_module (shared)
ssl_module (shared)
mime_module (shared)
dav_module (shared)
asis_module (shared)
suexec_module (shared)
vhost_alias_module (shared)
negotiation_module (shared)
dir_module (shared)
imagemap_module (shared)
actions_module (shared)
speling_module (shared)
alias_module (shared)
rewrite_module (shared)
fcgid_module (shared)
wsgi_module (shared)
php5_module (shared)
mono_module (shared)
Syntax OK
Code:
# pkg which /usr/local/libexec/apache22/mod_cgi.so
/usr/local/libexec/apache22/mod_cgi.so was installed by package apache22-2.2.31_1
# pkg which /usr/local/libexec/apache22/mod_suexec.so
/usr/local/libexec/apache22/mod_suexec.so was installed by package apache22-2.2.31_1
# pkg which /usr/local/libexec/apache22/mod_fcgid.so
/usr/local/libexec/apache22/mod_fcgid.so was installed by package ap22-mod_fcgid-2.3.9
Code:
PHP 5.5.38 (cli) (built: Oct 19 2016 03:36:31)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2015, by Zend Technologies
//php55
make showconfig
===> The following configuration options are available for php55-5.5.38_2:
CLI=on: Build CLI version
CGI=on: Build CGI version
FPM=on: Build FPM version
EMBED=off: Build embedded library
DEBUG=off: Enable debug
DTRACE=off: Enable DTrace support
IPV6=on: Enable ipv6 support
MAILHEAD=off: Enable mail header patch
LINKTHR=on: Link thread lib (for threaded extensions)
ZTS=off: Force Zend Thread Safety (ZTS) build
===> Use 'make config' to modify these settings
//suexec
/usr/local/sbin/suexec -V
-D AP_DOC_ROOT="/usr/virtual/"
-D AP_GID_MIN=5
-D AP_HTTPD_USER="www"
-D AP_LOG_EXEC="/var/log/httpd-suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=5
-D AP_USERDIR_SUFFIX="public_html"
Code:
<VirtualHost XXX.XXX.XXX.XXX:80>
ServerName example.com
ServerAlias [URL="http://www.example.com"]www.example.com[/URL]
DocumentRoot /usr/virtual/example.com/public_html
SuexecUserGroup adm258 adm2130
ErrorLog /var/log/apache22/example.com_error.log
CustomLog /var/log/apache22/example.com_access.log combined
<Directory /usr/virtual/example.com/public_html>
AddHandler fcgid-script .php
FCGIWrapper /usr/virtual/example.com/public_html/cgi-bin/php.cgi
Allow from all
AllowOverride All
Order allow,deny
</Directory>
Alias /awstatsclasses /usr/virtual/example.com/public_cgi/awstats/classes/
Alias /awstatscss /usr/virtual/example.com/public_cgi/awstats/css/
Alias /awstatsicons /usr/virtual/example.com/public_cgi/awstats/icons/
ScriptAlias /awstats/ /usr/virtual/example.com/public_cgi/awstats/cgi-bin/
<Directory /usr/virtual/example.com/public_cgi/awstats/>
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Code:
#!/bin/sh
# Shell Script To Run PHP5 using mod_fastcgi under Apache 2.x
### Set PATH ###
PHP_CGI=/usr/local/php5/bin/php-cgi
#PHP_CGI=/usr/local/bin/php-cgi
PHP_FCGI_CHILDREN=0
PHP_FCGI_MAX_REQUESTS=10000
### no editing below ###
export PHP_FCGI_CHILDREN
export PHP_FCGI_MAX_REQUESTS
exec $PHP_CGI