Re: PHP4 + ApacheVirtualHosts + SUEXEC
Eirik Dentz wrote:
>
> I have a virtual host configured under Apache 1.3.14 with SUEXEC support
> enabled. My CGI/Perl scripts run as the USER/GROUP specified in the Virtual
> Host directive in my httpd.conf file as they should, but for some reason my
> PHP4 scripts don't. Rather they are running as the default USER/GROUP
> specified in httpd.conf
..because you have built PHP as a module.
> PHP4 is running as a DSO module. I haven't tried it yet, but I figure that
> if I switch to using PHP4 as a CGI it will run as the Virtual USER/GROUP and
> solve this problem.
Yes.
> Is running PHP4 as a CGI the only solution?
Unfortunately, yes.
> Also, what are the disadvantages of running PHP4 as a .cgi?
Some functions are only available when PHP is running as a module.
(I suggest searching for 'module' in the PHP standalone documentation - bigmanual.html)
e.g. : The script can not return 401 unauthorized response - this was one serious
drawback I found. (But this is one of the _not documented_ disadvantages ;)
> Any help would be greatly appreciated.
I have asked this question several months ago on various PHP lists.
The only answer I got was from the guy who developed PHP-LIB.
They run PHP as a CGI with SBOX (like SUEXEC, but also chroots) using cookie based
authentication (instead of http auth) where authentication is required.
In my opinion, this is the only way to run PHP securely on a server where
independent virtual webs are served by the same httpd. (Of course, you
might consider having each VW run its own httpd with PHP as a module..)
.SiCk of IT.
Reply to: