Bug#528062: Supplied patch breaks working installations with php and suexec

To: 528062@bugs.debian.org
Subject: Bug#528062: Supplied patch breaks working installations with php and suexec
From: Christopher Huhn <c.huhn@gsi.de>
Date: Tue, 19 Oct 2010 17:53:53 +0200
Message-id: <[🔎] 4CBDBF11.1060309@gsi.de>
Reply-to: Christopher Huhn <c.huhn@gsi.de>, 528062@bugs.debian.org

Hi,

I tested the patch for a Lenny server with quite some public_htmlUserDirs - I suspect that my observations also apply to Squeeze.

The behavior of our configuration with the default Apache packages isthat normal CGI scripts in public_html dirs are running under the ownersuid, while php scripts are executed as www-data. We don't use fcgid.Our desired behavior would be that CGI scripts as well as PHP scriptsrun under the owners uid. This can be quite easily setup with suphp, buta solution that only requires suexec would be nice.

With the supplied patch PHP scripts are run under the owners uid *if andonly if* the php binary is copied to every public_html dir that containsphp scripts, symlinking does not seem to work here.Also mod_action has to be configured correctly (which I did not figureout yet for *many* userdirs).

Without further action the patch completely breaks PHP script execution(Error 500) beneath user dirs when suexec is enabled.

IMHO it is far from production ready. For only few different users it israther simple to set up different vhosts with explicit SuexecUserGroupconfigs that will give you the same results.


Just my ¢ 2,
    Christopher

Reply to:

Prev by Date: Bug#600579: marked as done (/usr/sbin/apache2: typing error in default-ssl)
Next by Date: Bug#601033: apache2.2-common: AddOutputFilterByType is deprecated but used in deflate.conf
Previous by thread: Bug#600579: marked as done (/usr/sbin/apache2: typing error in default-ssl)
Next by thread: Bug#601033: apache2.2-common: AddOutputFilterByType is deprecated but used in deflate.conf
Index(es):
- Date
- Thread