Struggling to set up suexec
Having difficulties in figuring out how to set suexec up on my debian lenny - for the purpose of allowing users to to run their own php without compromising security of others. I have installed and enabled mod_fcgid etc and everything is running fine thru fast cgi ().
My problem is that I am not sure what I have done/not done correctly with setting up suexec. Most of the articles I came across described how to set it with virtual hosts. My structure is this: 1 virtual host (actually I have a couple of other smaller sites on here but I could shift them off if I need to so irrelevant), and several user directories under this. e.g. http://virtualhostname/username/index.php etc. In actual fact ideally I would like to protect the files in the username directory and add an uploads subdirectory but am guessing that might not be possible. The reason being this is a SAAS type system and the username directories contain a few config files etc that users really shouldn't be able to get at - as well as symbolic links to appropriate php scripts that run the application. I have also installed mod_userdir and it is working fine i.e. if within my virtualhost config I set UserDir to /var/www/virtualhostname/*/uploads, the request http://virtualhostname/~username will display the contents of /var/www/virtualhostname/username/uploads - hence I think the only thing I am missing is somehow getting suexec in on it. I have enabled suexec but am guessing their are some settings I need to adjust before it will work with this structure - if it will work with this structure? Or do I need to somehow set this up under /home/user/public_html? Following another debian example I installed apache2-suexec-custom also - not sure if I was meant to uninstall anything else first. I can't see anything about suexec in the logs so I don't think it is even trying to be started meaning my configuration is mucked up a bit I guess. Any guidance would be much appreciated. 6pm here now in New Zealand but I will keep watching thru till midnight in the hope for a miracle cure. Was kind of hoping that enabling suexec and mod_userdir would just let this work but nothing is ever that simple! |
My log is in:
/var/log/apache2/suexec.log In one of my virtualhost definitions I have: SuexecUserGroup user1 user1 it is near the top and outside of any Directory definitions. user1's html dir is: /home/user1/html user1's cgi dir is: /home/user1/cgi chown user1:user1 chmod 705 all the cgi files are chown user1:user1 chmod 700 /home/user1 chown user1:user1 chmod 755 in the file /etc/apache2/suexec/www-data I have: /home The cgi files have to below /home in the dir tree. suexe is really picky about permissions. The log will help a lot! It will tell you if it ran the cgi or why it didn't. I only have one virtualhost setup using suexe and it works correctly, all cgi's execute as user1 while all other users still run as www-data. I have no experience with mod_userdir. I hope you can adapt some of this to help in your setup. Good luck. |
All times are GMT -5. The time now is 09:51 AM. |