Another problem is that the binary/wrapper script must be owned by the user you want it to run by. So, some solutions:
1. If you don't like the "php binary in every public_html directory" solution you suggested because php binary is big and users would easily change it (security risk) you have a chance to place there only a wrapper script looking similar to this one: #!/bin/sh PHPRC="/etc/php/cgi-php5" export PHPRC PHP_FCGI_CHILDREN=5 export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=5000 export PHP_FCGI_MAX_REQUESTS exec /usr/lib/php5/bin/php-cgi owned by the user you want it to be run by and with "i" (immutable) xattr flag (you can set it this way: $ chattr +i php-wrapper unset it: $ chattr -i phpwrapper ) This way you would have to copy the wrapper to each user's docroot, chown it to the user and made it immutable. 2. Solution I discovered lately, which I like really much, has some pros and cons ... it's called mod_ruid - google for it. Usage - you set up your Apache with mod_php (no mod_fcgid) and then set mod_ruid to be loaded, it will suid every Apache process to the owner of the file which is processed by that Apache process (or user set by configfile, it supports both ways of configuration). This is an advantage, because you don't have to change anything to add a new user - see mod_vhost_alias or mod_vhs - you just add a new directory/database entry and chown it to the new owner and everything is done. Disatvantage - every Apache process will carry PHP interpreter, so it will be ~7MB bigger. This could be worked around with some light webserver, such as Tux or lighttpd. Sorry for including non-mod_fcgid solution, I wanted my reply to be complete. Hope it helps. al-Quaknaa ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Mod-fcgid-users mailing list Mod-fcgid-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
