Am Montag, 14. Mai 2007 19:09:55 schrieb Alli Quaknaa: > Another problem is that the binary/wrapper script must be owned by the > user you want it to run by. So, some solutions: > > 1. If you don't like the "php binary in every public_html directory" > solution you suggested because php binary is big and users would > easily change it (security risk) you have a chance to place there only > a wrapper script looking similar to this one: > > #!/bin/sh > PHPRC="/etc/php/cgi-php5" > export PHPRC > PHP_FCGI_CHILDREN=5 > export PHP_FCGI_CHILDREN > PHP_FCGI_MAX_REQUESTS=5000 > export PHP_FCGI_MAX_REQUESTS > exec /usr/lib/php5/bin/php-cgi
This is a fine solution however there is still one problem. Even the warpper has to live in /home/*/public_html or else I would get the "not in document root" error message from apache2 (suexec). On the other hand in the fcgid apache config I have to specify where the PHP wrapper lives. This would mean that I have to to add a config line like FCGIWrapper /home/krienke/public_html/php-wrapper .php for each user. So for say 1000 users I would need to have 1000 config lines and for each new user one more. Is there a way to work around this problem, something like: FCGIWrapper /home/*/public_html/php-wrapper .php unfortunately the /home/*/... -Solution is not allowed here. Can it be done somehow? Thanks a lot Rainer > 2. Solution I discovered lately, which I like really much, has some > pros and cons ... it's called mod_ruid - google for it. Usage - you > set up your Apache with mod_php (no mod_fcgid) and then set mod_ruid > to be loaded, it will suid every Apache process to the owner of the > file which is processed by that Apache process (or user set by > configfile, it supports both ways of configuration). This is an > advantage, because you don't have to change anything to add a new user > - see mod_vhost_alias or mod_vhs - you just add a new > directory/database entry and chown it to the new owner and everything > is done. > Disatvantage - every Apache process will carry PHP interpreter, so it > will be ~7MB bigger. This could be worked around with some light > webserver, such as Tux or lighttpd. I will take a look at this > Sorry for including non-mod_fcgid solution, I wanted my reply to be > complete. Hope it helps. > al-Quaknaa Thanks a lot for this additional information. Rainer Krienke -- --------------------------------------------------------------------------- Rainer Krienke, Universitaet Koblenz, Rechenzentrum, Raum A022 Universitaetsstrasse 1, 56070 Koblenz, Tel: +49 261287 -1312, Fax: -1001312 Mail: [EMAIL PROTECTED], Web: http://www.uni-koblenz.de/~krienke Get my public PGP key: http://www.uni-koblenz.de/~krienke/mypgp.html ---------------------------------------------------------------------------
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Mod-fcgid-users mailing list Mod-fcgid-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
