subject:"Re\: \[Mod\-fcgid\-users\] apache2\-mpm\-itk different php versions per user php.ini \/ mod

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread mrg

 

Yes the socket -i think- is created by apache with user root, only the child
get wwwrun and his child with mpm-itk get f.e. web589

 

So if we find the function create the socket, there it have to be created
with the user of mpm-itk. 

May at this time the user is unknown.

May it is possible to create socket with 0777 instead of 0700 (may sec issue
but in test cases).

 

But i did not find the create function

 

 

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Samstag, 23. Februar 2013 02:51
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

Right. The Unix socket is already owned by wwwrun and the chown is being
executed by a different uid, I think. We need to enforce not only the chown
but also the creation of the socket. It will be in another function. 

Josiah 

On Feb 22, 2013 5:48 PM, mailto:m...@unimx.de> > wrote:

We test:

 

/* Correct the file owner */

 

if (!geteuid()) {

 

 

//#if defined(MPM_ITK)

//if (chown(unix_addr.sun_path, procnode->uid, -1) < 0) {

if (chown(unix_addr.sun_path, "web589", -1) < 0) {

//#else

//if (chown(unix_addr.sun_path, ap_unixd_config.user_id, -1) < 0) {

//#endif

ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,

 "mod_fcgid: couldn't change owner of unix domain
socket %s",

 unix_addr.sun_path);

close(unix_socket);

return errno;

}

}

 

But the same:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:44 5690.2

 

(13)Permission denied: mod_fcgid: can't lock process table in pid

 

 

Von: m...@unimx.de <mailto:m...@unimx.de>  [mailto:m...@unimx.de
<mailto:m...@unimx.de> ] 
Gesendet: Samstag, 23. Februar 2013 02:33
An: mod-fcgid-users@lists.sourceforge.net
<mailto:mod-fcgid-users@lists.sourceforge.net> 
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

Thanks, but it does not work:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6

 

error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid

 

patch and compile without error

 

greets martin

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
<mailto:mod-fcgid-users@lists.sourceforge.net> 
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

 

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

 

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 <
mpm-itk_mod-fcgid.patch

 

Josiah

 

On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de <mailto:m...@unimx.de>
mailto:m...@unimx.de> > wrote:

Hello Group,

the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:

Permission denied: mod_fcgid: can't lock process table in pid

socket dir:

srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0

The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)

So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187

if (!geteuid()) {
+#if defined(MPM_ITK)
+if (chown(process->socket, process->uid, -1) < 0) {
+#else
   if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
+#endif
   ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
"mod_wsgi (pid=%d): Couldn't change owner of
unix "
"domain socket '%s'.", getpid(),

Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.


Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)


OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?

Thanks
Martin


---

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread Josiah Purtlebaugh

Right. The Unix socket is already owned by wwwrun and the chown is being
executed by a different uid, I think. We need to enforce not only the chown
but also the creation of the socket. It will be in another function.

Josiah
On Feb 22, 2013 5:48 PM,  wrote:

> We test:
>
> ** **
>
> /* Correct the file owner */
>
> ** **
>
> if (!geteuid()) {
>
> ** **
>
> ** **
>
> //#if defined(MPM_ITK)
>
> //if (chown(unix_addr.sun_path, procnode->uid, -1) < 0) {
>
> if (chown(unix_addr.sun_path, "web589", -1) < 0) {
>
> //#else
>
> //if (chown(unix_addr.sun_path, ap_unixd_config.user_id, -1) < 0) {
> 
>
> //#endif
>
> ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
>
>  "mod_fcgid: couldn't change owner of unix domain
> socket %s",
>
>  unix_addr.sun_path);
>
> close(unix_socket);
>
> return errno;
>
> }
>
> }
>
> ** **
>
> But the same:
>
> ** **
>
> srwx-- 1 wwwrun wwwrun 0 23. Feb 02:44 5690.2
>
> ** **
>
> (13)Permission denied: mod_fcgid: can't lock process table in pid
>
> ** **
>
> ** **
>
> *Von:* m...@unimx.de [mailto:m...@unimx.de]
> *Gesendet:* Samstag, 23. Februar 2013 02:33
> *An:* mod-fcgid-users@lists.sourceforge.net
> *Betreff:* Re: [Mod-fcgid-users] apache2-mpm-itk different php versions
> per user php.ini / mod_fcgid
>
> ** **
>
> Thanks, but it does not work:
>
> ** **
>
> srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6
>
> ** **
>
> error_log: (13)Permission denied: mod_fcgid: can't lock process table in
> pid****
>
> ** **
>
> patch and compile without error****
>
> ** **
>
> greets martin
>
> ** **
>
> *Von:* Josiah Purtlebaugh 
> [mailto:josiah.purtleba...@gmail.com]
>
> *Gesendet:* Freitag, 22. Februar 2013 21:08
> *An:* mod-fcgid-users@lists.sourceforge.net
> *Betreff:* Re: [Mod-fcgid-users] apache2-mpm-itk different php versions
> per user php.ini / mod_fcgid
>
> ** **
>
> No promises this will work as I am not a maintainer nor developer of
> mod_fcgid, but I have prepared a patch for you that should achieve the same
> effect. I'm not able to test compilation with mpm-itk (mainly because I'm
> not sure which package you're using), but it compiles cleanly without
> mpm-itk libraries installed.
>
> ** **
>
> Go ahead and give it a shot, I guess; make sure you compile this against
> an apache where MPM_ITK is defined and hopefully it will do what you desire.
> 
>
> ** **
>
> Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1
> < mpm-itk_mod-fcgid.patch
>
> ** **
>
> Josiah
>
> ** **
>
> On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de  wrote:
>
> Hello Group,
>
> the problem using ITK+mod_fcgid is the fcgid socket. the socket is
> owned by wwwuser (wwwrun / www-data) of apache.
> ITK set vhost to user1, so fcgid says:
>
> Permission denied: mod_fcgid: can't lock process table in pid
>
> socket dir:
>
> srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0
>
> The way using fcgi is, we have different php-versions and per user
> php.ini
> The way we use ITK is, we want to safe homedirs of all user not have
> to be readable by wwwrun (f.e. remember symlink problem)
>
> So we think, we must patch mod_fcgid (source
> http://httpd.apache.org/mod_fcgid/)
> May like modwsgi:
> http://code.google.com/p/modwsgi/issues/detail?id=187
>
> if (!geteuid()) {
> +#if defined(MPM_ITK)
> +if (chown(process->socket, process->uid, -1) < 0) {
> +#else
>if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
> +#endif
>ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
> wsgi_server,
> "mod_wsgi (pid=%d): Couldn't change owner of
> unix "
> "domain socket '%s'.", getpid(),
>
> Thus, set UNIX listener socket to be owned by the same user as daemon
> process runs as.
>
>
> Any ideas how to PATCH mod_fcgid ?
> mpm-itk with mod_fcgid would be more than great :)
>
>
> OR: Any way to user mpm-itk and different php-versions / per u

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread mrg

We test:

 

/* Correct the file owner */

 

if (!geteuid()) {

 

 

//#if defined(MPM_ITK)

//if (chown(unix_addr.sun_path, procnode->uid, -1) < 0) {

if (chown(unix_addr.sun_path, "web589", -1) < 0) {

//#else

//if (chown(unix_addr.sun_path, ap_unixd_config.user_id, -1) < 0) {

//#endif

ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,

 "mod_fcgid: couldn't change owner of unix domain
socket %s",

 unix_addr.sun_path);

close(unix_socket);

return errno;

}

}

 

But the same:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:44 5690.2

 

(13)Permission denied: mod_fcgid: can't lock process table in pid

 

 

Von: m...@unimx.de [mailto:m...@unimx.de] 
Gesendet: Samstag, 23. Februar 2013 02:33
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

Thanks, but it does not work:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6

 

error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid

 

patch and compile without error

 

greets martin

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
<mailto:mod-fcgid-users@lists.sourceforge.net> 
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

 

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

 

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 <
mpm-itk_mod-fcgid.patch

 

Josiah

 

On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de <mailto:m...@unimx.de>
mailto:m...@unimx.de> > wrote:

Hello Group,

the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:

Permission denied: mod_fcgid: can't lock process table in pid

socket dir:

srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0

The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)

So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187

if (!geteuid()) {
+#if defined(MPM_ITK)
+if (chown(process->socket, process->uid, -1) < 0) {
+#else
   if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
+#endif
   ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
"mod_wsgi (pid=%d): Couldn't change owner of
unix "
"domain socket '%s'.", getpid(),

Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.


Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)


OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?

Thanks
Martin



--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
<mailto:Mod-fcgid-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

 

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread Josiah Purtlebaugh

I'm sorry, I should have considered that an unprivileged user would be
unable to change ownership of an existing socket created with a different
uid. I'll have to consider further what additional changes might be
necessary.

Josiah
On Feb 22, 2013 5:34 PM,  wrote:

> Thanks, but it does not work:
>
> ** **
>
> srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6
>
> ** **
>
> error_log: (13)Permission denied: mod_fcgid: can't lock process table in
> pid
>
> ** **
>
> patch and compile without error
>
> ** **
>
> greets martin
>
> ** **
>
> *Von:* Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com]
> *Gesendet:* Freitag, 22. Februar 2013 21:08
> *An:* mod-fcgid-users@lists.sourceforge.net
> *Betreff:* Re: [Mod-fcgid-users] apache2-mpm-itk different php versions
> per user php.ini / mod_fcgid
>
> ** **
>
> No promises this will work as I am not a maintainer nor developer of
> mod_fcgid, but I have prepared a patch for you that should achieve the same
> effect. I'm not able to test compilation with mpm-itk (mainly because I'm
> not sure which package you're using), but it compiles cleanly without
> mpm-itk libraries installed.
>
> ** **
>
> Go ahead and give it a shot, I guess; make sure you compile this against
> an apache where MPM_ITK is defined and hopefully it will do what you desire.
> 
>
> ** **
>
> Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1
> < mpm-itk_mod-fcgid.patch
>
> ** **
>
> Josiah
>
> ** **
>
> On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de  wrote:
>
> Hello Group,
>
> the problem using ITK+mod_fcgid is the fcgid socket. the socket is
> owned by wwwuser (wwwrun / www-data) of apache.
> ITK set vhost to user1, so fcgid says:
>
> Permission denied: mod_fcgid: can't lock process table in pid
>
> socket dir:
>
> srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0
>
> The way using fcgi is, we have different php-versions and per user
> php.ini
> The way we use ITK is, we want to safe homedirs of all user not have
> to be readable by wwwrun (f.e. remember symlink problem)
>
> So we think, we must patch mod_fcgid (source
> http://httpd.apache.org/mod_fcgid/)
> May like modwsgi:
> http://code.google.com/p/modwsgi/issues/detail?id=187
>
> if (!geteuid()) {
> +#if defined(MPM_ITK)
> +if (chown(process->socket, process->uid, -1) < 0) {
> +#else
>if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
> +#endif
>ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
> wsgi_server,
> "mod_wsgi (pid=%d): Couldn't change owner of
> unix "
> "domain socket '%s'.", getpid(),
>
> Thus, set UNIX listener socket to be owned by the same user as daemon
> process runs as.
>
>
> Any ideas how to PATCH mod_fcgid ?
> mpm-itk with mod_fcgid would be more than great :)
>
>
> OR: Any way to user mpm-itk and different php-versions / per user
> php.ini ?
>
> Thanks
> Martin
>
>
>
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> ___
> Mod-fcgid-users mailing list
> Mod-fcgid-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
>
> ** **
>
>
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> ___
> Mod-fcgid-users mailing list
> Mod-fcgid-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
>
>
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread mrg

Thanks, but it does not work:

 

srwx-- 1 wwwrun wwwrun 0 23. Feb 02:26 10055.6

 

error_log: (13)Permission denied: mod_fcgid: can't lock process table in pid

 

patch and compile without error

 

greets martin

 

Von: Josiah Purtlebaugh [mailto:josiah.purtleba...@gmail.com] 
Gesendet: Freitag, 22. Februar 2013 21:08
An: mod-fcgid-users@lists.sourceforge.net
Betreff: Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per
user php.ini / mod_fcgid

 

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

 

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

 

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 <
mpm-itk_mod-fcgid.patch

 

Josiah

 

On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de <mailto:m...@unimx.de>
mailto:m...@unimx.de> > wrote:

Hello Group,

the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:

Permission denied: mod_fcgid: can't lock process table in pid

socket dir:

srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0

The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)

So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187

if (!geteuid()) {
+#if defined(MPM_ITK)
+if (chown(process->socket, process->uid, -1) < 0) {
+#else
   if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
+#endif
   ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
"mod_wsgi (pid=%d): Couldn't change owner of
unix "
"domain socket '%s'.", getpid(),

Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.


Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)


OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?

Thanks
Martin



--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
<mailto:Mod-fcgid-users@lists.sourceforge.net> 
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

 

--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

2013-02-22 Thread Josiah Purtlebaugh

No promises this will work as I am not a maintainer nor developer of
mod_fcgid, but I have prepared a patch for you that should achieve the same
effect. I'm not able to test compilation with mpm-itk (mainly because I'm
not sure which package you're using), but it compiles cleanly without
mpm-itk libraries installed.

Go ahead and give it a shot, I guess; make sure you compile this against an
apache where MPM_ITK is defined and hopefully it will do what you desire.

Apply the patch from the mod_fcgid/modules/fcgid directory with patch -p1 <
mpm-itk_mod-fcgid.patch

Josiah


On Thu, Feb 21, 2013 at 7:45 AM, m...@unimx.de  wrote:

> Hello Group,
>
> the problem using ITK+mod_fcgid is the fcgid socket. the socket is
> owned by wwwuser (wwwrun / www-data) of apache.
> ITK set vhost to user1, so fcgid says:
>
> Permission denied: mod_fcgid: can't lock process table in pid
>
> socket dir:
>
> srwx-- 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
> srwx-- 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0
>
> The way using fcgi is, we have different php-versions and per user
> php.ini
> The way we use ITK is, we want to safe homedirs of all user not have
> to be readable by wwwrun (f.e. remember symlink problem)
>
> So we think, we must patch mod_fcgid (source
> http://httpd.apache.org/mod_fcgid/)
> May like modwsgi:
> http://code.google.com/p/modwsgi/issues/detail?id=187
>
> if (!geteuid()) {
> +#if defined(MPM_ITK)
> +if (chown(process->socket, process->uid, -1) < 0) {
> +#else
>if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
> +#endif
>ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
> wsgi_server,
> "mod_wsgi (pid=%d): Couldn't change owner of
> unix "
> "domain socket '%s'.", getpid(),
>
> Thus, set UNIX listener socket to be owned by the same user as daemon
> process runs as.
>
>
> Any ideas how to PATCH mod_fcgid ?
> mpm-itk with mod_fcgid would be more than great :)
>
>
> OR: Any way to user mpm-itk and different php-versions / per user
> php.ini ?
>
> Thanks
> Martin
>
>
>
> --
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> ___
> Mod-fcgid-users mailing list
> Mod-fcgid-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users
>


mpm-itk_mod-fcgid.patch
Description: Binary data
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb___
Mod-fcgid-users mailing list
Mod-fcgid-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-fcgid-users

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

Re: [Mod-fcgid-users] apache2-mpm-itk different php versions per user php.ini / mod_fcgid

6 matches

Site Navigation

Mail list logo

Footer information