Hello again, maybe my previous mail was to verbose, or maybe simply nobody has an idea. Still I'd like to give it a second try:
Do you have a good idea why php-cgi7.0 throws the following error when used with mod_fcgid, mod_usermod and mod_suexec? uid: (1002/webapp1) gid: (1002/webapp1) cmd: php-fcgi-starter cannot get docroot information (/var/www/webapp1) $ ls -al /var/www/webapp1 drwxr-xr-x 9 root root 4096 Jun 29 2014 . drwxr-x--- 2 webapp1 webapp1 4096 Nov 7 15:14 php-fcgi drwxr-x--- 2 webapp1 webapp1 4096 Apr 11 2015 www [...] The same setup works perfectly fine without mod_usermod (i.e. when the whole VHost has a dedicated suexec user). Only with mod_usermod, we get this strange error. Cheers, jonas Am 15.04.2018 um 12:26 schrieb Jonas Meurer: > Hello list, > > I try to make web applications available in subfolders of one > VirtualHost, but each one in an isolated user context. All web apps are > PHP applications and I use mod_fcgid to run them. > > Unfortunately, SuexecUserGroup is not not allowed in Directory context, > which would be by far the simples solution. > > So to achieve my goal, I tried (and failed with) two different approaches: > > 1. Using mod_userdir together with mod_suexec > 2. ProxyPass to separate localhost vhosts for each app > > Since the first approach seems much cleaner and more straight forward to > me, I'd prefer that one. > > Maybe you have other suggestions on how to achieve my goal? > > --- > > Now to the problem I ran into with my first approach: > > I have UserDir enabled for system user 'webapp1' and the UserDir path > set to '/var/www/*/www' (see the VirtualHost config below). This works > as expected, I can access static content from within the UserDir. > > Additionally, I have fcgid configured for the UserDir and apparently the > php scripts are executed using suexec and php-cgi7.0. A suexec process > is spawned by user 'webapp1' when requesting a php file, but it > immediately turns into 'suexec <defunct>' (a zombie process). > > In the apache2 error log shows: > > uid: (1002/webapp1) gid: (1002/webapp1) cmd: php-fcgi-starter > cannot get docroot information (/var/www/webapp1) > > And the apache2 suexec log: > > [fcgid:warn] [pid 30884:tid 140484201527040] (104)Connection reset by > peer: [client 192.168.0.1:31937] mod_fcgid: error reading data from > FastCGI server > [core:error] [pid 30884:tid 140484201527040] [client 192.168.0.1:31937] > End of script output before headers: index.php > > > I double checked that all files under /var/www/webapp1 belong to > user+group 'webapp1' and that they're accessible. I even recursively set > world-readable permissions on the directory, which didn't change anything. > > Do you have a good idea on why running php-cgi7.0 through fcgi with > suexec and userdir results in this suexec error 'cannot get docroot > information'? > > Any hints and suggestions would be highly appreciated :) > > The VirtualHost config (my current take) is as follows: > > <VirtualHost *:443> > [...] > Userdir disabled > Userdir enabled webapp1 > UserDir /var/www/*/www > > <IfModule fcgid_module> > <Directory /var/www/webapp1/www> > AddHandler fcgid-script .php > FCGIWrapper /var/www/webapp1/php-fcgi/php-fcgi-starter .php > Options +ExecCGI > </Directory> > > IPCConnectTimeout 20 > IPCCommTimeout 60 > FcgidBusyTimeout 60 > MaxRequestLen 10485760 > </IfModule> > </VirtualHost> > > > Looking forward to your responses. > > Kind regards, > jonas >
signature.asc
Description: OpenPGP digital signature