[FASTCGI] FastCGI app with unique uid:gid

Matthew Weigel unique at idempot.net
Tue Jun 1 16:02:46 EDT 2010


On Tue, 01 Jun 2010 14:06:45 -0500, Donovan Brooke <lists at euca.us> wrote:

> So, finally I come to the question:
> 
> What's the best way to get my WebDNA.fcgi app to run as user:group
> fastcgitest:fastcgitest?

Take a look at mod_proxy_fcgi
(http://httpd.apache.org/docs/trunk/en/mod/mod_proxy_fcgi.html) and
fcgistarter
(http://httpd.apache.org/docs/trunk/en/programs/fcgistarter.html) to start
up your FastCGI application separately (and as a separate user:group), and
have Apache talk to it.  In particular, in your Apache start/stop scripts,
you'll want to run something like:
   su -l fastcgitest -c "fcgistarter -c /path/to/WebDNA.fcgi -p 9999 -i lo
-N 1"
and then kill that process in the shutdown.

> btw, I posted this question to the apache users group, and I received:
> http://www.itech7.com/Linux/Apache2-PHP-FastCGI-SuExec back from
> the site owner... looking at that now.

I would recommend the approach I outline above instead to more stringently
separate the privileges required to perform the separate tasks of 1-
running a web service and 2- running an application that happens to make
itself available through the web service.
-- 
 Matthew Weigel
 hacker
 unique & idempot . ent



More information about the FastCGI-developers mailing list