[FASTCGI] FastCGI app with unique uid:gid

Donovan Brooke lists at euca.us
Fri Jun 4 15:12:38 EDT 2010


Matthew Weigel wrote:
> On Tue, 01 Jun 2010 14:06:45 -0500, Donovan Brooke <lists at euca.us> wrote:
> 
>> So, finally I come to the question:
>>
>> What's the best way to get my WebDNA.fcgi app to run as user:group
>> fastcgitest:fastcgitest?
> 
> Take a look at mod_proxy_fcgi
> (http://httpd.apache.org/docs/trunk/en/mod/mod_proxy_fcgi.html) and
> fcgistarter
> (http://httpd.apache.org/docs/trunk/en/programs/fcgistarter.html) to start
> up your FastCGI application separately (and as a separate user:group), and
> have Apache talk to it.  In particular, in your Apache start/stop scripts,
> you'll want to run something like:
>    su -l fastcgitest -c "fcgistarter -c /path/to/WebDNA.fcgi -p 9999 -i lo
> -N 1"
> and then kill that process in the shutdown.
> 
>> btw, I posted this question to the apache users group, and I received:
>> http://www.itech7.com/Linux/Apache2-PHP-FastCGI-SuExec back from
>> the site owner... looking at that now.
> 
> I would recommend the approach I outline above instead to more stringently
> separate the privileges required to perform the separate tasks of 1-
> running a web service and 2- running an application that happens to make
> itself available through the web service.


Matthew,

Thanks!, I will study this and let the list know it goes.

I was able to get mod_suexec to work, but since I'll be writing the
INSTALL.txt for this thing, I will be looking for 1.) options, and 2.)
the best option.


Donovan


-- 
D Brooke


More information about the FastCGI-developers mailing list