[FASTCGI] Trying to use FastCGI to run PHP as UID of file owner

Henry C. henka at cityweb.co.za
Thu May 5 07:36:40 EDT 2011


Hi there,

PHP:  5.3.3
Apache: 2.2.17
mod_fastcgi: 2.4.6

I'm trying out FastCGI for the first time, so please forgive my ignorance.

Basically, I'm trying to use FastCGI to run PHP scripts as the UID/owner of
the script itself, not the default apache 'nobody'/etc.

I must be missing a few things because I'm running into a few problems and
would appreciate *any* pointers.

Here's my apache config for a virtual host:

<VirtualHost ...>
 <IfModule mod_fastcgi.c>
  FastCgiServer /www/virtual/abc.com/cgi-bin/php
  AddHandler php-fastcgi .php
  SetHandler fastcgi-script
  Action php-fastcgi /cgi-bin/php
  AddType application/x-httpd-php .php
  <Directory /www/virtual/abc.com/htdocs>
      Options +ExecCGI
  </Directory>
 </IfModule>
 php_flag engine off
 Options +IncludesNOEXEC -Indexes +FollowSymLinks
 ServerAdmin webmaster at abc.com
 DocumentRoot /www/virtual/abc.com/htdocs/index.html  # or without index.html
 php_admin_value open_basedir /www/virtual/abc.com/htdocs:/tmp
 php_admin_value display_errors on
 ServerName www.abc.com
 ServerAlias abc.com
 ErrorLog /www/virtual/abc.com/logs/error_log
 TransferLog /www/virtual/abc.com/logs/access_log
 ScriptAlias /cgi-bin/ /www/virtual/abc.com/cgi-bin/
</VirtualHost>

/cgi-bin/php file:
------------------
#!/bin/sh

PHPRC="/usr/local/php5/lib"
export PHPRC
PHP_FCGI_CHILDREN=4
export PHP_FCGI_CHILDREN
exec /usr/local/php5/bin/php

/cgi-bin/php is +x (executable) owned by root.

Test PHP script: /htdocs/1.php is owned by UID/GID 20964:2374 (ie, not the
apache user).  Perms are 775 (-rwxrwxr-x).

If I browse to abc.com/1.php it hangs for 30s, producing this error in the logs:

FastCGI: comm with (dynamic) server "/www/virtual/abc.com/htdocs/1.php"
aborted: (first read) idle timeout (30 sec)
FastCGI: incomplete headers (0 bytes) received from server
"/www/virtual/abc.com/htdocs/1.php"

It's almost as if /cgi-bin/php is not being fed the 1.php file and it's
waiting for input from stdin (which is what the php CLI binary does if you run
it without args).  It then times out waiting for input, producing the error
above.

I've configured/compiled PHP 5.3.3 with/without '--with-fastcgi' (even though
./configure --help does not show --with-fastcgi as being available).

I used 'top_dir = /.../apache/httpd-2.2.17' in the Makefile for
mod_fastcgi-2.4.6.  Your site talks about a php binary version which talks the
FastCGI protocol, so I'm not sure whether my PHP binary is compiled correctly
to work with FastCGI (the binary produced appears to be the same with/without
'--with-fastcgi, so this might be a factor).

Also, since this setup is intended for a customer, and they only have FTP
access to update their site, with CHMOD disabled, is there any way to do this
without having to make the PHP script executable?  If I turn off the
executable bit, then I get the "execute not allowed" (for uid 99, gid 99, ie,
the apache user) error which I suppose is expected.

A side-effect of all this is that I cannot even browse to an HTML file
(index.html) - it produces the error:

FastCGI: invalid (dynamic) server "/www/virtual/abc.com/htdocs/index.html":
access for server (uid 99, gid 99) not allowed: execute not allowed

Or it tries to execute the htdocs/ directory if I leave out the index.html for
DocumentRoot:

FastCGI: invalid (dynamic) server "/www/virtual/abc.com/htdocs/": script is a
directory!

I hope I've made sense in the above.  Any assistance/pointers would be
appreciated.  btw, it's a pity this mailing list is not open to google, else
I'd be able to search it for suggestions...

regards
Henry



More information about the FastCGI-developers mailing list