[FASTCGI] Trying to use FastCGI to run PHP as UID of file owner
henka at cityweb.co.za
Thu May 5 07:36:40 EDT 2011
I'm trying out FastCGI for the first time, so please forgive my ignorance.
Basically, I'm trying to use FastCGI to run PHP scripts as the UID/owner of
the script itself, not the default apache 'nobody'/etc.
I must be missing a few things because I'm running into a few problems and
would appreciate *any* pointers.
Here's my apache config for a virtual host:
AddHandler php-fastcgi .php
Action php-fastcgi /cgi-bin/php
AddType application/x-httpd-php .php
php_flag engine off
Options +IncludesNOEXEC -Indexes +FollowSymLinks
ServerAdmin webmaster at abc.com
DocumentRoot /www/virtual/abc.com/htdocs/index.html # or without index.html
php_admin_value open_basedir /www/virtual/abc.com/htdocs:/tmp
php_admin_value display_errors on
ScriptAlias /cgi-bin/ /www/virtual/abc.com/cgi-bin/
/cgi-bin/php is +x (executable) owned by root.
Test PHP script: /htdocs/1.php is owned by UID/GID 20964:2374 (ie, not the
apache user). Perms are 775 (-rwxrwxr-x).
If I browse to abc.com/1.php it hangs for 30s, producing this error in the logs:
FastCGI: comm with (dynamic) server "/www/virtual/abc.com/htdocs/1.php"
aborted: (first read) idle timeout (30 sec)
FastCGI: incomplete headers (0 bytes) received from server
It's almost as if /cgi-bin/php is not being fed the 1.php file and it's
waiting for input from stdin (which is what the php CLI binary does if you run
it without args). It then times out waiting for input, producing the error
I've configured/compiled PHP 5.3.3 with/without '--with-fastcgi' (even though
./configure --help does not show --with-fastcgi as being available).
I used 'top_dir = /.../apache/httpd-2.2.17' in the Makefile for
mod_fastcgi-2.4.6. Your site talks about a php binary version which talks the
FastCGI protocol, so I'm not sure whether my PHP binary is compiled correctly
to work with FastCGI (the binary produced appears to be the same with/without
'--with-fastcgi, so this might be a factor).
Also, since this setup is intended for a customer, and they only have FTP
access to update their site, with CHMOD disabled, is there any way to do this
without having to make the PHP script executable? If I turn off the
executable bit, then I get the "execute not allowed" (for uid 99, gid 99, ie,
the apache user) error which I suppose is expected.
A side-effect of all this is that I cannot even browse to an HTML file
(index.html) - it produces the error:
FastCGI: invalid (dynamic) server "/www/virtual/abc.com/htdocs/index.html":
access for server (uid 99, gid 99) not allowed: execute not allowed
Or it tries to execute the htdocs/ directory if I leave out the index.html for
FastCGI: invalid (dynamic) server "/www/virtual/abc.com/htdocs/": script is a
I hope I've made sense in the above. Any assistance/pointers would be
appreciated. btw, it's a pity this mailing list is not open to google, else
I'd be able to search it for suggestions...
More information about the FastCGI-developers