[FASTCGI] Trying to use FastCGI to run PHP as UID of file owner

David Birnbaum davidb at chelsea.net
Thu May 5 09:31:14 EDT 2011


You appear to be missing the User/Group Apache directives.  Also, the 
php_ directives won't work if you're running the PHP binary from Apache 
directly, I don't think (as opposed to mod_php).  Finally, are you 
running the php-cgi binary (instead of the php binary?)  There's two 
different ones now.



On 5/5/11 7:36 AM, Henry C. wrote:
> Hi there,
> PHP:  5.3.3
> Apache: 2.2.17
> mod_fastcgi: 2.4.6
> I'm trying out FastCGI for the first time, so please forgive my ignorance.
> Basically, I'm trying to use FastCGI to run PHP scripts as the UID/owner of
> the script itself, not the default apache 'nobody'/etc.
> I must be missing a few things because I'm running into a few problems and
> would appreciate *any* pointers.
> Here's my apache config for a virtual host:
> <VirtualHost ...>
>   <IfModule mod_fastcgi.c>
>    FastCgiServer /www/virtual/abc.com/cgi-bin/php
>    AddHandler php-fastcgi .php
>    SetHandler fastcgi-script
>    Action php-fastcgi /cgi-bin/php
>    AddType application/x-httpd-php .php
>    <Directory /www/virtual/abc.com/htdocs>
>        Options +ExecCGI
>    </Directory>
>   </IfModule>
>   php_flag engine off
>   Options +IncludesNOEXEC -Indexes +FollowSymLinks
>   ServerAdmin webmaster at abc.com
>   DocumentRoot /www/virtual/abc.com/htdocs/index.html  # or without index.html
>   php_admin_value open_basedir /www/virtual/abc.com/htdocs:/tmp
>   php_admin_value display_errors on
>   ServerName www.abc.com
>   ServerAlias abc.com
>   ErrorLog /www/virtual/abc.com/logs/error_log
>   TransferLog /www/virtual/abc.com/logs/access_log
>   ScriptAlias /cgi-bin/ /www/virtual/abc.com/cgi-bin/
> </VirtualHost>
> /cgi-bin/php file:
> ------------------
> #!/bin/sh
> PHPRC="/usr/local/php5/lib"
> export PHPRC
> exec /usr/local/php5/bin/php
> /cgi-bin/php is +x (executable) owned by root.
> Test PHP script: /htdocs/1.php is owned by UID/GID 20964:2374 (ie, not the
> apache user).  Perms are 775 (-rwxrwxr-x).
> If I browse to abc.com/1.php it hangs for 30s, producing this error in the logs:
> FastCGI: comm with (dynamic) server "/www/virtual/abc.com/htdocs/1.php"
> aborted: (first read) idle timeout (30 sec)
> FastCGI: incomplete headers (0 bytes) received from server
> "/www/virtual/abc.com/htdocs/1.php"
> It's almost as if /cgi-bin/php is not being fed the 1.php file and it's
> waiting for input from stdin (which is what the php CLI binary does if you run
> it without args).  It then times out waiting for input, producing the error
> above.
> I've configured/compiled PHP 5.3.3 with/without '--with-fastcgi' (even though
> ./configure --help does not show --with-fastcgi as being available).
> I used 'top_dir = /.../apache/httpd-2.2.17' in the Makefile for
> mod_fastcgi-2.4.6.  Your site talks about a php binary version which talks the
> FastCGI protocol, so I'm not sure whether my PHP binary is compiled correctly
> to work with FastCGI (the binary produced appears to be the same with/without
> '--with-fastcgi, so this might be a factor).
> Also, since this setup is intended for a customer, and they only have FTP
> access to update their site, with CHMOD disabled, is there any way to do this
> without having to make the PHP script executable?  If I turn off the
> executable bit, then I get the "execute not allowed" (for uid 99, gid 99, ie,
> the apache user) error which I suppose is expected.
> A side-effect of all this is that I cannot even browse to an HTML file
> (index.html) - it produces the error:
> FastCGI: invalid (dynamic) server "/www/virtual/abc.com/htdocs/index.html":
> access for server (uid 99, gid 99) not allowed: execute not allowed
> Or it tries to execute the htdocs/ directory if I leave out the index.html for
> DocumentRoot:
> FastCGI: invalid (dynamic) server "/www/virtual/abc.com/htdocs/": script is a
> directory!
> I hope I've made sense in the above.  Any assistance/pointers would be
> appreciated.  btw, it's a pity this mailing list is not open to google, else
> I'd be able to search it for suggestions...
> regards
> Henry
> _______________________________________________
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers

More information about the FastCGI-developers mailing list