Forum
  1. Forums
  2. CloudLinux and Control Panels
  3. CloudLinux and Other Control Panels
  1. Nikolai Bochev
  2. Wednesday, October 31, 2012
  3.  Subscribe via email
Problems with suexec
Rate this post:
  1. 31.10.2012 03:10:44
  2. # 1
Nikolai Bochev Accepted Answer
Posts: 2
Joined: 31.10.2012
0
Votes
Undo
Hello,

I am currently evaluating CloudLinux as a replacement of our Ubuntu shared hosting platform. So far everything is running smoothly, except one thing :

I am using ISPConfig 3 with Apache2 + fcgid and i want to use cagefs. Everything is ok if i don't use SuExec, but if i do, i am getting internal server error :



[2012-10-31 09:35:02]: command not in docroot (//.php-fcgi-starter)



[2012-10-31 09:40:02]: uid: (5004/web1) gid: (5005/client1) cmd: .php-fcgi-starter



[2012-10-31 09:40:02]: command not in docroot (//.php-fcgi-starter)


Here are some config snippets :

mod_fcgid :



# This is the Apache server configuration file for providing FastCGI support



# through mod_fcgid



#



# Documentation is available at



# http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html





LoadModule fcgid_module modules/mod_fcgid.so





# Use FastCGI to process .fcg .fcgi & .fpl scripts



AddHandler fcgid-script fcg fcgi fpl





# Sane place to put sockets and shared memory file



FcgidIPCDir /var/run/mod_fcgid



FcgidProcessTableFile /var/run/mod_fcgid/fcgid_shm





PHP_Fix_Pathinfo_Enable 1



DirectoryIndex index.php


Virtual Host in question :









    AllowOverride None



    Order Deny,Allow



    Deny from all













      DocumentRoot /var/www/bgserivce1.net/web





    ServerName bgserivce1.net



    ServerAlias www.bgserivce1.net



    ServerAdmin [email protected]





    ErrorLog /var/log/ispconfig/httpd/bgserivce1.net/error.log





    Alias /error/ "/var/www/bgserivce1.net/web/error/"



    ErrorDocument 400 /error/400.html



    ErrorDocument 401 /error/401.html



    ErrorDocument 403 /error/403.html



    ErrorDocument 404 /error/404.html



    ErrorDocument 405 /error/405.html



    ErrorDocument 500 /error/500.html



    ErrorDocument 502 /error/502.html



    ErrorDocument 503 /error/503.html





   



   






   



        Options FollowSymLinks



        AllowOverride All



        Order allow,deny



        Allow from all



   




   



        Options FollowSymLinks



        AllowOverride All



        Order allow,deny



        Allow from all



   










    # suexec enabled



   



      SuexecUserGroup web1 client1



   




    # Clear PHP settings of this website



   



        SetHandler None



   




    # php as fast-cgi enabled



# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html



   



        FcgidIdleTimeout 300



        FcgidProcessLifeTime 3600



        # FcgidMaxProcesses 1000



        FcgidMinProcessesPerClass 0



        FcgidMaxProcessesPerClass 100



        FcgidConnectTimeout 3



        FcgidIOTimeout 360



        FcgidBusyTimeout 300



FcgidMaxRequestLen 1073741824



   




   



        AddHandler fcgid-script .php .php3 .php4 .php5



        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php



        Options +ExecCGI



        AllowOverride All



        Order allow,deny



        Allow from all



   




   



        AddHandler fcgid-script .php .php3 .php4 .php5



        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php



        Options +ExecCGI



        AllowOverride All



        Order allow,deny



        Allow from all



   








    # add support for apache mpm_itk



   



      AssignUserId web1 client1



   






   



 # Do not execute PHP files in webdav directory



     



   



          SetHandler None



       




     




      DavLockDB /var/www/clients/client1/web1/tmp/DavLock



      # DO NOT REMOVE THE COMMENTS!



      # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!



      # WEBDAV BEGIN



      # WEBDAV END



   











The contents of /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php :



#!/bin/sh



PHPRC="/etc/"



export PHPRC



PHP_DOCUMENT_ROOT="/var/www/clients/client1/web1"



export PHP_DOCUMENT_ROOT



# The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache 



# mod_fcgi will control the number of childs themself and never use the additional processes.



# PHP_FCGI_CHILDREN=8



# export PHP_FCGI_CHILDREN



PHP_FCGI_MAX_REQUESTS=5000



export PHP_FCGI_MAX_REQUESTS



exec /usr/bin/php-cgi \



 -d open_basedir="/var/www/clients/client1/web1/web:/var/www/clients/client1/web1/tmp:/var/www/bgserivce1.net/web:/srv/www/bgserivce1.net/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/share/php" \



-d upload_tmp_dir=/var/www/clients/client1/web1/tmp \



-d session.save_path=/var/www/clients/client1/web1/tmp \


If i remove the "SuExec" directive it all works fine, but everything is done with the apache:apache user:group. If i turn off cagefs, it all works fine with and without suexec.

From the documentation also didn't became clear if i need to cagefsctl --addrpm httpd or not, but if i do it also copies all the websites.

Any help or advice ?

Regards
  1. 31.10.2012 05:10:18
  2. # 2
Nikolai Bochev Accepted Answer
Posts: 2
Joined: 31.10.2012
0
Votes
Undo
Ok i managed to figure it out.
I had to add /var/www/php-fcgi-scripts/ into cagefs.mp . Then i had to modify the website symlink creation function in ispconfig to create a symlink to the website in /usr/share/cagefs/var/www/[website_domain] as it is where the httpd is configured to look for them. It all works now, without the need to cagefsctl --add-rpm httpd.
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!
Guest
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,zip,rar,pdf
• Remove Upload Files (Maximum File Size: 2 MB)
You may insert polls into your post. The poll would then appear in the post.
Vote Options
Captcha
To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.