[users@httpd] Re: mod_suexec with mod_userdir and fcgid (webapps in subdirs with separated user context)
maybe my previous mail was to verbose, or maybe simply nobody has an
idea. Still I'd like to give it a second try:
Do you have a good idea why php-cgi7.0 throws the following error when
used with mod_fcgid, mod_usermod and mod_suexec?
uid: (1002/webapp1) gid: (1002/webapp1) cmd: php-fcgi-starter cannot get
docroot information (/var/www/webapp1)
$ ls -al /var/www/webapp1
drwxr-xr-x 9 root root 4096 Jun 29 2014 .
drwxr-x--- 2 webapp1 webapp1 4096 Nov 7 15:14 php-fcgi
drwxr-x--- 2 webapp1 webapp1 4096 Apr 11 2015 www
The same setup works perfectly fine without mod_usermod (i.e. when the
whole VHost has a dedicated suexec user). Only with mod_usermod, we get
this strange error.
Am 15.04.2018 um 12:26 schrieb Jonas Meurer:
> Hello list,
> I try to make web applications available in subfolders of one
> VirtualHost, but each one in an isolated user context. All web apps are
> PHP applications and I use mod_fcgid to run them.
> Unfortunately, SuexecUserGroup is not not allowed in Directory context,
> which would be by far the simples solution.
> So to achieve my goal, I tried (and failed with) two different approaches:
> 1. Using mod_userdir together with mod_suexec
> 2. ProxyPass to separate localhost vhosts for each app
> Since the first approach seems much cleaner and more straight forward to
> me, I'd prefer that one.
> Maybe you have other suggestions on how to achieve my goal?
> Now to the problem I ran into with my first approach:
> I have UserDir enabled for system user 'webapp1' and the UserDir path
> set to '/var/www/*/www' (see the VirtualHost config below). This works
> as expected, I can access static content from within the UserDir.
> Additionally, I have fcgid configured for the UserDir and apparently the
> php scripts are executed using suexec and php-cgi7.0. A suexec process
> is spawned by user 'webapp1' when requesting a php file, but it
> immediately turns into 'suexec <defunct>' (a zombie process).
> In the apache2 error log shows:
> uid: (1002/webapp1) gid: (1002/webapp1) cmd: php-fcgi-starter
> cannot get docroot information (/var/www/webapp1)
> And the apache2 suexec log:
> [fcgid:warn] [pid 30884:tid 140484201527040] (104)Connection reset by
> peer: [client 192.168.0.1:31937] mod_fcgid: error reading data from
> FastCGI server
> [core:error] [pid 30884:tid 140484201527040] [client 192.168.0.1:31937]
> End of script output before headers: index.php
> I double checked that all files under /var/www/webapp1 belong to
> user+group 'webapp1' and that they're accessible. I even recursively set
> world-readable permissions on the directory, which didn't change anything.
> Do you have a good idea on why running php-cgi7.0 through fcgi with
> suexec and userdir results in this suexec error 'cannot get docroot
> Any hints and suggestions would be highly appreciated :)
> The VirtualHost config (my current take) is as follows:
> <VirtualHost *:443>
> Userdir disabled
> Userdir enabled webapp1
> UserDir /var/www/*/www
> <IfModule fcgid_module>
> <Directory /var/www/webapp1/www>
> AddHandler fcgid-script .php
> FCGIWrapper /var/www/webapp1/php-fcgi/php-fcgi-starter .php
> Options +ExecCGI
> IPCConnectTimeout 20
> IPCCommTimeout 60
> FcgidBusyTimeout 60
> MaxRequestLen 10485760
> Looking forward to your responses.
> Kind regards,
Description: OpenPGP digital signature