APACHE + PHP + SUEXEC

Hi !

I`m new to this list.

I`m suffering to put PHP work with SUEXEC.

I use FreeBSD and the ports system. I`ve compiled Apache with Suexec
and Php in cli and cgi modes.

I add the line into httpd.conf

AddHandler cgi-script .php .phps .php3 .phtml

Removed the php4_module from the LoadModule list.

My httpd -V output

Server version: Apache/2.0.59
Server built: Aug 31 2007 16:26:42
Server's Module Magic Number: 20020903:12
Server loaded: APR 0.9.12, APR-UTIL 0.9.12
Compiled using: APR 0.9.12, APR-UTIL 0.9.12
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_FLOCK_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local"
-D SUEXEC_BIN="/usr/local/sbin/suexec"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="/var/run/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="/var/log/httpd-error.log"
-D AP_TYPES_CONFIG_FILE="etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="etc/apache2/httpd.conf"

PHP configure options:

[root@srv-pg-01 /usr/local/etc/apache2]# php -i | grep cgi
Configure Command => './configure' '--enable-versioning' '--enable-
memory-limit' '--with-layout=GNU' '--with-config-file-scan-dir=/usr/
local/etc/php' '--disable-all' '--program-prefix=' '--enable-fastcgi'
'--with-regex=php' '--with-zlib=/usr' '--disable-ipv6' '--prefix=/usr/
local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'

My problem is that suexec isn`t processing php files. It returns the
error:

[2007-09-03 10:26:45]: uid: (1008/10500) gid: (1010/1010) cmd:
index.php
[2007-09-03 10:26:45]: (8)Exec format error: exec failed (index.php)

Please I need a help with this. I`ve read almost everything I found on
the web.

Re: APACHE + PHP + SUEXEC

"Bsd Meister" schreef in bericht
news:1188827354.806827.14300@r34g2000hsd.googlegroups.com...
> I`m suffering to put PHP work with SUEXEC.
> I use FreeBSD and the ports system. I`ve compiled Apache with Suexec
> and Php in cli and cgi modes.
> I add the line into httpd.conf
> AddHandler cgi-script .php .phps .php3 .phtml
> Removed the php4_module from the LoadModule list.
In short to run scripts under suexec you're moving away from mod_php to pure
CGI and need to fork an interpreter.

> My problem is that suexec isn`t processing php files. It returns the
> error:
>
> [2007-09-03 10:26:45]: uid: (1008/10500) gid: (1010/1010) cmd:
> index.php
> [2007-09-03 10:26:45]: (8)Exec format error: exec failed (index.php)
>
> Please I need a help with this. I`ve read almost everything I found on
> the web.

In CGI-mode -with or without suexec- any script needs a special formatted
first line:
#!/path to /program that executed the script
like
/usr/share/php4 (path may differ on your system )

If your .php files have html mixed with php-code, serius trouble lies ahead
.....

HansH

Re: APACHE + PHP + SUEXEC

On 3 set, 14:46, "HansH" wrote:
> "Bsd Meister" schreef in berichtnews:1188827354.806827.14300@r34g2000hsd.googlegroups .com...> I`m suffering to put PHP work with SUEXEC.
> > I use FreeBSD and the ports system. I`ve compiled Apache with Suexec
> > and Php in cli and cgi modes.
> > I add the line into httpd.conf
> > AddHandler cgi-script .php .phps .php3 .phtml
> > Removed the php4_module from the LoadModule list.
>
> In short to run scripts under suexec you're moving away from mod_php to pure
> CGI and need to fork an interpreter.
>
> > My problem is that suexec isn`t processing php files. It returns the
> > error:
>
> > [2007-09-03 10:26:45]: uid: (1008/10500) gid: (1010/1010) cmd:
> > index.php
> > [2007-09-03 10:26:45]: (8)Exec format error: exec failed (index.php)
>
> > Please I need a help with this. I`ve read almost everything I found on
> > the web.
>
> In CGI-mode -with or without suexec- any script needs a special formatted
> first line:
> #!/path to /program that executed the script
> like
> /usr/share/php4 (path may differ on your system )
>
> If your .php files have html mixed with php-code, serius trouble lies ahead
> ....
>
> HansH

Thank`s HansH.

Well, in fact I wouldn`t like to use php-cgi instead of the module.
But I`m having serious problems with my VHosts users. As usual php
uses the apache user to write and work with filesystem.
And in some cases it needs 777 permission because the ftp user is
different then the apache user to write.
So I need something that assures that a user script can`t make
interference in the other folders even with 777 permission.
Suexec is good on this, because I can put a SuexecUserGroup on each
VHost.

My idea was to put php-cgi (or fastcgi) with suexec and use my ftp
uids and gids on each vhost to assure that their scrips can just
interfer on their folders. So I could finish with 777 folders and
files and have a more secure environment. These is a shared hosting, I
have also vps, but it`s too expensive to put each user on it`s own
jail or vps.

Thanks.

Bsd Meister

Re: APACHE + PHP + SUEXEC

"Bsd Meister" schreef in bericht
news:1188860703.348105.146670@57g2000hsv.googlegroups.com...
> On 3 set, 14:46, "HansH" wrote:
>> In CGI-mode -with or without suexec- any script needs a special formatted
>> first line:
>> #!/path to /program that executed the script
>> like
>> /usr/share/php4 (path may differ on your system )
>>
>> If your .php files have html mixed with php-code, serius trouble lies
>> ahead
>>
> Well, in fact I wouldn`t like to use php-cgi instead of the module.
> But I`m having serious problems with my VHosts users. As usual php
> uses the apache user to write and work with filesystem.
Have a peek at http://www.suphp.org/Home.html ...

HansH

Re: APACHE + PHP + SUEXEC

Bsd Meister wrote:
>
> Well, in fact I wouldn`t like to use php-cgi instead of the module.
> But I`m having serious problems with my VHosts users. As usual php
> uses the apache user to write and work with filesystem.
> And in some cases it needs 777 permission because the ftp user is
> different then the apache user to write.
> So I need something that assures that a user script can`t make
> interference in the other folders even with 777 permission.

You can use php safe mode. It's not perfect but it's a reasonable
compromise.


--
Ottavio

I will not purchase any computing equipment from manufacturers that
recommend Windows Vista(TM) or any other Microsoft(r) products.
http://www.pledgebank.com/boycottvista