httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Christophe Montigny <...@assoces.com>
Subject Re: [users@httpd] Vhost and Multiple Users
Date Fri, 31 Dec 2004 13:10:19 GMT
Hello,

In fact it seems whenever the webserver wants to parse a .php file, the 
mod_suphp module will execute a new process (suphp file in itself) that 
will be executed with the UID/GID of the file that will be parsed.

To change php file depending to a vhost you just need to have a 
suPHP_ConfigPath directive for each vhost.. you can decide to enable 
suphp for certain vhosts and not some others too. See 
http://www.suphp.org/Documentation-Module-Configuration.en.html

<VirtualHost *>
  ....
  DocumentRoot /home/domain.com/www/httpd/html
  suPHP_ConfigPath /home/domain.com/www/
  suPHP_Engine on
  ...
</VirtualHost>

One not of warning though : that means you'll have to use different 
php.ini files for sites that have specific php directives... which in 
itself is very bugging. Also, you'll need to have a different path for 
each site. So beware of how your vhosts are organized on the disk... 
It'd be stupid to put a php.ini file in a dir that is accessible by a user.

In addition, suphp broke some websites on my machine. Most ran fine, but 
it seems those that use globals are having problems, probably because 
php files are now ran by a process that is born and dies once the file 
is parsed. I host one site that uses globals to store the page currently 
viewed by the user. When I enabled suphp, people could click on any link 
on the page, but the php file would only generate the welcome page, and 
not its sub pages. See? Weird problem, so i had to revert to the good 
ol' mod_php4.

I'll bash their heads next week though, so they change how their site works.

Davy Durham wrote:
> After some more digging, one possibility is to execute php scripts as 
> cgi and use suexec
> 
> And then there's: http://www.suphp.org/Home.html   which may be what 
> Ivan was talking about.  It was fairly easy to get working (Although I 
> had to pay close attention to the configuration flags--I built it 3 
> times before getting it the way I needed it)  I'm not sure what 
> advantages it has over the cgi/suexec method.  It is not just a drop-in 
> replacement for mod_php because it's essentially doing the cgi/suexec 
> method... so server php configuration directives have to be moved from a 
> .htaccess file to a php.ini file (not sure how to get a different 
> php.ini file per vhost just yet.. I emailed them tho)
> 
> It would just be fantastic if the real mod_php could fork and change 
> user/group ID before doing it's thing.. this would obviously only work 
> when apache was running as root.  Is that a definate no-no, never to 
> do?  I wonder if that'd be a significantly difficult hack of the mod_php 
> code--or is it as simple as putting a if(fork()==0) { 
> setuid();setguid(); ... }  around a certain section of code?
> 
> -- Davy
> 
> Ivan Barrera A. wrote:
> 
>> there is a mod, called phpexec (or phpsuexec) that does that.
>> If i find the page, ill post it.
>>
>> Davy Durham wrote:
>>
>>> |*Ok, for a good while now I've been trying to figure this out, but I 
>>> cannot find a way.
>>>
>>> With apache-2.0.48 is there any way possible to have apache (running 
>>> as root I would suppose) to execute a vhost's php scripts (using 
>>> mod_php) as a particular user?  And I have many vhosts configured, I 
>>> would like them all to run as their respective user.
>>>
>>> Thank you VERY much in advance,
>>>   Davy
>>>
>>>
>>> *|
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server 
>>> Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


-- 
Jean-Christophe Montigny
Responsable serveurs assoces.com
Etudiant à Grenoble Ecole de Management

Mime
View raw message