Comments on: suexec, php-5.1.4, fastcgi and cpanel

By: CAP Marketer - Optimisez votre site internet développé sous Wordpress

CAP Marketer - Optimisez votre site internet développé sous Wordpress — Tue, 31 Aug 2010 23:59:11 +0000

[...] eAccelerator ne fonctionnera pas si votre PHP tourne en mode CGI. Vous pouvez essayer d’utiliser fastcgi qui, lui, fonctionne avec suExec et [...]

By: 求索阁 » Blog Archive » WordPress 优化宝典

求索阁 » Blog Archive » WordPress 优化宝典 — Mon, 14 Jun 2010 00:17:14 +0000

[...] #6：不幸的是，如果 PHP 运行于 CGI 模式，eAccelerator 无法工作。你可以尝试使用 fasgcgi，可以与 suExec 和 eAccelerator [...]

By: Wordpress Optimization Tips | Nanzad - Wordpress Developer

Wordpress Optimization Tips | Nanzad - Wordpress Developer — Fri, 11 Jun 2010 07:57:28 +0000

[...] #3: Unfortunately eAccelerator won’t work if PHP is run as CGI. You can try using fastcgi which will work with suExec and [...]

By: PHP-FastCGI, Suexec, and XCache Installed - Reaper-X

PHP-FastCGI, Suexec, and XCache Installed - Reaper-X — Tue, 27 Apr 2010 10:34:44 +0000

[...] your own userid, and the good side from this method is you can use PHP Accelerator. Fortunately there’s someone who’s using an almost identical server setup like mine so i can simply follow his guide (although i need to do some little modification because i [...]

By: sykkes

sykkes — Fri, 15 Jan 2010 03:54:50 +0000

What exactly is the difference between mod_fastcgi and mod_fcgid? I want to be able to use the -flush command, so my progressbars work, but if the two modules are ‘the same’, then why are the configurations so different? I’ve still to get a straight answer to this…xD

By: Reza Hashemi

Reza Hashemi — Sat, 06 Oct 2007 15:56:26 +0000

Nice tutorial, It works with php 5.2.4 on centos 4.5, It needs just a minor change, as the binary file is /usr/local/php5-fcgi/bin/php-cgi

By: Mark

Mark — Wed, 06 Dec 2006 04:53:50 +0000

I am having the worse time getting php5 to work on cpanel server as fastcgi.

i am constantly getting unable to load pgsql.so (even though it is in the right place). Specifically it says undefined symbol PQescapeStringConn.

any advice?

By: Brian

Brian — Sat, 25 Nov 2006 19:39:39 +0000

There is apparently one way that this can be done. There is a patch to the apache suexec code to tell it to stop checking for the uid/gid of files that it is to run. Then you can place the php5.fcgi script in a central location and change some of the config files around. Apache would run the file as whatever uid/gid was set in its virtualhost declaration.

The problem with doing this is that the suexec mechanism checks uid/gid to limit exposure to certain security risks. I would be concerned about stripping out one of the security mechanisms from suexec.

—
uid = user id
gid = group id

By: Brian

Brian — Sat, 25 Nov 2006 19:19:05 +0000

Sorry for taking so long to reply.
—
Christos,

I am not sure if there is a way to fix the suexec_logs file. The php5.fcgi is executed and that in turn runs php which parses the file.

To have php files with incorrect permissions is certainly a security threat.
—

Jos van Bakel,

Your method would work; however, I believe it would cause problems in a virtual host environment. The suexec mechanism runs the php5.fcgi file as the user that owns the file. I did see somewhere where there were directives that could be added to Apache’s virtual host sections to specify the exact user that scripts are to be run as.

Looks like I need to do some further research. I will have to do some testing, as I like your way of doing it much better and have always been somewhat dissatisfied with the way I have outlined in this guide.

By: Jos van Bakel

Jos van Bakel — Sat, 25 Nov 2006 18:49:15 +0000

Nice Tutorial!

I think i found a solution to the php5.fcgi-in-every-virtual-host-directory problem:

Create a directory /usr/share/cgi-bin and put the php5.fcgi file in it.
Be sure that the directory is readable and executable by apache (and all of the virtual host users).
Now, add the following to the apache config:

Alias /shared-cgi-bin/ /usr/share/cgi-bin/

AllowOverride none
Options +ExecCGI

And finally modify the path in the “Action php5-fcgi …” configuration lines to /shared-cgi-bin/php5.fcgi

I haven’t tried it with virtual hosts with different users yet, but it think it will work

By: Christos

Christos — Fri, 10 Nov 2006 15:25:39 +0000

Thanks for the tutorial i followed and used php5.2.0 which works quite well.

One question though. suexec_logs indicate that the php5.fcgi scipt is executed not the .php file. Can this be fixed?

Apart from that you can have php files with root permissions or chmoded to 777 which is not allowed by suexec. suexec works because if i change the permissions of php5.fcgi then nothing can be executed.
But allowing php scripts to have incorrect permissions isn’t a security threat?