Discussion:
[tortech] PHP running as a different user than web server
(too old to reply)
Bryan Fullerton
2005-08-09 19:45:18 UTC
Permalink
Howdy,

I'm looking at how PHP is working with some sites I'm hosting and
noticing that people are getting around disk quotas because PHP creates
files as the web server user instead of the site owner user.

I've locked this down for CGI by using suEXEC. I've googled and found I
can run PHP as a CGI, which has many warnings that the overhead may
cause slowdowns (I'm unsure if more than Python or Perl CGIs). I've also
found documentation about using FastCGI with PHP as an external
processor, which looks like it'll work but seems complicated to roll out
across a bunch of sites.

What's the preferred way to do this?

Thanks,
Bryan
Stephen van Egmond
2005-08-10 07:36:16 UTC
Permalink
| noticing that people are getting around disk quotas because PHP creates
| files as the web server user instead of the site owner user.

suExec can be done with Apache and its modules as well. This is
done with the User directive per virtual host:

http://httpd.apache.org/docs/1.3//mod/core.html#user
Bryan Fullerton
2005-08-10 13:37:46 UTC
Permalink
On 8/10/05 3:36 AM, Stephen van Egmond wrote:
|> noticing that people are getting around disk quotas because PHP creates
|> files as the web server user instead of the site owner user.
|
| suExec can be done with Apache and its modules as well. This is
| done with the User directive per virtual host:
|
| http://httpd.apache.org/docs/1.3//mod/core.html#user

As noted in my original email, I'm already using suEXEC for CGIs. The
URL you posted above says the User directive only affects CGIs when used
in a VirtualHost block, not non-CGI stuff like mod_php.

I'm also using Apache 2.0, which uses the slightly different
SuexecUserGroup:

http://httpd.apache.org/docs/2.0/mod/mod_suexec.html#suexecusergroup

I've been playing with running PHP as a CGI, but it doesn't seem to
actually work - I keep getting "Premature end of script headers: php" in
my VirtualHost's error_log, even when loading a phpinfo() page. I've
found various possible reasons for this via Google (PHP parsing the php
binary instead of the script, problems with enabling/disabling
force-cgi-redirect or discard-path settings when building PHP) but none
seem to be helping yet. When I re-enable mod_php everything works fine.

I'm using the FreeBSD ports of php4-cgi-4.4.0 and apache-2.0.54_2. Next
steps are to examine in detail all the settings the main lang/php4 port
is adding/removing, in addition to those the www/php4-cgi port are
changing, and see if something's wonky there. Maybe I should just use
the main lang/php4 port instead of www/php4-cgi?

Fun, fun.

Bryan
Bryan Fullerton
2005-08-10 20:50:08 UTC
Permalink
On 8/9/05 3:45 PM, Bryan Fullerton wrote:
| I'm looking at how PHP is working with some sites I'm hosting and
| noticing that people are getting around disk quotas because PHP creates
| files as the web server user instead of the site owner user.

Ah - this looks like it could be what I'm looking for. Seems to be
working as advertised.

http://www.suphp.org/Home.html

Bryan

Loading...