httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse B. Crawford" <jean...@nmt.edu>
Subject Re: [users@httpd] best practice: suexec with PHP5 in a many-user/non-technical-user environment
Date Thu, 27 Oct 2011 00:00:01 GMT
Because PHP is embedded within HTML, PHP web scripts cannot use a 
shebang, so it is a necessity that the php-cgi binary (/usr/bin/php-cgi 
in our environment) be executed with the script as an argument, rather 
than the script being executed directly (or at least this is my 
understanding, and I have not found any information on the internet to 
the contrary). This creates a problem with the requirement that all 
files executed by suexec be in the userdir, because obviously the 
php-cgi binary is not. This situation is unique to PHP, I think, because 
of the embedding in to HTML. That said, PHP is incredibly common and I 
can't believe that a good solution hasn't been created for this. At this 
point I'm thinking the best solution is suphp and suexec alongside each 
other, because suexec seems to have been poorly designed for handling 
scripts that must be explicitly run with an interpreter (which, in its 
defence, is only PHP that I'm aware of).

Please let me know if I'm wrong on any of these points.

On 10/26/2011 12:22 AM, Steve Swift wrote:
> I don't understand how suexec is "calling" php-cgi, and how such php 
> scripts work.
>
> I use SUEXEC on a couple of very different systems. My scripts (as is 
> required) run from a directory below my DocumentRoot. In turn, they 
> use the shebang method to invoke the programming language:
> #!/usr/bin/rexx --
> As far as I'm aware, this executable can be anywhere; the restriction 
> is on where the SCRIPT is housed, not where it's processing executable 
> lives.
>
> Once my script starts executing under suexec, it can run more or less 
> any executable/binary that my own userid has access to; at least, I've 
> never run into any problems.
>
> On 25 October 2011 22:07, Jesse B. Crawford <jeanluc@nmt.edu 
> <mailto:jeanluc@nmt.edu>> wrote:
>
>     >From the
>     documentation I have read (and it is quite possible I'm missing
>     something), suexec can only call binaries within the userdir, not
>     somewhere on the rest of the system. This makes PHP difficult since
>     php-cgi must be called.
>
> -- 
> Steve Swift
> http://www.swiftys.org.uk


-- 
Jesse B. Crawford (jeanluc)
Systems Programmer
Tech Computer Center
New Mexico Inst. of Mining&  Tech.

jeanluc@nmt.edu // http://nmt.edu/~jeanluc


Mime
View raw message