apache 2.2 run php as username with fcgid

One of my problem is to secure a little websites at least to run as their user and not as apache . In this way if one wordpress is hacked not all website to be modify by that script .

On internet you will find something like this

<IfModule mod_fcgid.c>
MaxRequestLen 15728640
FcgidConnectTimeout 20
SuexecUserGroup username groupname
<Directory /var/www/vhosts/site.com>

Options +ExecCGI
AllowOverride All
AddHandler fcgid-script .php
FCGIWrapper /var/www/wraper/site.com/php-fcgi-starter .php
Order allow,deny
Allow from all
</Directory>
</IfModule>

All is fine in some situation works . However I notice that if you have the php 5.6 installed this won’t work . I try all loglevel debug and other stuff but it simply didn’t start that wraper with that user in process list.

After some more dig I found out that /etc/httpd/conf.d/php.conf is different then on other php version and in this 5.6 that file have a SetHandler .

So the solution is to overwrite again that SetHandler

So in your vhost before add this IfModule you need to add also

<FilesMatch \.php$>
SetHandler None
</FilesMatch>

 

Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *