Php SuExec

Discussion in 'Linux Support: Debian, Ubuntu, SolusOS etc' started by Josh Linn, Feb 15, 2017.

  1. Josh Linn

    Josh Linn New Member

    Oh wise gods of Open Lite Speed, I have read all available documentation, I have scoured both the open source and commercial forums, google has failed me and I am lost. Try as I might, my server will not will not execute php (lsphp) as another user.

    Ubuntu 16.04 with OLS 1.4.24 installed from repos. Built php 5.26 and tested in both "server" and "vhost", both working. Next, reconfigured vhost document root to my user document root "/home/user/html". Had been beating my head against a wall for the last week with 404 error until I stumbled across a new post (from today) on this forum with same issue. Per the resolution on that post, I chmoded "/home/user" -> 711 and all now works except that php is still running as "nobody".

    Vhost was built from SuExecPhp template and doc root uid is set. For good measure, I set the SuExec options in "External App" with also no effect. So, what am I missing, what do I need to try next?
     
  2. lsfoo

    lsfoo Administrator

    Hi @Josh Linn

    Apologies for the late response.

    The way I set it up so that the template uses the correct user:
    1. The template has its own external app. This could point to the same command as the server level external app.
    2. The template's script handler uses the external app from 1.
    3. In the template settings, Security->ExtApp Resource Control, set it to use DocRoot UID. (Sounds like you already did this step?).

    Restart the server, and it should be running as the correct user.

    Let us know how it goes!

    Cheers,
    Kevin
     
  3. Josh Linn

    Josh Linn New Member

    Your are awesome!

    FWIW, I erased everything and started fresh with your instruction. I began by creating a document root under the server root and chown'ing it to "user/group". After restarting Open Lite Speed, my system still reported lsphp running as "nobody". I decided to double check everything so I created a php script under my document root containing:
    PHP:
    <?php
    echo get_current_user ();
    ?>
    and what do you know, php IS running as "user" even though the worker runs as "nobody" (This is correct, right?). Still working after relocating document root to "/home/user".

    Again, thank you. Hopefully this post might help someone in the future.

    P.S. This information and the post I referenced in my OP (http://openlitespeed.com/threads/documentroot-outside-of-usr-local-lsws.2564/) would be very useful in the Wiki for us slow folks ;)
     
    Last edited: Feb 20, 2017
  4. lsfoo

    lsfoo Administrator

    Ah, yes. The worker is a different setting :)

    Glad you were able to get it working! Let us know if you run into any more issues, always glad to help!
     
  5. Josh Linn

    Josh Linn New Member

    One more question, everything is running as "user" but the web server creates files as "nobody". Is this expected behavior? Can it be changed to create files as "user"?
     
  6. lsfoo

    lsfoo Administrator

    Hi @Josh Linn

    Which files are you referring to?
     
  7. Josh Linn

    Josh Linn New Member

    For example, one of my vhost is a Dokuwiki setup so rather than using a db, Dokuwiki writes each individual page as a txt file. These files are being created/written as "nobody" even thought php reports it is running as "user".
     
  8. lsfoo

    lsfoo Administrator

    Ah I see. Will look into this and report back in a bit.
     
  9. lsfoo

    lsfoo Administrator

    How are you creating the file? I just used file_put_contents to create a test file and it was written with the correct user.
     
  10. Josh Linn

    Josh Linn New Member

    Alright, I don't know the method which dokuwiki writes files, but this script:

    Code:
    <?php
    echo get_current_user ();
    ?>
    Returns "user", and this script:

    Code:
    <?php
         // try to create a file and read it's ids
        $tmp = tempnam ('/tmp', 'check');
        $uid = fileowner($tmp);
        $gid = filegroup($tmp);
     
        // try to run ls on it
        $out = `ls -l $tmp`;
        $lst = explode(' ',$out);
        $user  = $lst[2];
        $group = $lst[3];
        unlink($tmp);
     
    echo "Your PHP process seems to run with the UID $uid ($user) and the GID $gid ($group)\n"; ?>
    Returns "nobody" and "nogroup". This behavior is by no means a deal breaker, I just want to make sure I have my permissions set correctly before I go to far to return.
     
  11. lsfoo

    lsfoo Administrator

    Odd. That returned the correct user and group for me as well. Could you PM me your server and vhost configs?
     
  12. Josh Linn

    Josh Linn New Member

    PM'd requested information.
     
  13. lsfoo

    lsfoo Administrator

    Thanks, received. Will look into it when I get a chance.
     

Share This Page