2

I currently have a setup which runs Apache2 + FastCGI PHP + Suexec.

As an example, I'm using /mnt/data/www/vhosts/inflex.co.uk/htdocs as a DocRoot for one of my virtual hosts.

I have a script /mnt/data/www/php5-cgi/inflex.co.uk/php5-cgi which contains:

    #!/bin/sh
    exec /usr/bin/php5-cgi

The account the scripts should run under is duncan, this file is owned by duncan and also in the group duncan. It has -rwxr-x--- permissions.

.../www/vhosts/inflex.co.uk and ../inflex.co.uk/htdocs is owned by duncan and in the group duncan.

If I remove all access for others, such as chmod 750, I get an error regarding permissions when trying to access the website, if I allow read/write for others, 755 say, it works.

I'm assuming this is an issue with www-data (apache2 user) accessing the directory, but I thought the point of Suexec was that all of this was ran under a seperate user, or does www-data require read (maybe write?) on the folder and then executes PHP php file as the user?

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
dunks
  • 21
  • 1
  • Ok, had another look with a fresh pair of eyes, turns out you need to have o+x so that the directories can be tranversed by others. – dunks Apr 09 '12 at 12:21
  • But it seems that files still need to be readable by others (or www-data) – dunks Apr 09 '12 at 12:25

0 Answers0