PHP and suexec on Debian Stretch

Question

I am trying to get suexec working with PHP on Debian Stretch (Apache 2.4.25).

I have the Debian package's default set of modules loaded plus cgid and php7.0.

This is the VirtualHost block I'm using on my test system:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ScriptAlias /cgi-bin/ /var/www/cgi-bin/
        <Directory "/var/www/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Require all granted
        </Directory>
        SuexecUserGroup testuser testuser
</VirtualHost>

This works correctly with a simple perl script in /var/www/cgi-bin that prints the process's UID. The script prints 1000, verifying that suexec is working. I also get the expected line in suexec.log:

[2017-07-28 11:54:27]: uid: (1000/testuser) gid: (1000/testuser) cmd: moo.cgi

However, when I use a similar PHP script, suexec is never called and the script runs as the Apache user.

How can I get suexec to work with PHP scripts?

score 0 · Answer 1 · answered Jul 28 '17 at 22:14

0

The enabled php7.0 module handles your PHP pages. Disable it, install php-cgi and enable that instead like

AddHandler cgi-handler .php
Action cgi-handler /usr/bin/php-cgi7.0

answered Jul 28 '17 at 22:14

Ferenc Wágner

5,027
17
25

PHP and suexec on Debian Stretch

1 Answers1