Fcgid, suexec, and userdir

apache-2.2mod-fcgidsuexectrac

I'm trying to set up per-user trac instances, using fcgid. The problem is that trac requires rw access to the trac instance, so I need the fcgi process to run under the respective user.

I have the suexec, fcgid, and userdir Apache modules installed (on Debian). I put up vhost directive

ScriptAliasMatch /~(.*)/trac /home/$1/public_html/trac.fcgi

This works insofar as trac.fcgi is run, but unfortunately, under the www-data user. How can I make fcgid launch it under the $1 user?

Best Answer

I'm using the IUS RPMs from Rackspace, and suexec came compiled and configured by default.

Here are the pertinent parts of my mod_fcgid config:

LoadModule fcgid_module modules/mod_fcgid.so 
AddHandler fcgid-script fcg fcgi fpl php 
DefaultInitEnv PHPRC  "/etc/"
FCGIWrapper /usr/bin/php-cgi .php

I suggest removing the "ScriptAliasMatch" Directive and using the AddHandler directive globally or in the UserDir section. Under my setup, any UserDir folder (i.e. ~/public_html) would automatically use suexec for the user in question.

Related Solutions

Suexec and docroot problem

suexec only executes programs within an apache document root. See the suexec security model, particularly point 13.

Php – Access Denied for PHP Files Only

<Directory /srv/www/hostname/public>
    Order allow,deny
    Allow from all
</Directory>

That doesn't include /srv/www/hostname/fcgid-bin/; assuming there's no Allow applying to it elsewhere in your config, this is the problem. You'll need to Allow access to this location.

Best Answer

Related Solutions

Suexec and docroot problem

Php – Access Denied for PHP Files Only

Related Topic