When I enable suEXEC by following the tutorial here, I am able to get PHP to run over Apache in cgi mode, but when I start trying to use suEXEC I get a 403, and the following error appears in the error log "client denied by server configuration". The suEXEC log is empty. How can I get this working? My ultimate goal is to run fastcgi with suexec, and this error has stopped me at every turn.
The relevant portion of httpd.conf:
ScriptAlias /php5-cgi /usr/bin/php-cgi
Action php5-cgi /php5-cgi
AddHandler php5-cgi .php
<Directory /usr/bin>
Order allow,deny
Allow from all
</Directory>
<VirtualHost *:80>
ServerName skylords.com
ServerAlias www.skylords.com en.skylords.com lt.skylords.com nl.skylords.com
DocumentRoot /srv/http/htdocs
SuexecUserGroup skylords skylords
AddHandler php5-cgi .php
ScriptAlias /php5-cgi /var/http/htdocs/cgi-bin/php-cgi
ErrorDocument 404 /srv/http/htdocs
ErrorLog /srv/http/logs/apache_error.log
<Directory "/srv/http/htdocs">
AllowOverride All
Order allow,deny
Allow from all
Options Indexes +FollowSymLinks +ExecCGI
</Directory>
</VirtualHost>
File permissions:
-rwxr-xr-x 1 skylords skylords 7207288 Apr 1 06:00 php-cgi
drwxr-xr-x 2 skylords skylords 4096 Apr 1 06:13 cgi-bin
drwxr-xr-x 17 skylords skylords 4096 Apr 1 06:19 htdocs
drwxr-xr-x 11 skylords skylords 4096 Apr 1 06:13 http
drwxr-xr-x 4 root root 4096 Apr 1 05:57 srv
Best Answer
What do the permissions of your
cgi-bindirectory and PHP fastcgi wrapper script look like? In my experience suEXEC 403 errors are often because the owner/group of the script doesn't match the owner of thecgi-bindirectory, or the directory above it.EDIT: OK. Not sure what's going on here... the new information confused me a bit :-) Have you tried setting
LogLevel Debugin httpd.conf, and checking to see what appears in the error_log when you try to load a PHP script in your browser?