I have a Debian 6 server and I was previously using Apache with mod_php but decided to switch to using fcgi instead since WordPress was somehow causing Apache to crash. I have the following in my site's Apache config file:
Options +ExecCGI
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php
SuexecUserGroup "#1001" "#1003"
Everything works fine if I don't include the SuexecUserGroup, but it obviously then runs the script as www-data instead of the user and group above. When I include that line, I get a 500 error and the following shows up in my suexec.log file:
[2013-05-22 16:00:12]: command not in docroot (/usr/lib/cgi-bin/php5)
Everything was installed using the packages, so I don't even know where the docroot is.
Here is my suexec info:
# /usr/lib/apache2/suexec -V
-D SUEXEC_CONFIG_DIR=/etc/apache2/suexec/
-D AP_GID_MIN=100
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
And the permissions on my php5 file if that has anything to do with it:
# ls -l /usr/lib/cgi-bin/php5
-rwxr-xr-x 1 root root 7769160 Mar 4 08:25 /usr/lib/cgi-bin/php5
Best Answer
The document root in the error message is the
suexecdocument root. For security reasons, you cannot directly use anyFCGIWrappercommands that are not contained within your suexec directory. By default, this is/var/www/, however when usingapache2-suexec-custom, you can change this to whatever directory you want by modifying the first line in the/etc/apache2/suexec/www-datafile.