PHP with suexec/fcgid

apache-2.2mod-fcgidPHPsuexec

httpd.conf file:

LoadModule fcgid_module modules/mod_fcgid.so
AddHandler fcgid-script .php
FCGIWrapper /usr/local/php5 .php

# manual
MaxRequestsPerProcess 1000
FcgidMaxProcesses 200
FcgidProcessLifeTime 7200
MaxProcessCount 500
FcgidIOTimeout 400
FcgidIdleTimeout 600
FcgidIdleScanInterval 90
FcgidBusyTimeout 300
FcgidBusyScanInterval 80
ErrorScanInterval 3
ZombieScanInterval 3
DefaultMinClassProcessCount 0
DefaultMaxClassProcessCount 3
MaxRequestLen 20468982

<VirtualHost *>
    ServerName hostname
    DocumentRoot /home/web
    ServerAdmin web@web.com
    <IfModule mod_suphp.c>
        suPHP_UserGroup web web
    </IfModule>
         SuexecUserGroup web web
    UserDir disable
</VirtualHost>

and this is my wrapper:

#!/bin/sh
exec /usr/local/bin/php

my error is:

/usr/local/apache2/logs/suexec_log

[2019-09-03 06:55:28]: user mismatch (daemon instead of www)

/usr/local/apache2/logs/error_log

suexec policy violation: see suexec log for more details
[Tue Sep 03 06:55:28 2019] [warn] [client 127.0.0.1] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[Tue Sep 03 06:55:28 2019] [error] [client 127.0.0.1] Premature end of script headers: phpinfo.php

UPDATES:

I've edited:

 /usr/local/apache2/bin/suexec -V
 -D AP_DOC_ROOT="/"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www"
 -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="www"

but no I get no errors and nothing found…

Best Answer

The suexec file indicates that it will only function if the underlying user is www. It appears that the website is running as daemon. You can change this by putting in user www in the httpd.conf file. BTW, that httpd.conf file looks pretty empty, there are probably other files being included or attached elsewhere in the directory you found it in. This might be the place where a user directive has already been placed.

Your wrapper shell will definitely return an error as all it does it start the php program. Which I am not sure what it would do without a program to run. Apache expects the output from any program, to contain the proper HTTP headers, these will not be generated automatically.

Related Topic