Php SuExec

#1
Oh wise gods of Open Lite Speed, I have read all available documentation, I have scoured both the open source and commercial forums, google has failed me and I am lost. Try as I might, my server will not will not execute php (lsphp) as another user.

Ubuntu 16.04 with OLS 1.4.24 installed from repos. Built php 5.26 and tested in both "server" and "vhost", both working. Next, reconfigured vhost document root to my user document root "/home/user/html". Had been beating my head against a wall for the last week with 404 error until I stumbled across a new post (from today) on this forum with same issue. Per the resolution on that post, I chmoded "/home/user" -> 711 and all now works except that php is still running as "nobody".

Vhost was built from SuExecPhp template and doc root uid is set. For good measure, I set the SuExec options in "External App" with also no effect. So, what am I missing, what do I need to try next?
 

lsfoo

Administrator
#2
Hi @Josh Linn

Apologies for the late response.

The way I set it up so that the template uses the correct user:
1. The template has its own external app. This could point to the same command as the server level external app.
2. The template's script handler uses the external app from 1.
3. In the template settings, Security->ExtApp Resource Control, set it to use DocRoot UID. (Sounds like you already did this step?).

Restart the server, and it should be running as the correct user.

Let us know how it goes!

Cheers,
Kevin
 
#3
Your are awesome!

FWIW, I erased everything and started fresh with your instruction. I began by creating a document root under the server root and chown'ing it to "user/group". After restarting Open Lite Speed, my system still reported lsphp running as "nobody". I decided to double check everything so I created a php script under my document root containing:
PHP:
<?php
echo get_current_user ();
?>
and what do you know, php IS running as "user" even though the worker runs as "nobody" (This is correct, right?). Still working after relocating document root to "/home/user".

Again, thank you. Hopefully this post might help someone in the future.

P.S. This information and the post I referenced in my OP (http://openlitespeed.com/threads/documentroot-outside-of-usr-local-lsws.2564/) would be very useful in the Wiki for us slow folks ;)
 
Last edited:

lsfoo

Administrator
#4
Ah, yes. The worker is a different setting :)

Glad you were able to get it working! Let us know if you run into any more issues, always glad to help!
 
#5
One more question, everything is running as "user" but the web server creates files as "nobody". Is this expected behavior? Can it be changed to create files as "user"?
 
#7
For example, one of my vhost is a Dokuwiki setup so rather than using a db, Dokuwiki writes each individual page as a txt file. These files are being created/written as "nobody" even thought php reports it is running as "user".
 

lsfoo

Administrator
#9
How are you creating the file? I just used file_put_contents to create a test file and it was written with the correct user.
 
#10
Alright, I don't know the method which dokuwiki writes files, but this script:

Code:
<?php
echo get_current_user ();
?>
Returns "user", and this script:

Code:
<?php
     // try to create a file and read it's ids
    $tmp = tempnam ('/tmp', 'check');
    $uid = fileowner($tmp);
    $gid = filegroup($tmp);
 
    // try to run ls on it
    $out = `ls -l $tmp`;
    $lst = explode(' ',$out);
    $user  = $lst[2];
    $group = $lst[3];
    unlink($tmp);
 
echo "Your PHP process seems to run with the UID $uid ($user) and the GID $gid ($group)\n"; ?>
Returns "nobody" and "nogroup". This behavior is by no means a deal breaker, I just want to make sure I have my permissions set correctly before I go to far to return.
 
Top