Question
I set up a virtual host that uses mod_suexec to run PHP scripts as a different user than www-data.
https://stackoverflow.com/questions/19515964
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<VirtualHost *:80>
ServerName my.server.com
DocumentRoot /srv/my-site
SuexecUserGroup webconfig webconfig
</VirtualHost>
However, when I create a directory or a file (mkdir, file_put_contents), those files/dirs have www-data as an owner. I also can not read files that are only readable by webconfig.
I also noticed this strange behaviour: This php file:
echo get_current_user()."\n";
echo `whoami`."\n";
echo exec('whoami')."\n";
produces the following output:
webconfig
www-data
www-data
Solution
mod_php5 is actually incompatible with mod_suexec. As described in this article, you have to use mod_suphp and php-cgi instead. The downside is that this decreases performance.
A simple solution that works for Ubuntu is
apt-get install -y suphp-common, libapache2-mod-suphp
a2dismod php5
a2enmod suphp
The linked article describes how to use mod_php5 for some vhosts and mod_suphp for others.
