•  05-07-2019
  •  | 
  •  

Question

I run php 5.2.6 as a cgi under lighttpd 1.4 and for some reason it's always running as root. All php-cgi processes in are owned by root and all files written to the file system are owned by root.

I've tried setting the user in lighttpd as non privileged, and confirmed, it's running right it's just php that runs as root.

How would I set php-cgi to run as a safer user?

Was it helpful?

Solution

  1. Ensure :

    server.username            = "nonprivuser"
server.groupname           = "nonprivgroup"

  2. stop lighttpd.

  3. check for existing php processes and kill them.
  4. start lighttpd
  5. check php processes are running as non priv

if php is still running as root, then you possibly have a SETUID script somewhere loading them ( you really shouldn't, but its feasible )

if this is the case, check the file 'bin-path' refers to doesn't have anything funky on it.

OTHER TIPS

It is possible that you have a fastcgi process that was started on the server as root. If this is the case, then the fastcgi process will continue to run php processes called from lighttpd.

I suggest killing the fastcgi processes on your server and restarting lighttpd.

You might also want to take a look at any startup scripts that might launch the fastcgi daemon.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top