To what extent does mod_suexec interact with Passenger?

apache-2.2 web-server cgi phusion-passenger

On a shared server (specifically a DreamHost shared server running Debian, but I don't know if this matters) with mod_suexec activated and with PHP and Python forced to use CGI or FastCGI, would you expect Passenger processes to be run as the Apache user or as the user from whose home directory the Passenger-powered app is run?

Please explain the basis for your answer.

(I'm guessing the latter, for consistency with DreamHost's approach to PHP and Python, but I'm vague on how Passenger interacts with Apache, let alone with mod_suexec.)


Solution 1:

mod_suexec is specific to CGI setups, which a completely different technology from passenger.

Passenger implements its own way of user switching. The user applications are run as is determined broadly according to the following:

  1. If we are a Rails app, run as the owner of config/environment.rb. If we are a Rack app, run as the owner of config.ru.
  2. If the determined user would be root, use the configured PassengerDefaultUser
  3. If this still would be root (or unconfigured), run as the user, Apache runs at (e.g. wwwrun or www-data).

For more information, see http://www.modrails.com/documentation/Users%20guide%20Apache.html#user_switching

Related

qlogic HBA tuning recommendations random iops
Subdomains from folders on Apache
Samba - can access 1 share but not the other. Same config
Exchange 2007 Auto-Reply
Firewall has begun dropping SSH response
What does the following C-State output mean?
Avoid write on a mounted loopback device to be propagated
Microsoft Web Farm 2.0: How to install the Controller on the Primary Server?
Apache log request port number
Getting a lot of hits on my web server and it's taking down my httpd. Possible DDoS? [duplicate]
Windows Server 2008 R2 RRAS VPN client routing
PHP-FASTCGI hangs with nginx, is there a better solution to this problem?