PHP-FPM SuExecUserGroup not working

apache-2.2 php-fpm gentoo suexec

I have installed php, apache, and fastcgi_handler by:

emerge dev-lang/php www-apache/mod_fastcgi_handler

I managed to make it work by updating the relevant lines in /etc/apache2/modules.d/70_mod_php5.conf

to:

# AddHandler application/x-httpd-php .php .php5 .phtml
# AddHandler application/x-httpd-php-source .phps
AddHandler fcgi:/var/run/php-fpm.socket .php .php5

and /etc/conf.d/apache2 to

APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D SSL -D SSL_DEFAULT_VHOST -D SUEXEC -D LANGUAGE -D PHP5 -D FASTCGI_HANDLER"

In my document root, I have the following file to verify the installation:

<?php
echo '<pre>';
var_dump(exec('whoami'));
var_dump(php_sapi_name());

I then have the following vhost:

<IfDefine DEFAULT_VHOST>
        <VirtualHost localhost:80>
                ServerName local.testdomain.com
                ServerAlias local.testdomain.com
                SuExecUserGroup foobar foobar
                DocumentRoot "/home/foobar/workspace/local.testdomain.com"
                <Directory "/home/foobar/workspace/local.testdomain.com">
                        Options Indexes FollowSymLinks
                        AllowOverride All
                        Order allow,deny
                        Allow from all
                </Directory>
        </VirtualHost>
</IfDefine>

Which results to: 501 Error

[Wed Jul 10 01:52:10 2013] [error] [client ::1] (13)Permission denied: access to / denied (filesystem path '/home/foobar/workspace/') because search permissions are missing on a component of the path

Moving the document root outside the user directory, the test.php seems to be executed properly, however I get this result:

string(6) "nobody"
string(8) "fpm-fcgi"

I'm expecting it to be: 

string(6) "foobar"
string(8) "fpm-fcgi"

My assumption is that if I could get SuExec to work properly, it could traverse the user's directory without a problem.

In my deduction, this confirms that PHP-FPM is working correctly, however this directive: " SuExecUserGroup foobar foobar" doesn't. SuExec is surely working because I get the following line in the logs:

[Wed Jul 10 02:09:47 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

I hope somebody could point to me what am I missing, and how I may possibly fix it.

Thanks in advance.

I'm using Gentoo btw.


With PHP-FPM, SuExec is no longer needed if you want to change the uid of your PHP processes.

You can use the directives 'user' and 'group' of the php-fpm configuration file to perform the same thing.

Related

SMS_ReplicationLinkSummary Server WMI Class - Status values
Attach port to domain name [duplicate]
How can I delete the Boom application output device from my system?
Get rid of all ##### errors at once in excel [duplicate]
Querying a CSV file
Why do Excel line breaks not transfer into Notepad?
How can I parse extremely large (70+ GB) .txt files?
What keyboard shortcuts take me to the desktop if I have no Windows key?
What is best way to share wifi with a building next door?
How to type the Euro Symbol € on US English keyboard in Windows 10 without a numpad or "AltGr" key?
Is there an easy way to save a byobu session such that I can reload it after a reboot?
Permanent fix for “Do you want to change the color scheme to improve performance?” warning? [duplicate]