I am setting up a suexec environment with Apache2 and PHP 7.0 with FastCGI.
I have installed everything the normal way
Aptitude install libapache2-mod-fcgid apache2-suexec-custom A2enmod suexec My server has following structure:
- There are users who have their websites in /home/username/public_html/ (linux user "username")
- and there is a main website which has its docroot in /data/www/ (user "homepage").
SuEXEC works so far, but there is a major problem: for some reason, suEXEC queries /etc/apache2/suexec/www-data instead of /etc/apache2/suexec/username , therefore I can only have my website at /data working, or the websites at /home working, but not both. I do not understand that, since no script on my server is owned by www-data.
/etc/apache2/suexec/www-data (unchanged, since I don't use www-data)
/var/www public_html/cgi-bin /etc/apache2/suexec/homepage
/data www/cgi-bin /etc/apache2/suexec/userXYZ
/home/userXYZ public_html/cgi-bin /data/www/cgi-bin/php-fcgi
#!/bin/sh export PHPRC="/etc/php/7.0/cgi" exec /usr/bin/php-cgi /home/userXYZ/public_html/cgi-bin/php-fcgi
#!/bin/sh export PHPRC="/etc/php/7.0/cgi" exec /usr/bin/php-cgi /etc/apache2/sites-enabled/...
<Directory /data/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted FCGIWrapper /data/www/cgi-bin/php-fcgi .php <FilesMatch \.php$> SetHandler fcgid-script </FilesMatch> Options +ExecCGI </Directory> <Directory /home/userXYZ/public_html/> Options Indexes FollowSymLinks AllowOverride None Require all granted FCGIWrapper /home/userXYZ/public_html/cgi-bin/php-fcgi .php <FilesMatch \.php$> SetHandler fcgid-script </FilesMatch> Options +ExecCGI </Directory> <VirtualHost *:80> DocumentRoot "/home/userXYZ/public_html" SuexecUserGroup userXYZ userXYZ ServerName ... </VirtualHost> <VirtualHost *:80> DocumentRoot "/data/www" SuexecUserGroup homepage homepage ServerName ... </VirtualHost> So, when I access my main home (/data/www), it does not work since suexec/www-data.conf has its docroot at /var/www . If I change suexec/www-data.conf to /data , then the main homepage works. But then the users websites do not work, since they are located at /home . If I change www-data to /home , then my main homepage does not work, since it has its docroot at /data ... How can I avoid that suEXEC queries the www-data config, and instead query the correct user config?
