``advanced'' suexec?

[gahan]

Hi,
I wasn't sure in which forum should I post my question as follows: does LSWS's suexec feature self-guesses script ownership?

I wish it could execute php scripts through fcgi without additional per-vhost configurations, basing on file ownership only. With a little hack I've managed to do that in apache and lighttpd both, but unfortunately for php-cgi only, without that fcgi boost. It's still possible with fcgi however it requires one wrapper for one user running constantly, which isn't real solution for thousands of users.

Does LSWS suexec feature also chroots to userdir?

best regards

 

[mistwang]

Thank you for your inquiry.

It is hard to do what you described in fcgi, as the fcgi process is persistent, and it cannot switch to a different user id when a script belong to another user dispatched to this fcgi process. That's why you need to configure a dedicate fcgi PHP handler for each user.

It is possible with our lsapi php implementation, but haven't been implemented.

If you want to setup suexec at per user level, you still have to setup a dedicated fcgi/lsapi PHP application and script handler for each user with LSWS, however, LSWS has vhost template feature which will make configurations for mass hosting less painful.

LSWS can do per user chroot as well, but you have to setup the chroot jail environment for each user manually, it is a pain and no way to automate that.

 

[gahan]

how about using php as cgi, not fcgi with LSWS suexec? will suexec set uid/gid basing on stat() or do i still have to configure user/group inside every virtual host?

 

[mistwang]

Please take a look at http://www.litespeedtech.com/docs/VirtualHosts_Help.html#vhCGISetUidMode

Using "Doc Root UID" is the best choice for mass hosting environment I think.

This configuration is acctually effective for CGI, FCGI as well as LSAPI application.

Running PHP as CGI is not recommended, and you probably need to use some rewrit rules to make it work properly.