Void's Forums

[Stryker]

I'm attempting to install php as cgi, so that php scripts get executed as the site owner's ftp username instead of "apache". I am not exactly sure how to do this, but this is what I have gotten so far:

httpd.conf settings:

Code: Select all

Alias /error/ "/var/www/error/"
ScriptAlias /php-cgi/ "/var/www/php-cgi/"

php.include (included by the httpd.conf)

Code: Select all

#LoadModule php4_module modules/libphp4.so
AddType application/x-httpd-php .php .php4 .php3 .phtml
DirectoryIndex index.php index.php3
AddHandler application/x-httpd-phpcgi .php .pcgi .php3 .phtml
Action application/x-httpd-phpcgi /php-cgi/php.cgi


/var/www/php-cgi/php.cgi:(which i got from another website, probably the problem)

Code: Select all

#!/bin/sh
PHPCGI_SCRIPT=`echo $PATH_INFO | sed -e s/.*\\\\///`
export PATH_TRANSLATED=$PWD/$PHPCGI_SCRIPT
/usr/bin/phpcgi


/usr/bin/phpcgi is a php binary i just compiled with the --enable-force-cgi-redirect option


my test.php script:

Code: Select all

<?
system("whoami");
?>

The result of test.php, 500 internal server error.

The log entry in error_log:

Code: Select all

[Fri Apr 01 03:09:21 2005] [error] [client 24.22.xxx.xxx] Premature end of script headers: php.cgi

Does anyone have any idea what I can do to fix this? I've been curious about php as cgi for a while now, and would like to finally learn how to get it working properly.


update: apparently any cgi does this... while i was trying to debug it, i created another cgi script which also resulted in 500:

Code: Select all

#!/bin/sh
echo Content-type: text/plain
echo
echo
set


[Void Main]

This may be a stupid question but did you set your scripts executable (chmod +x filename)? Since they are CGI they must be executable and you need to be able to run them on the command line before you can expect them to run as a CGI.

[Stryker]

of course, i set them as 755 and through the command line, runs fine. at least the test cgi script ran fine (which i wanted to run through a web interface to get the proper environment variables to test the real cgi from the command line)

[Void Main]

The reason I ask is because your last script example ran fine in my cgi-bin but if it's not executable I get the exact error you get. I'm not familiar with what you are trying to do or why, and have never ran php as CGI but I do use it occasionally for regular system level scripts (normally use Perl).

[Stryker]

its happening with any cgi, i set 755 correctly. I believe its an issue somewhere with my apache configuration not allowing cgi to execute. I had the same problem on my home server with rh9 way back when, never did get it fixed.

[Void Main]

You have to make sure you have ExecCGI turned on for that directory. By default it's only on for /var/www/cgi-bin. You probably need to add a Directory section in your httpd.conf for /var/www/cgi-php and add "Options ExecCGI". I actually turn it on for my entire /var/www/html directory structure because I like to create CGI scripts and run them from anywhere.

[Stryker]

+ExecCGI is set. If it wasn't, I don't see how I could get premature end of script headers. Just in case I went through and double checked, and placed it in a .htaccess just in case.

I temporarily gave apache a shell, and did su - apache, and tried to run the script and it ran error free. The same thing happened with other default installations of redhat I've had, I'll try google a little more and see if I can't find anything. It's probably more common than I think.

[Void Main]

I'm running about as default as you can get and it's working fine for me. Hmmm... I do just have "ExecCGI" and not "+ExecCGI" although I don't think that should matter. Here's my config:

http://voidmain.is-a-geek.net/files/configs/httpd.conf3

Maybe you could post yours somewhere I can get to it and I could look it over.

[Stryker]

I believe its a problem with suexec. I found this in my suexec log:

Code: Select all

[2005-04-01 17:38:18]: uid: (10003/jpearson) gid: (10001/10001) cmd: test.cgi
[2005-04-01 17:38:18]: target uid/gid (10003/10001 or $ld) mismatch with directory (2523/10003) or program (2523/10003)


[Stryker]

I fixed that by changing the group owner of the file to the correct group. I wish I could disable that though, as with the global /php-cgi/ directory won't work because the files aren't owned by the user, and I don't want hundreds of copies of the /php-cgi/ directory to fix the owner/group settings.

[Void Main]

I am curious and I hope you don't mind me asking but what do you intend to gain by having the cgi scripts run under the individual users? Again, just curious because knowing what the end goals are helps me out sometimes.

[Stryker]

PHP Code will execute as the individual user, instead of one shared user. This allows them to easily have a folder writeable by php (like, images/avatars in phpbb) without having to worry about other users also having access to that. They can make their config.php 700 so that other users can't simply make a php script to read the file and get their password. There's a few advantages to it, and I can't think of any disadvantages (and if there are, users will have the option of using the apache module instead by setting an option in their .htaccess file)


I believe this issue may be specific to plesk's suexec binary (yes, i'm using plesk... until i can afford cpanel).

[Void Main]

Ahh, very nice. I do remember reading about it briefly at one time (I believe on a security site, and if I recall correctly there was some sort of security issue) but I never set it up. Where are you getting your information for setting it up? I guess I can work on setting it up here and maybe if we're successful I/we could write up a document on how to do it as the current documentation apparently isn't enough.

[Stryker]

I'm using http://hico.fphil.uniba.sk/ht-phpcgiwrap.html as a base, and modifying it for my own needs. There definately needs to be more documentation on the subject.

the script they have on there doesn't appear to be working for me, I get "No input file specified." when running php scripts.

[Stryker]

got it working, however. i have 1 problem. I have to copy the php binary to the cgi-bin directory of every use because suexec won't let me execute it if its owned by another user/group.

I have manually added it to all the current users, and placed it in the skeleton.