Configure suexec for Apache2 on Ubuntu 14.04
The suexec mechanism allows you to execute CGI scripts on behalf of different system users. In this article, I’ll walk through an example of setting up suexec based on Linux Ubuntu 14.04.
It is very convenient to use suexec if you have multiple websites on the single server and you use sftp isolation to access the files.
With suexec you’ll never see the problems with the file owner/permissions mismatch
Install the required software:
apt-get install php5-cgi libapache2-mod-fcgid apache2-suexec apache2-suexec-custom -y
Enable apache2 modules
a2enmod fcgid
a2enmod suexec
Now we need to identify php files as cgi scripts to be executed by the fcgid module
There are multiple options to enable this
- Updarte global
fcgid.conf - Update configuration files of every website
The second option:
nano /etc/apache2/sites-enabled/**sitename.conf**
Update the website configuration with the following:
<IfModule mod_mime.c>
AddHandler fcgid-script .php
FCGIWrapper /usr/bin/php5-cgi .php
</IfModule>
Next we need to specify the name of the user and group that should be used by suexec to work with the website files (additionally I use separate php.ini for every website on this server):
<IfModule mod_suexec.c>
FcgidInitialEnv PP_CUSTOM_PHP_INI /etc/php_conf.d/websitename_php.ini
SuexecUserGroup "<strong>systemuser</strong>" "<strong>systemgroup</strong>"
</IfModule>
The remaining configuration is unchanged.
Restart apache daemon to apply the changes
service apache2 restart
Allow listing for the website folder:
chmod +x /var/www/**sitename.conf**
Add executable permission to all php files in the website folder:
find /var/www/**sitename.conf** -type f -name `*.php` -exec chmod +x {} \;