Suexec issue

Hi,

hoping I can explain this well enough ...

Have several virtual servers and a set of PHP files/scripts that need to be accessed from each server.

These scripts live in a directory called e.g. /home/usera/public_html

Serverb runs as userb/groupb Serverc runs as userc/groupc

The apache directives sections for each of serverb and serverc are the same (except of course for name changes for directories ... and one diff explained next).

Serverb runs the common PHP scripts no problem and has SuexecUserGroup set to its user and group IDs. Serverc fails to run the PHP scripts with SuexecUserGroup set to its user and group IDs. It does run them with SuexecUserGroup commented out. The error in suexec log is

target uid/gid (516/511) mismatch with directory (506/503) or program (506/503)

where 506/503 are the IDs for Serverb and 516/511 are the IDs for serverc.

What is puzzling (at least for me) is that none of the common PHP files have user/group of 506/503 ... they all belong to usera/groupa ... yet they work fine for Serverb ... but fail as above for Serverc.

I don't know whether it's because fcgi runs them as long running processes and they 'owned' by the first site to run them? Or something else.

We would like to have all the virtual servers runs these scripts ... but do not want to comment out the suexec for each.

Info: OS: CentOS 5.4

Apache 2.2.2

Virtualmin Pro : 3.78

Webmin : 1.510

Thanks

Damien

Status: 
Active

Comments

Howdy -- yeah, it sounds like suexec things something is awry.

Who is the owner of the public_html directory for "Serverb" -- is it the same user/group who owns all the files in the directory?

The error there suggests that perhaps the public_html directory or maybe one of the files in it has a different numeric userid than what is specified in the Apache config for that domain.

Serverb ... has its user and group for the uid/gid on public_html and all files within, in its /home directory Serverc ... has its user and group for the uid/gid on public_html and all files within, in its /home directory Usera ... has its user and group for the uid/gid on public_html and all files within, in its /home directory

So the permissions are all as per the owner. I'm wondering whether it works for Serverb and not for Serverc because the uid for Serverb is 503 and the gid for Usera is 503 ... so they both happen to have a 503 in the ids ... whereas Serverc does not (uid=516 and gid=511). Would it be that slack?

Apache (owner of httpd process) is a member of the Serverb and Serverc groups ... so that doesn't seem to affect it. If I put Serverb and Serverc as members of the Usera group would that likely affect anything? Is there some common way of being able to share PHP files across virtual servers without copying them to each server?

Thanks

Damien

The UID/GID for ServerA and ServerB shouldn't matter... the only thing that should matter is that, whatever the suexec directive in Apache is set to for ServerC -- both the files and the directories in ServerC's public_html dir need to match the UID/GID specified in the suexec directive in the Apache config.

If you want, I can always take a look at your system and see if the exact nature of the problem stands out.