Hello Group,
the problem using ITK+mod_fcgid is the fcgid socket. the socket is
owned by wwwuser (wwwrun / www-data) of apache.
ITK set vhost to user1, so fcgid says:
Permission denied: mod_fcgid: can't lock process table in pid
socket dir:
srwx------ 1 wwwrun wwwrun 0 21. Feb 14:11 11585.0
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:12 2666.0
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:12 2666.1
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:17 3083.0
srwx------ 1 wwwrun wwwrun 0 21. Feb 13:25 3938.0
The way using fcgi is, we have different php-versions and per user
php.ini
The way we use ITK is, we want to safe homedirs of all user not have
to be readable by wwwrun (f.e. remember symlink problem)
So we think, we must patch mod_fcgid (source
http://httpd.apache.org/mod_fcgid/)
May like modwsgi:
http://code.google.com/p/modwsgi/issues/detail?id=187
if (!geteuid()) {
+#if defined(MPM_ITK)
+ if (chown(process->socket, process->uid, -1) < 0) {
+#else
if (chown(process->socket, ap_unixd_config.user_id, -1) < 0) {
+#endif
ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno),
wsgi_server,
"mod_wsgi (pid=%d): Couldn't change owner of
unix "
"domain socket '%s'.", getpid(),
Thus, set UNIX listener socket to be owned by the same user as daemon
process runs as.
Any ideas how to PATCH mod_fcgid ?
mpm-itk with mod_fcgid would be more than great :)
OR: Any way to user mpm-itk and different php-versions / per user
php.ini ?
Thanks
Martin
