Because PHP is embedded within HTML, PHP web scripts cannot use a
shebang, so it is a necessity that the php-cgi binary (/usr/bin/php-cgi
in our environment) be executed with the script as an argument, rather
than the script being executed directly (or at least this is my
understanding, and I have not found any information on the internet to
the contrary). This creates a problem with the requirement that all
files executed by suexec be in the userdir, because obviously the
php-cgi binary is not. This situation is unique to PHP, I think, because
of the embedding in to HTML. That said, PHP is incredibly common and I
can't believe that a good solution hasn't been created for this. At this
point I'm thinking the best solution is suphp and suexec alongside each
other, because suexec seems to have been poorly designed for handling
scripts that must be explicitly run with an interpreter (which, in its
defence, is only PHP that I'm aware of).
Please let me know if I'm wrong on any of these points.
On 10/26/2011 12:22 AM, Steve Swift wrote:
I don't understand how suexec is "calling" php-cgi, and how such php
scripts work.
I use SUEXEC on a couple of very different systems. My scripts (as is
required) run from a directory below my DocumentRoot. In turn, they
use the shebang method to invoke the programming language:
#!/usr/bin/rexx --
As far as I'm aware, this executable can be anywhere; the restriction
is on where the SCRIPT is housed, not where it's processing executable
lives.
Once my script starts executing under suexec, it can run more or less
any executable/binary that my own userid has access to; at least, I've
never run into any problems.
On 25 October 2011 22:07, Jesse B. Crawford <jean...@nmt.edu
<mailto:jean...@nmt.edu>> wrote:
>From the
documentation I have read (and it is quite possible I'm missing
something), suexec can only call binaries within the userdir, not
somewhere on the rest of the system. This makes PHP difficult since
php-cgi must be called.
--
Steve Swift
http://www.swiftys.org.uk
--
Jesse B. Crawford (jeanluc)
Systems Programmer
Tech Computer Center
New Mexico Inst. of Mining& Tech.
jean...@nmt.edu // http://nmt.edu/~jeanluc