1

I installed Apache2.4 + Php5.6 + mod_proxy_fcgi + php-fpm and other things like Mysql 5.5, Phpmyadmin and munin, no problem. Note: I activated also userdir and rewrite.

Now I want to have more security but SuExec doesn't work and no errors were found. If I put in /home/sitetest/public_html/test.php with:

<?php
echo exec('whoami');
?>

It says:

www-data

What can I do? Search on google don't help me.

/var/log/apache2/error.log

[Fri Dec 11 21:32:21.918933 2015] [mpm_prefork:notice] [pid 771] AH00169: caught SIGTERM, shutting down
[Fri Dec 11 21:32:28.064683 2015] [suexec:notice] [pid 12374] AH01232: suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Fri Dec 11 21:32:28.126362 2015] [mpm_prefork:notice] [pid 12375] AH00163: Apache/2.4.10 (Debian) configured -- resuming normal operations
[Fri Dec 11 21:32:28.128026 2015] [core:notice] [pid 12375] AH00094: Command line: '/usr/sbin/apache2'

/etc/apache2/apache2.conf

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Require all denied
</Directory>

<Directory /usr/share>
    AllowOverride None
    Require all granted
</Directory>

<Directory /home>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<Directory /var/cache/munin/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

/etc/apache2/sites-enabled/sitetest.net.conf

<VirtualHost *:80>
    <FilesMatch \.php$>
        SetHandler  "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost/"
    </FilesMatch>

    ServerName www.sitetest.net
    ServerAlias sitetest.net
    ServerAdmin webmaster@sitetest.net
    DocumentRoot /home/sitetest/public_html

    ErrorLog /home/sitetest/logs/error.log
    CustomLog /home/sitetest/logs/access.log combined

    SuexecUserGroup sitetest sitetest
</VirtualHost>

/etc/apache2/suexec/www-data

/home
public_html

/etc/apache2/mods-enabled/userdir.conf

<IfModule mod_userdir.c>
    UserDir public_html
    UserDir disabled root

    <Directory /home/*/public_html>
        AllowOverride FileInfo AuthConfig Limit Indexes
        Options ExecCGI SymLinksIfOwnerMatch 
        <Limit GET POST OPTIONS>
            Require all granted
        </Limit>
        <LimitExcept GET POST OPTIONS>
            Require all denied
        </LimitExcept>
    </Directory>
</IfModule>
Rey
  • 11
  • 3
  • What could you do? In addition to read the official documentation, you could starting reading (carefully) this other SF answer http://serverfault.com/questions/549965/setting-up-apache-2-2-fastcgi-suexec-php-fpm-on-centos-6 ;-) – Damiano Verzulli Dec 12 '15 at 19:54
  • @DamianoVerzulli yes of course, already done http://httpd.apache.org/docs/2.4/suexec.html but no luck, unfortunately this docs or other search don't help me. – Rey Dec 12 '15 at 20:39

0 Answers0