I set up a virtual host that uses mod_suexec
to run PHP scripts as a different user than www-data
.
<VirtualHost *:80>
ServerName my.server.com
DocumentRoot /srv/my-site
SuexecUserGroup webconfig webconfig
</VirtualHost>
However, when I create a directory or a file (mkdir
, file_put_contents
), those files/dirs have www-data
as an owner. I also can not read files that are only readable by webconfig
.
I also noticed this strange behaviour: This php file:
echo get_current_user()."\n";
echo `whoami`."\n";
echo exec('whoami')."\n";
produces the following output:
webconfig
www-data
www-data
mod_php5
is actually incompatible with mod_suexec
. As described in this article, you have to use mod_suphp
and php-cgi
instead. The downside is that this decreases performance.
A simple solution that works for Ubuntu is
apt-get install -y suphp-common, libapache2-mod-suphp
a2dismod php5
a2enmod suphp
The linked article describes how to use mod_php5
for some vhosts and mod_suphp
for others.