Welcome! Log In Create A New Profile

Advanced

php-fpm listen.mode and apache/mod_fastcgi/suexec

Posted by Matthias Leopold 
Matthias Leopold
php-fpm listen.mode and apache/mod_fastcgi/suexec
May 15, 2012 07:40AM
hi,

i'm trying to setup php-fpm (5.3.13) with apache 2.2 and mod_fastcgi for
shared hosting.

i want to be as "secure" as possible so i want to have the following in
php-fpm.conf (or included files):

listen = /srv/www/someusershome/php-fpm.sock
listen.owner = someuser
listen.group = somegroup
listen.mode = 0600

now "listen.mode = 0600" seems to be a problem. my apache/fastcgi conf
looks like this:

### server config ###

FastCgiWrapper /usr/lib/apache2/suexec

AddHandler php5-fcgi .php
Action php5-fcgi /fcgi-bin/php5.external
Alias /fcgi-bin/php5.external /php5.external

<Location "/fcgi-bin/php5.external">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</Location>

### virtual host ###

SuexecUserGroup someuser somegroup

FastCgiExternalServer /php5.external \
-socket /srv/www/someusershome/php-fpm.sock \
-user someuser -group somegroup

as i said, this only works with "listen.mode = 0666", not with
"listen.mode = 0600".

error_log says:
(13)Permission denied: FastCGI: failed to connect to server
"/php5.external": connect() failed, referer: http://www.somedomain.com

in google i can only find tutorials for nginx where "0600" seems to be
possible. i hope i can achieve this with apache/mod_fastcgi too.

thx for any advice
matthias
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 163
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready