westhost-neil

Well-Known Member
Jun 3, 2005
48
0
156
UK
I'm developing some PHP software that will use a master account to hold a master set of scripts. I will then create indivdual slave accounts that will need access to these scripts.

I've disabled open_basedir for these users and setup a symlink to the folder on the master account, trouble is, when accessing the folder I get a 500 Internal Server Error.

I'm almost certain that this is a phpSuExec problem as the slaves can view HTML documents in the master account but fail when trying to run any php script.

In the suexec log I see error: target uid/gid (32079/32081) mismatch with directory (32076/32078) or program (0/0) or trusted user (0/10) which says it all.

So to get this working I hope all I need is to exclude the slave accounts from suexec rules.

Any advice would be greatly apprecited.

Neil Westlake
 

rsaylor

Well-Known Member
Mar 27, 2003
160
1
168
Hi, the only way to do this is to have 2 copies of apache running on different ports and have two builds of php. What makes it suexec is how php is compiled as a cgi vs a module.
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
You already have the effect of a master account in that scripts can be included from /usr/local/lib/php without a path. This inclusion trick should be enough to get you going. That is, a line like this would pull in antispam.php from /usr/local/lib/php if it existed there:
PHP:
include 'antispam.php';
You'll want to check phpinfo() output to make sure that /usr/local/lib/php is included in the preset include path; it is in there by default.

If that isn't enough, research a little more; I'm pretty confident there's a way to do it.
 

westhost-neil

Well-Known Member
Jun 3, 2005
48
0
156
UK
Thanks for the replys.

The include php lib idea is a good which I already use for another project but is not going to be viable for this problem. I don't want to include files I need to have a single batch of scripts that are run by multiple users from a single location.

Basically each user has there own database and configuration files but all of the required scripts are run from the master location. Currently symlinking on my development server works perfect but is a problem on the live server because of phpSuExec.

It's looking like I'll have to get a dedicated server to run this app. :(
 

westhost-neil

Well-Known Member
Jun 3, 2005
48
0
156
UK
Thanks for the reply,

You misunderstood me, we are the host :) When I referred to getting a dedicated server I meant for this application.

I've been searching the net and I still can't find anything to point me in the right direction. This is a live server so I can't just go making big changes.

Thanks anyway.
 

sparek-3

Well-Known Member
Aug 10, 2002
1,983
218
343
cPanel Access Level
Root Administrator
You could set the accounts up as addon domains. Have one parent account, and then several addon domains that act as children to the parent account.

This may not be what you are wanting, but its just a thought. With addon domains, each domain woudl be owned by the parent account. I guess the downside to this is that all of the children would also have access to the other children accounts as well.

Just a thought.
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
I'm almost certain I've seen a way to modify suexec's behaviour. By the way, I'm fairly sure this is an suexec problem rather than a phpsuexec problem, if you check in the audit log you get the details you are quoting.