php running as "nobody" giving me problems

[fuzzymonkey]

There are 2 problems that I'm experiencing that I think are derived from the fact that php scripts run as the user "nobody" on my server.

1. Mail sent from php scripts does not count toward the user's bandwidth usage or show up in the mail statistics.
2. Files uploaded from php scripts are owned by "nobody," so they aren't counted in the user's quota. Today I found a user with 4 Gigs on his 100 meg account because of this.

Right now I have the php mail function disabled to get around #2. How can I configure php such that users can still send email without getting around their bandwidth limitations and also so that I can keep an eye out for possible spammers? I'd love to get php scripts to run as the system user in question. It seems this would solve all my problems.

 

[AndyReed]

I'd love to get php scripts to run as the system user in question. It seems this would solve all my problems.

You need to recompile Apache with Phpsuexec.

 

[electric]

You need to recompile Apache with Phpsuexec.

... and then welcome to the world of a whole set of new/different problems.

 

[chirpy]

Indeed, but it does get rid of the worst of the poor php implementation in apache and makes things more secure and, importantly, traceable.

 

[fuzzymonkey]

Sounds fantastic! What problems does this bring about though?

Also, I'm reading something about a patch to suexec that is needed to support php? what is this and where do I get it? Is there a how-to somewhere?

 

[fuzzymonkey]

just an update - I used easyapache to get it working. Thanks!

 

[verdon]

Sounds fantastic! What problems does this bring about though?

Also, I'm reading something about a patch to suexec that is needed to support php? what is this and where do I get it? Is there a how-to somewhere?

AFAIK, just the ownership and perms of user's scripts gets a bit more important, and any images/files uploaded via php script while running as nobody, will have to be chowned to the actual user now, so that they can be deleted/edited by scripts now running as user and not nobody...

I'd love to hear from someone with more knowledge than me on this though, as it's a move I've been a little afraid to take, until I have the free time to sort out any problems switching to Phpsuexec might rasie.

 

[AlaskanWolf]

once you install phpsuexec, there are still customers scripts trying to send out emails as nobody, how can you fix this

 

[chirpy]

Make sure that there are no php scripts with the nobody:nobody file ownership.

 

[beetleman]

Funny, cause the files aren't owned by nobody, they are owned by the the system.

The system is considered somebody in this instance and the system can manipulate the files and directories that it owns.

Just thought I'd throw my 2 cents in.

beetleman

 

[chirpy]

I'm not sure I understand your post.nobody is a real unix user and the one under which apache runs. In unix context there's no such thing as "being owned by the system", files are owned by unix accounts that appear (usually) in /etc/passwd, one of which is the account and group called nobody.

 

[SubZero]

Hi,

I need to use one site with mod_php and the rest (others) with phpsuexec. How do I make this configuration to work? Any details?

I have one site that spikes the hosts load to 40~50's with PHPSuExec but the rest of them are just simple stuff. Any deas?

 

[neo4242002]

If I enable PHPSuExec in my server will I require to change all my php files by adding #!/usr/local/bin/php or something similar.. just cant remember who told me that

 

[chirpy]

I need to use one site with mod_php and the rest (others) with phpsuexec. How do I make this configuration to work? Any details?

AFAIK, you cannot do that, it's either one or the other, though I could well be wrong.

If I enable PHPSuExec in my server will I require to change all my php files by adding #!/usr/local/bin/php or something similar

No.

 

[neo4242002]

php as CGI

What about “php as CGI” is it a different story? How do find whether my php build as a CGI or Apache module

 

[chirpy]

PHP as CGI is what phpsuexec is.

 

[neo4242002]

I see...

just need your attention on http://evolt.org/article/Incoming_Mail_and_PHP/18/27914/index.html

as per that I need to use #!/usr/bin/php with PHP CGI. Hummm …Phpsuexec as you explain.

But according to you I do not need to use #!/usr/bin/php with my php file when Phpsuexec enable

Who is right?

 

[networxhosting]

I beleive what the phpsuexec wrapper actually does is prepend #!/usr/bin/php automagically to each request, so no modification is required

 

[AndyReed]

as per that I need to use #!/usr/bin/php with PHP CGI. Hummm …Phpsuexec as you explain.

But according to you I do not need to use #!/usr/bin/php with my php file when Phpsuexec enable

When Phpsuexec enabled, you don't need to modify your Php scripts, not even using #!/usr/bin/php syntax. You also need to know that you can't change the permission on any of your scripts and/or directories to 777.

 

[chirpy]

Indeed. That page is talking about php shell scripts, which is when you should put the shebang line in to the interpreter.