1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

PHP as FastCGI only

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by Martin Svoboda, Jun 1, 2009.

  1. Martin Svoboda

    Martin Svoboda Guest

    0
     
    Hi

    I want to set PHP run as fastCGI modul only on my hosting server.
    Users have permisions: Domain creation, Physical hosting management, limits ... so they can edit theirs domain setup and choose unwanted option (e.g. PHP as apache module).

    Is there any way how to disable "PHP as apache module", "CGI" and allow only "PHP as FastCGI" for users?

    Thanks Martin
     
  2. Michael neese

    Michael neese Guest

    0
     
    Can't you run with one domain fcgi and another as apache? Does it make any difference, if so in what way does different domains with different configurations affect things?

    Could you make a template?
     
  3. Martin Svoboda

    Martin Svoboda Guest

    0
     
    I want to run fastcgi only. One of the reasons is that php as apache module runs with webserver UID. When php runs as fastcgi, it runs with domain owners UID.

    When I make a domain template, user still can change it.
     
  4. Michael neese

    Michael neese Guest

    0
     
    yeah i get you, so you have fewer issues with permissions across the board, and i understand that security is enhanced because of that very thing -- scripts run as domain users and not across the board. Thanks for clarifying the dilemma for me.

    I heard about a user on one server who had some serious script contamination, but the other web sites were not affected because they were running as cgi (not fcgi) and they were running suPhp, not suExec.

    Now, as the administrater of that server explained, suPhp and cgi is more stable for shared hosting, whereas suExec and fcgi can be trouble. I don't know if this is true or that's his defense on his setup.

    So, I'm with you on this, how do we set up the whole server to run fcgi with no options for the other way?

    Maybe it will have to be something that is enforced by the administrater.
     
  5. freaky@

    freaky@ Regular Pleskian

    26
     
    Joined:
    May 2, 2006
    Messages:
    104
    Likes Received:
    0
    Any plesk people looking at this? This is a SERIOUS issue.

    If you need proof here it is:

    We have about 30 users running joomla. You know, the popular, buggy and exploitable as hell, CMS. These things get hacked about daily. The kiddies leave things like r57 shell and happily browse all other customers files as well. And as these frequently need write permissions for world in order to get a lot done they can attack those files too. Not to mention reading their sql passwords etc.
     
  6. Joshua Sortino

    Joshua Sortino Guest

    0
     
    Parallels, please!

    Yes, someone from Parallels *please* reply to this thread. This is an issue that has been creating havoc on our server. We're running 50+ websites using CMS systems such as Drupal and Joomla. All sorts of permissions issues and security flaws are created by running PHP as the Apache user.
     
  7. freaky@

    freaky@ Regular Pleskian

    26
     
    Joined:
    May 2, 2006
    Messages:
    104
    Likes Received:
    0
    Yea and this is still assuming friendly users. Nothing is stopping them from uploading things like php shells themselves.
     
  8. MartinE

    MartinE Guest

    0
     
    Hello,

    i become follow Error Message when i to use PHP as FastCGI

    Syntax error on line 154 of /var/www/vhosts/ph0enyx.de/conf/httpd.include:
    can't get fastcgi file info: dynamic, errno: 2

    thats is the block out from httpd.include

    152 <Files ~ (\.php)>
    153 SetHandler fcgid-script
    154 FCGIWrapper dynamic .php
    155 Options +ExecCGI
    156 allow from all
    157 </Files>

    Who can me help and me Say what i make to wrong

    System.

    CentOS php5.1.6 apache 2.2 Plesk 9.2.1

    thx Martin

    Excuse my English i not good at this
     
  9. Loup Artic

    Loup Artic Basic Pleskian

    24
    90%
    Joined:
    Jul 15, 2007
    Messages:
    30
    Likes Received:
    0
    For info :

     
  10. Maciej Wojcikowski

    Maciej Wojcikowski Guest

    0
     
    I know what you feel. You can make some cron script that changes every setting to fcgid and regenrates apache config. But as I expirienced mod_fcgid has bugs and makes apache fail to reload config after sth is changed via Plesk, which leads to apache failure and general Fu*k up... So think it trough before you decide to do so.

    Other thing is that the gratest thing with fastcgi/fcgid would be to use apache2-mpm-worker... Can't do that due to psa depends on prefork...
     
  11. ElviCities

    ElviCities Guest

    0
     
    related - Have searched and couldn't find anything..

    Where can I increase the max users for fastcgi (the plesk fast-cgi module)? Right now I get alot of:

    type notices.

    Using plesk 9.2.1 on RHEL4

    Would it be: /etc/httpd/conf.d/fcgid.conf ??

    Any help would be appreciated :)
     
  12. Michael neese

    Michael neese Guest

    0
     
  13. paulieG

    paulieG Regular Pleskian

    25
     
    Joined:
    Mar 5, 2009
    Messages:
    164
    Likes Received:
    0
    Location:
    Lancaster
    Elvicities,

    Yes you would need to edit /etc/httpd/conf.d/fcgid.conf file changing : DefaultMaxClassProcessCount 8

    You'd then need to run :

    apachectl configtest (Hopefully you'll get "Syntax OK")

    then :

    /usr/local/psa/admin/bin/websrvmng -a -v (To push through the config change, this also gracefully restarts Apache)
     
  14. Michael neese

    Michael neese Guest

    0
     
    thanks paul for your precision...

    I have looked at my fcgid.cong and i have some confusion regarding the numbers shown:


    # added by psa-mod-fcgid-configurator
    <IfModule mod_fcgid.c>
    IdleTimeout 3600
    ProcessLifeTime 7200
    MaxProcessCount 64
    DefaultMaxClassProcessCount 8
    IPCConnectTimeout 30
    IPCCommTimeout 45
    DefaultInitEnv RAILS_ENV production
    </IfModule>


    In this case should i change the default, or does the "MaxProcessCount 64" override the "DefaultMaxClassProcessCount 8"?
     
    Last edited by a moderator: Jul 10, 2009
  15. paulieG

    paulieG Regular Pleskian

    25
     
    Joined:
    Mar 5, 2009
    Messages:
    164
    Likes Received:
    0
    Location:
    Lancaster
    Hi Michael,

    From the fcgi docs :

    Its up to you whether you want to increase the MaxProcessCount in line with your increase to the DefaultMaxClassProcessCount, if you do remember to increase it by multiples (ie default allows 8 vhosts each to have 8 processes giving a total of 64). In the quote above the figures in brackets are defaults by the way.

    This may also prove useful (I've only been using Plesk 9.2.1 for 24 hours so I can't say whether this is an issue) :

    I'm still struggling to ascertain whether these mod_fcgid processes are included in the Apache prefork settings, ie there's no point in having a MaxProcessCount that exceeds your MaxClients?

    In regard to the original issue, its not a trivial thing, but you could disable the two other options through not loading them into Apache, that would enforce your customers used FastCGI, but I can't guarantee it wouldn't eventually (or quickly) break Apache.

    An simpler alternative would be using Event Manager to place a custom vhost.conf onto their domain to override their PHP settings and force it to FastCGI.

    Paul.
     
  16. EduardH

    EduardH Basic Pleskian

    21
     
    Joined:
    Feb 13, 2010
    Messages:
    65
    Likes Received:
    0
    mpm-itk and mod_ruid2 vs. fcgi

    Hello,

    It's easier and less expensive to use mpm-itk or mod_ruid2 comparing with suPHP or FastCGI.
    Run PHP as User

    This add-on for Parallels Plesk Panel allows to run PHP scripts as domain FTP user. It only works in conjunction with mpm-itk or mod_ruid2 modules. In this case standard PHP module runs scripts. This is the fastest method unlike suPHP and FastCGI commonly used for the same purpose.

    See http://forum.parallels.com/showthread.php?t=106297 for details.
     
Loading...