A file created inside a php script is assigned to www-data user and group, instead of domain owner

SYSTEM INFORMATION:
OS type and version: Ubuntu Linux 20.04.4
Webmin version: 1.991
Virtualmin version: 7.0-4

When executing a file_put_contents inside a php script to save a test file, it is always created with user and group assigned to www-data instead of the domain’s owner

The PHP script execution mode is FCGId

I’ve commented out the SetHandler lines in the php .conf files relative to cgi configuration (is it necessary to do the same in the fpm ones?):

grep SetHandler etc/apache2/conf-available/php*.*

etc/apache2/conf-available/php7.4-cgi.conf:#    SetHandler application/x-httpd-php
etc/apache2/conf-available/php7.4-cgi.conf:#    SetHandler application/x-httpd-php-source
etc/apache2/conf-available/php7.4-fpm.conf:        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
etc/apache2/conf-available/php7.4-fpm.conf:#            SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
etc/apache2/conf-available/php8.0-cgi.conf:#    SetHandler application/x-httpd-php
etc/apache2/conf-available/php8.0-cgi.conf:#    SetHandler application/x-httpd-php-source
etc/apache2/conf-available/php8.0-fpm.conf:        SetHandler "proxy:unix:/run/php/php8.0-fpm.sock|fcgi://localhost"
etc/apache2/conf-available/php8.0-fpm.conf:#            SetHandler "proxy:unix:/run/php/php8.0-fpm.sock|fcgi://localhost"
etc/apache2/conf-available/php8.1-cgi.conf:#    SetHandler application/x-httpd-php
etc/apache2/conf-available/php8.1-cgi.conf:#    SetHandler application/x-httpd-php-source
etc/apache2/conf-available/php8.1-fpm.conf:        SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost"
etc/apache2/conf-available/php8.1-fpm.conf:#            SetHandler "proxy:unix:/run/php/php8.1-fpm.sock|fcgi://localhost"

This is my virtual server configuration (i’ve removed my actual IP and replaced my domain with fakedomain.com). The #1002 parameter of SuexecUserGroup is the correct ID of the user and group of the domain’s owner:

cat /etc/apache2/sites-available/fakedomain.com.conf

<VirtualHost [my actual ip]:80>
    SuexecUserGroup "#1002" "#1002"
    ServerName fakedomain.com
    ServerAlias www.fakedomain.com
    ServerAlias mail.fakedomain.com
    ServerAlias webmail.fakedomain.com
    ServerAlias admin.fakedomain.com
    DocumentRoot /home/fakedomain/public_html/public
    ErrorLog /var/log/virtualmin/fakedomain.com_error_log
    CustomLog /var/log/virtualmin/fakedomain.com_access_log combined
    ScriptAlias /cgi-bin/ /home/fakedomain/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/fakedomain/public_html/public>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
        allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        Require all granted
        AddType application/x-httpd-php .php
        AddHandler fcgid-script .php
        AddHandler fcgid-script .php7.4
        AddHandler fcgid-script .php8.0
        AddHandler fcgid-script .php8.1
        FCGIWrapper /home/fakedomain/fcgi-bin/php8.0.fcgi .php
        FCGIWrapper /home/fakedomain/fcgi-bin/php7.4.fcgi .php7.4
        FCGIWrapper /home/fakedomain/fcgi-bin/php8.0.fcgi .php8.0
        FCGIWrapper /home/fakedomain/fcgi-bin/php8.1.fcgi .php8.1
    </Directory>
    <Directory /home/fakedomain/cgi-bin>
        allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        Require all granted
    </Directory>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} =webmail.fakedomain.com
    RewriteRule ^(?!/.well-known)(.*) https://fakedomain.com:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.fakedomain.com
    RewriteRule ^(?!/.well-known)(.*) https://fakedomain.com:10000/ [R]
    RemoveHandler .php
    RemoveHandler .php7.4
    RemoveHandler .php8.0
    RemoveHandler .php8.1
    RedirectMatch 301 ^/(?!.well-known)(.*)$ https://fakedomain.com/$1
    IPCCommTimeout 41
    FcgidMaxRequestLen 1073741824
</VirtualHost>
<VirtualHost [my actual ip]:443>
    SuexecUserGroup "#1002" "#1002"
    ServerName fakedomain.com
    ServerAlias www.fakedomain.com
    ServerAlias mail.fakedomain.com
    ServerAlias webmail.fakedomain.com
    ServerAlias admin.fakedomain.com
    DocumentRoot /home/fakedomain/public_html/public
    #LogLevel alert rewrite:trace6
    ErrorLog /var/log/virtualmin/fakedomain.com_error_log
    CustomLog /var/log/virtualmin/fakedomain.com_access_log combined
    ScriptAlias /cgi-bin/ /home/fakedomain/cgi-bin/
    DirectoryIndex index.php index.php4 index.php5 index.htm index.html
    <Directory /home/fakedomain/public_html/public>
        Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
        allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        Require all granted
        AddType application/x-httpd-php .php
        AddHandler fcgid-script .php
        AddHandler fcgid-script .php7.4
        AddHandler fcgid-script .php8.0
        AddHandler fcgid-script .php8.1
        FCGIWrapper /home/fakedomain/fcgi-bin/php8.0.fcgi .php
        FCGIWrapper /home/fakedomain/fcgi-bin/php7.4.fcgi .php7.4
        FCGIWrapper /home/fakedomain/fcgi-bin/php8.0.fcgi .php8.0
        FCGIWrapper /home/fakedomain/fcgi-bin/php8.1.fcgi .php8.1
    </Directory>
    <Directory /home/fakedomain/cgi-bin>
        allow from all
        AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
        Require all granted
    </Directory>
    RewriteEngine on
    RewriteCond %{HTTP_HOST} ^www\.
    RewriteRule ^/(.*) https://fakedomain.com/$1 [R=301,L]
    RewriteCond %{HTTP_HOST} =webmail.fakedomain.com
    RewriteRule ^(?!/.well-known)(.*) https://fakedomain.com:20000/ [R]
    RewriteCond %{HTTP_HOST} =admin.fakedomain.com
    RewriteRule ^(?!/.well-known)(.*) https://fakedomain.com:10000/ [R]
    # Any other non canonical domain? -> Redirect to canonical
    #RewriteCond %{HTTP_HOST} !=fakedomain.com
    #RewriteRule ^/?(.*) https://fakedomain.com/$1 [R=301,L]
    RemoveHandler .php
    RemoveHandler .php7.4
    RemoveHandler .php8.0
    RemoveHandler .php8.1
    SSLEngine on
    SSLCertificateFile /home/fakedomain/ssl.cert
    SSLCertificateKeyFile /home/fakedomain/ssl.key
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCACertificateFile /home/fakedomain/ssl.ca
    IPCCommTimeout 41
    FcgidMaxRequestLen 1073741824
</VirtualHost>

Any help will be appreciated, thanks

If a file created by a PHP script is owned by www-data, this means that the PHP execution mode is not actually running in FPM mode. Something must instead by switching to mod_php

You installed/enabled mod_php. You should not have done that.

Any clue with this? How can i check if the execution mode is actually mod_php?

Maybe some line in the above virtual host configuration is forcing the execution mode to mod_php?

FYI, if i run php_sapi_name from a script it returns fpm-fcgi

Thanks

That seems to indicate it’s running under FPM. But, being owned by www-data indicates with almost complete certainty it ran under mod_php at some point. If you’ve switched, you would need to reset permissions and ownership of the app files and data to be owned by the domain owner user.

Well, it seems that if i change the PHP execution mode from FCGId to FPM, it works!

I still don’t know what in my virtual host configuration forces FCGId mode to behave like mod_php. Maybe the AddType, AddHandler or FCGIWrapper lines? Any help with that will be appreciated, just for curiosity.

Thanks

Did you installed the multiple php versions this way?
Multiple PHP Versions – Virtualmin

If yes i did myself right after that installation the “switch” to php-fpm there , but on alma 8x and older vmin version 6x.

Switching likely added the necessary bits to disable mod_php.

Here’s what almost certainly happened:

1. You installed the app, and it got setup for fcgi.
2. You then installed mod_php (probably while trying to install additional php versions, but didn’t follow our docs for doing this and installed the php package, which pulls in mod_php).
3. Now every execution mode except mod_php has been broken (installing mod_php adds its own handlers that take over).
4. When you switched Virtualmin saw that mod_php was going to hijack the requests, and so it added some additional directives to disable mod_php for this domain.

The root cause of your problem was installing mod_php. Never do that.

I’d recommend you remove it (it is a security risk and is a big resource user even when you aren’t using it for any apps because it is loaded into the Apache processes), but now you’ll have a bunch of php_ directives in all of your domains that’ll need to be cleaned up when you get rid of mod_php. Next release of Virtualmin (probably 7.0-9) will have some code to clean up the mod_php mess a little better. 7.0 added a “disable mod_php” button, but it didn’t clean up properly, so we’re working on a new release that includes that.

But, my advice is always never install mod_php. It can do nothing but break stuff.

If you go to Webmin / Servers ⇾ Apache Webserver: Edit Config Files page and manually search throughout available config files (like in the screenshot below), are there any config files found with php keyword? If so, what is the content of those files?

image2222×1448 479 KB

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.