On some sites, I have enabled the PHP script execution mode to use FCGId (run as virtual server owner).
- Apache is properly configured (according to this message): suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
- The Virtualmin Configuration has Automatically add appropriate SuExec directive set to Yes.
- When running the Checking Configuration option, everything is OK.
When I run
<?php system('whoami'); ?>
In a test file, it still shows ww-data.
This is Ubuntu 10.04 with Virtualmin GPL.
There was an issue with Ubuntu (that more recent installers handle) where if mod_php is enabled in Apache, it overrides CGI/FCGID.
If you look in /etc/apache2/mods-enabled/php5.conf – do you see any “SetHandler” lines in there? If so, comment them out, and restart Apache – that should do the trick for you!
Thank you, their are indeed some SetHandler lines in the conf file. If I remove those lines, what would the effect be on the existing websites that make use of mod_php? Will I need to go into each one (currently 100+) and manually add in those lines?
Nope, it should continue to work for the other websites.
My recommendation would be to comment out those two lines, restart Apache, then test your other mod_php sites, just to make sure that works as expected. But it should work as needed.