Search:  
Gentoo Wiki

Apache_Modules_mod_fcgid_plus_mod_suexec

Apache2 Series


Main


Modules


Addons & Tunnels


Tips


Configuring


Other

edit

Introduction

mod_fcgid is a fairly new apache module designed to surpass its quasi-predecessor, mod_fastcgi, in all ways possible. It is designed to maintain binary compatibility to the former, though. As the name already suggests, mod_fastcgi allows for the execution of CGI-scripts whose interpreters expose FastCGI-capabilities, e. g. PHP.

mod_suexec is an Apache module providing the webserver with the ability to change its effective UID and GID while executing dynamic code to generate webpages. In a shared hosting environment, it's possible to have a number of users to be hosted on one instance of Apache (running as a user dedicated to the webserver alone), whilst scripts are run as the actual owner of the script. This greatly simplifies permission management on such setups, and adds to general security of such an installation (as User A cannot interfere with User B's data via the webserver).

Installation

mod_suexec

Warning: Not yet finished ;)

mod_fcgid

At the time of writing of this article, mod_fcgid is yet considered somewhat experimental software, and (at least in Version 2.1) not to be found in the stable branch of Portage. So before we start off adding mod_fcgid to our already present Apache2-environment, we need to add proper keywords for its ebuild. Therefore, we need to execute the follwing command to add a line enforcing this to /etc/portage/package.keywords:

 echo 'www-apache/mod_fcgid ~x86' >> /etc/portage/package.keywords
Note: Please make sure to substitute "x86" in above to match your given architecture.

Now, the package may actually be installed by issuing:

 emerge www-apache/mod_fcgid

Configuration

After a successful merge, we're supposed to modify our initscript's configuration to actually request Apache to be loaded with mod_fastcgid enabled. To accomplish this, we need to modify /etc/conf.d/apache2 to contain " -D FCGID" in the APACHE2_OPTS-variable. The result might look something like this:

File: /etc/conf.d/apache2
...
APACHE2_OPTS="-D PHP4 -D SSL -D DOC -D FCGID"
...

This triggers configuration macros initiated by <IfDefine FCGID>, which are used in /etc/apache2/modules.d/20_mod_fcgid.conf, which in turn ships with the fcgid-ebuild. On my exemplary setup, it looks like this:

File: /etc/apache2/modules.d/20_mod_fcgid.conf
<IfDefine FCGID>
        SharememPath /var/run/fcgid_shm
        IPCCommTimeout 45
        DefaultMaxClassProcessCount 3
        IdleTimeout 3600
        SocketPath /tmp
        <IfModule !mod_fcgid.c>
                LoadModule fcgid_module modules/mod_fcgid.so
        </IfModule>
        <IfModule mod_fcgid.c>
                AddHandler fcgid-script .fcg
        </IfModule>
        <Location /fcgid>
                SetHandler fcgid-script
                Options ExecCGI
                allow from all
        </Location>
</IfDefine>
Retrieved from "http://www.gentoo-wiki.info/Apache_Modules_mod_fcgid_plus_mod_suexec"

Last modified: Tue, 22 Jul 2008 10:35:00 +0000 Hits: 5,642