tags:

views:

360

answers:

2
+1  Q: 

php-cgi runs as root

I run php 5.2.6 as a cgi under lighttpd 1.4 and for some reason it's always running as root. All php-cgi processes in are owned by root and all files written to the file system are owned by root.

I've tried setting the user in lighttpd as non privileged, and confirmed, it's running right it's just php that runs as root.

How would I set php-cgi to run as a safer user?

A: 

It is possible that you have a fastcgi process that was started on the server as root. If this is the case, then the fastcgi process will continue to run php processes called from lighttpd.

I suggest killing the fastcgi processes on your server and restarting lighttpd.

You might also want to take a look at any startup scripts that might launch the fastcgi daemon.

Devon  2008-10-06 04:47:18
So are you saying that if there are no fastcgi processes running the first started sets the user all others run as? Interesting...
Eric Lamb  2008-10-06 04:55:05
Yes. FastCGI forks a process and the forked process runs as the same user as the master process.
Devon  2008-10-06 20:13:52
+2  A: 

  1. Ensure :

    server.username            = "nonprivuser"
server.groupname           = "nonprivgroup"

  2. stop lighttpd.

  3. check for existing php processes and kill them.
  4. start lighttpd
  5. check php processes are running as non priv

if php is still running as root, then you possibly have a SETUID script somewhere loading them ( you really shouldn't, but its feasible )

if this is the case, check the file 'bin-path' refers to doesn't have anything funky on it.

Kent Fredric  2008-10-06 07:50:22

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases