Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Running on shared LAMP server - how to run 'php' as 'CGI'?

0 views
Skip to first unread message

David WE Roberts

unread,
Nov 3, 2009, 10:58:30 AM11/3/09
to
Hi,

I have got as far as:
http://docs.joomla.org/Should_PHP_run_as_a_CGI_script_or_as_an_Apache_module%3F
with a Joomla install on a shared LAMP server.

Research to date suggests that the choice of running PHP as Apache or as CGI
is made in the 'httpd.conf' file.
However I cannot find an 'httpd.conf' file in my web root on the server.

I think I understand that there is a top level 'httpd.conf' file for the
whole server and that Apache uses the URL to decide which web site to pass a
request on to, but is it possible to devolve some of the responsibility to
individual web sites on the shared server so that the choice of Apache/CGI
is made on a web site by site basis?

Alternatively, is it possible to configure this choice in the top level file
on a site by site basis (which presumably will require action by the server
support team)?

This appears to be an issue especially with Joomla! 1.5.14 upgrades but I
guess applies to any web site which runs a CMS and therefore needs to
rewrite configuration files etc.

I am asking on the Apache NG because this seems to be an Apache issue -
something outside the boundary of Joomla which is required to make Joomla
function easily.

Cheers

Dave R

"Álvaro G. Vicario"

unread,
Nov 3, 2009, 11:45:35 AM11/3/09
to
David WE Roberts escribi�:

> I have got as far as:
> http://docs.joomla.org/Should_PHP_run_as_a_CGI_script_or_as_an_Apache_module%3F
>
> with a Joomla install on a shared LAMP server.

Shared hosting is normally preconfigured so you don't have such choice:
you must use whatever the sysadmin configured for you.


> Research to date suggests that the choice of running PHP as Apache or as
> CGI is made in the 'httpd.conf' file.
> However I cannot find an 'httpd.conf' file in my web root on the server.
>
> I think I understand that there is a top level 'httpd.conf' file for the
> whole server and that Apache uses the URL to decide which web site to
> pass a request on to, but is it possible to devolve some of the
> responsibility to individual web sites on the shared server so that the
> choice of Apache/CGI is made on a web site by site basis?
>
> Alternatively, is it possible to configure this choice in the top level
> file on a site by site basis (which presumably will require action by
> the server support team)?
>
> This appears to be an issue especially with Joomla! 1.5.14 upgrades but
> I guess applies to any web site which runs a CMS and therefore needs to
> rewrite configuration files etc.
>
> I am asking on the Apache NG because this seems to be an Apache issue -
> something outside the boundary of Joomla which is required to make
> Joomla function easily.

A shared hosting server can have several PHP set-ups for you to choose
from. How to pick one should be explained in their documentation area.
However, you'll probably find they're all CGI.

It's weird than a well-known CMS like Joomla requires a specific SAPI to
run. What exact problem are you facing?

--
-- http://alvaro.es - �lvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programaci�n web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--

David WE Roberts

unread,
Nov 3, 2009, 12:24:51 PM11/3/09
to

""�lvaro G. Vicario"" <alvaro.NO...@demogracia.com.invalid> wrote in
message news:hcpmnh$g8p$1...@news.eternal-september.org...


As far as I can see CGI is what I want but probably PHP is running as an
Apache module.

The Joomla CMS needs to update configuration files when management changes
are made and when new extensions are installed.
[Also to upload images etc.]

The specific problem is that Joomla shows (in a diagnostic) that all the
configuration areas are unwriteable by Joomla.

The probable cause is that Apache is running PHP as a user other than the
owner of the configuration files.

The Joomla online documentation (URL at the top of this post) suggests that
this can happen when PHP is run as an Apache module but if PHP is run as CGI
then it runs as the owner of the web site files and so can update the
configuration files.

The site management console (web based) and FileZilla FTP client both show
that all files are owned by the same user and belong to the same group (the
owner of the virtual site).

If I open permissions up to '777' then I can write to the files but this is
not an ideal configuration for a shared server.
It is not even good to open up permissions whilst you are installing then
close them afterwards because this creates a window of vulnerability.

I have been reading my O'Reilly Apache 2nd Edition but this covers 1.3 and
is quite old now.
However this does suggest that if there is a directory under the web root
called 'conf' which contains a file called 'httpd.conf' then any directives
in this file will be picked up and actioned in addition to the global (or
Virtual Server) settings in the main 'httpd.conf'.
Presumably there is an equivalent for Apache 2 - I will hunt through the
documentation.

I may need to know the absoulte path name of 'php.exe' to use the
directives:
"AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe""
but hopefully this will already be set in the main configuration file.

This may all be a red herring but it seems a common problem in the Joomla
forum, without any specific configuration solution for use on shared
servers.

Cheers

LGC

Kees Nuyt

unread,
Nov 3, 2009, 1:01:21 PM11/3/09
to
On Tue, 3 Nov 2009 15:58:30 -0000, "David WE Roberts"
<nos...@talk21.com> wrote:

>Hi,
>
>I have got as far as:
>http://docs.joomla.org/Should_PHP_run_as_a_CGI_script_or_as_an_Apache_module%3F
>with a Joomla install on a shared LAMP server.
>
>Research to date suggests that the choice of running PHP as Apache or as CGI
>is made in the 'httpd.conf' file.
>However I cannot find an 'httpd.conf' file in my web root on the server.
>
>I think I understand that there is a top level 'httpd.conf' file for the
>whole server and that Apache uses the URL to decide which web site to pass a
>request on to, but is it possible to devolve some of the responsibility to
>individual web sites on the shared server so that the choice of Apache/CGI
>is made on a web site by site basis?

It is possible to delegate some of the configuration to an
individual site using a .htaccess file in the sites document root
directory. The central httpd.conf decides what is delegated and
what isn't.
What your hoster has decided to do only your hoster can tell.

>Alternatively, is it possible to configure this choice in the top level file
>on a site by site basis (which presumably will require action by the server
>support team)?

Anything can be configured in the central httpd.conf, indeed by
the server support team.

>This appears to be an issue especially with Joomla! 1.5.14 upgrades but I
>guess applies to any web site which runs a CMS and therefore needs to
>rewrite configuration files etc.
>
>I am asking on the Apache NG because this seems to be an Apache issue -
>something outside the boundary of Joomla which is required to make Joomla
>function easily.
>
>Cheers
>
>Dave R

HTH
--
) Kees
(
c[_] When a screen is called a desktop, a picture on it
should be called table cloth, not wallpaper.
-- geof [#224]

David WE Roberts

unread,
Nov 3, 2009, 1:35:37 PM11/3/09
to

"Kees Nuyt" <k.n...@nospam.demon.nl> wrote in message
news:5or0f5t6ccg4efo42...@dim53.demon.nl...

Thanks - as I work my way through web sites and documentation it is all
becoming clearer.

I will try the '.htaccess' route but I suspect I may have to go back to the
server team - not sure that they would devolve the choice of Apache module
or CGI.
Thinking about it, I could get Apache to load my own custom 'php.exe' (or
anything else) if I was allowed to locally configure a directive
{Action application/x-httpd-php "/php/php.exe"}.
I suppose this is fine as it loads your own program to run within your own
web site under your User ID.
However I don't know if your average server site is happy to allow you to
run your own executables.
This may be more dangerous than running Perl or PHP scripts.

I am gradually beating the rust out of my brain and getting back into
Apache.

Cheers

Dave R

David WE Roberts

unread,
Nov 3, 2009, 1:51:33 PM11/3/09
to

"David WE Roberts" <nos...@talk21.com> wrote in message
news:7lb7b5F...@mid.individual.net...
<snip>

> I may need to know the absoulte path name of 'php.exe' to use the
> directives:
> "AddType application/x-httpd-php .php
> Action application/x-httpd-php "/php/php.exe""
> but hopefully this will already be set in the main configuration file.
<snip>

Hmmm......./php/php.exe looks awfully like a Windows directive.

From my example I have:

ScriptAlias /php/ "c:/php/"


AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe"

Under Linux (and other Unix-alikes) I assume the binary is 'php'.
So (assuming the ScriptAlias /php/ is set at the top level) should I be
adding:

AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php"

Or is the syntax usually different.
I am obviously assuming that the directory containing the php executable has
been 'ScriptAlias'd to the target directory.

So near, and yet so far.......

David

unread,
Nov 3, 2009, 6:49:40 PM11/3/09
to
David WE Roberts wrote:
> Hi,
>
> I have got as far as:
> http://docs.joomla.org/Should_PHP_run_as_a_CGI_script_or_as_an_Apache_module%3F
>
> with a Joomla install on a shared LAMP server.
>
> Research to date suggests that the choice of running PHP as Apache or as
> CGI is made in the 'httpd.conf' file.
> However I cannot find an 'httpd.conf' file in my web root on the server.

The httpd.conf would not be found in the web root! If you are running
Mandriva or PCLOS try looking for it at /etc/httpd


>
> I think I understand that there is a top level 'httpd.conf' file for the
> whole server and that Apache uses the URL to decide which web site to
> pass a request on to, but is it possible to devolve some of the
> responsibility to individual web sites on the shared server so that the
> choice of Apache/CGI is made on a web site by site basis?
>
> Alternatively, is it possible to configure this choice in the top level
> file on a site by site basis (which presumably will require action by
> the server support team)?
>
> This appears to be an issue especially with Joomla! 1.5.14 upgrades but
> I guess applies to any web site which runs a CMS and therefore needs to
> rewrite configuration files etc.
>
> I am asking on the Apache NG because this seems to be an Apache issue -
> something outside the boundary of Joomla which is required to make
> Joomla function easily.
>
> Cheers
>
> Dave R


--
Light Travels Faster Than Sound, Which Is Why Some People
Appear Bright Until You Hear Them Speak.

"Álvaro G. Vicario"

unread,
Nov 4, 2009, 3:11:52 AM11/4/09
to
David WE Roberts escribi�:

The potential risk is there but... Can you *actually* read files from
other users?

If you can, changing the way PHP runs will do nothing to improve your
security. Other users will not change their set-up to protect your privacy.

If you cannot, then you're trying to fix a non-existing problem.


> I have been reading my O'Reilly Apache 2nd Edition but this covers 1.3
> and is quite old now.
> However this does suggest that if there is a directory under the web
> root called 'conf' which contains a file called 'httpd.conf' then any
> directives in this file will be picked up and actioned in addition to
> the global (or Virtual Server) settings in the main 'httpd.conf'.
> Presumably there is an equivalent for Apache 2 - I will hunt through the
> documentation.
>
> I may need to know the absoulte path name of 'php.exe' to use the
> directives:
> "AddType application/x-httpd-php .php
> Action application/x-httpd-php "/php/php.exe""
> but hopefully this will already be set in the main configuration file.
>
> This may all be a red herring but it seems a common problem in the
> Joomla forum, without any specific configuration solution for use on
> shared servers.

David WE Roberts

unread,
Nov 4, 2009, 8:13:30 AM11/4/09
to

""�lvaro G. Vicario"" <alvaro.NO...@demogracia.com.invalid> wrote in
message news:hcrd09$jfp$1...@news.eternal-september.org...
> David WE Roberts escribi�:
>>
<snip>

>> If I open permissions up to '777' then I can write to the files but this
>> is not an ideal configuration for a shared server.
>> It is not even good to open up permissions whilst you are installing then
>> close them afterwards because this creates a window of vulnerability.
>
> The potential risk is there but... Can you *actually* read files from
> other users?
>
> If you can, changing the way PHP runs will do nothing to improve your
> security. Other users will not change their set-up to protect your
> privacy.
>
> If you cannot, then you're trying to fix a non-existing problem.
<snip>

I think you have this slightly mixed up.

I am unable to write to my own files from within Apache.
I can solve this by allowing any user on the shared server to write to the
files.
However this is insecure.

The issue is not other users reading my files - I can block those using
standard Linux file permissions as and when I wish.
The issue is other users writing to my files.
If this is allowed then there is the strong possibility of my web site being
hacked.

I want Apache to run the PHP scripts within my web site under my own User ID
so that the scripts have access to my files without me having to open up the
permissions.
I understand that this happens if PHP runs as CGI but not if it runs as an
Apache module.
I am looking at how I can make sure that PHP runs as CGI.

So far, it looks as though I can use a '.htaccess' file to include
additional directives but this will only work if the top level 'httpd.conf'
includes an ALLOWOVERRIDE to permit this.

Cheers

Dave R

0 new messages