FastCGI, PHP, and suExec

[shinji]

*EDIT*

OK. So I posted for help before but I was so close it wasn't even funny. The solution was right under my nose. suexec complained that it wasn't in the doc root. It only checks the cgi that is executed (not what is executed afterwards) for ownership and for location. So...

Here are my configs

fastcgi.conf -- we need to load the module

Code:

LoadModule fcgid_module modules/mod_fcgid.so

In the <virtualhost> section for the host you want this setup on.

Code:

  AddHandler fcgid-script .php

  <Directory /path/to/html>
    FCGIWrapper /path/to/html/php.fcgi .php
  </Directory>

Contents of php.fcgi

Code:

#!/bin/sh
PHPRC="/usr/php4/etc"
export PHPRC
PHP_FCGI_CHILDREN=8
export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/php4/bin/php

Adjust PHP_FCGI_CHILDREN and PHP_FCGI_MAX_REQUESTS to your server. Keep in mind that PHP_FCGI_CHILDREN will be that number plus one. The starting process plus its children. Change the exec line to point to your php binary location and it can be outside the docroot. It can also be owned by someone other than the user the site is running under. Change PHPRC to point to the folder where your php.ini is located at.

Note that you must put this file in the document root for each website and it cannot be symlinked. It must be chowned to the user that the site runs under. It also should be chmodded with read and execute permission for the owner at the very minimum. That would be chmod 500.