Almost one year ago, I wrote an entry about using Apache2 with mod_fastcgi and suexec.
For some security reasons, suexec is using a root directory. By default it's set to /var/www/. To see the problem you can test the following command:
#/usr/lib/apache2/suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
As you can see AP_DOC_ROOT is set to /var/www/. So if you don't have your files in this directory, you can not use suexec. Moreover, you are probably like me, you don't want to move all your files in this directory. The only way to resolve this problem is to recompile apache2 with the correct configuration. Below, an example on Debian 4.0.
#apt-get update
-> get the package's source of apache2
$mkdir /tmp/apache2
#cd /tmp/apache2
#apt-get source apache2
#apt-get build-dep apache2
-> get and install the packages required to rebuild the package apache2
#emacs apache2-2.2.3/debian/rules
-> replace the option --with-suexec-docroot with the correct path you want. Now we can actually rebuild the package. We perform a rebuild by using the debuild command. If you are not the maintainer of the package, you will need to add two flags to this, telling the building process not to sign the package. In most cases debuild -us -uc is what you wish to use.
#debuild -us -uc
-> Wait a bit, and if no error happens, you can install the new package.
#dpkg -i apache2_2.2.3-4+etch5_all.deb
Now the AP_DOC_ROOT should be set to the correct directory:
#/usr/lib/apache2/suexec -V
-D AP_DOC_ROOT="/home/myWebDir"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"
Perhaps I made mistakes, tell me if you have suggestions.
