[tech] Mussel upgraded to Debian stable "jessie" 8.2
David Adam
zanchey at ucc.gu.uwa.edu.au
Mon Nov 2 23:33:29 AWST 2015
On Sun, 1 Nov 2015, David Adam wrote:
> The main remaining issue is that suPHP was removed from the Debian
> distribution as it is not actively maintained. I am not keen on running
> mod_php for user directories without it; there's too much risk in the PHP
> running in other contexts (e.g. cacti, Roundcube, etc.). For now, I've
> disabled PHP code in user home directories (see mods-enabled/php5.conf).
>
> I'll try and work out an alternative in the next few days, although others
> are most welcome to take a look.
I think I've got all the webspace stuff working again. I ended up install
libapache2-mod-ruid2, which uses Linux capabilities to switch user as
required. I am a little concerned, because while I think I have a good
understanding of suexec/suPHP, ruid2 is a little more impenetrable.
Regardless, it's in Debian and supported. Installing the module and
disabling suexec made everything work perfectly.
Ha ha, just kidding! Of course we got bitten by the minimum GID that
mod_ruid2 enforces, requiring (as usual [1]) recompilation and
reinstallation of the module. I've put a hold on the package so that it
doesn't get automatically reinstalled.
Also, for some reason, although mod_suexec was disabled and there were no
references to suexec anywhere in the Apache configuration, suexec kept
running until I moved /usr/lib/apache2/suexec to suexec.pre_ruid2.
David Adam
zanchey at ucc.gu.uwa.edu.au
[1]:
http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2015-October/004695.html
More information about the tech
mailing list