[tech] Mussel upgraded to Debian stable "jessie" 8.2

David Adam zanchey at ucc.gu.uwa.edu.au
Mon Nov 2 23:33:29 AWST 2015


On Sun, 1 Nov 2015, David Adam wrote:
> The main remaining issue is that suPHP was removed from the Debian 
> distribution as it is not actively maintained. I am not keen on running 
> mod_php for user directories without it; there's too much risk in the PHP 
> running in other contexts (e.g. cacti, Roundcube, etc.). For now, I've 
> disabled PHP code in user home directories (see mods-enabled/php5.conf).
> 
> I'll try and work out an alternative in the next few days, although others 
> are most welcome to take a look.

I think I've got all the webspace stuff working again. I ended up install 
libapache2-mod-ruid2, which uses Linux capabilities to switch user as 
required. I am a little concerned, because while I think I have a good 
understanding of suexec/suPHP, ruid2 is a little more impenetrable.

Regardless, it's in Debian and supported.  Installing the module and 
disabling suexec made everything work perfectly.

Ha ha, just kidding! Of course we got bitten by the minimum GID that 
mod_ruid2 enforces, requiring (as usual [1]) recompilation and 
reinstallation of the module. I've put a hold on the package so that it 
doesn't get automatically reinstalled.

Also, for some reason, although mod_suexec was disabled and there were no 
references to suexec anywhere in the Apache configuration, suexec kept 
running until I moved /usr/lib/apache2/suexec to suexec.pre_ruid2.

David Adam
zanchey at ucc.gu.uwa.edu.au

[1]: 
http://lists.ucc.gu.uwa.edu.au/pipermail/tech/2015-October/004695.html


More information about the tech mailing list