Comment 8 for bug 253268

From deb source (and I compiled it)
However I need to change the version number because an apt-get update/upgrade will upgrade to the latest version and you'll need to apt-get remove/purge the latest and install the older one.

Until I hear a better compelling reason to change the permissions/ownership (to how they suggest) "workaround" (aka all files on web server in question are to be owned by ROOT or the switched user account suPHP uses)... I'm used to a different ownership model when using suPHP.

Doesn't make sense because in order to make the parent folder owned by root.root the user/group/world -- the world permissions must be open to anybody on the system.. where I like to have the parent folders owned by the same person the apache httpd is running as... so ONLY people that are that user (or in a particular group) can even GET to the same folder... Having it world readable means you should NOW never allow shell access on the machine (because people can now go into the folder and read other's PHP scripts and pull things out like passwords or look for exploitable bugs).

I really dislike being told the new cold is more restrictive and requires a change in permission and after looking at the changes.. it's really less secure.

--Doug

----------------------------------------
> From: <email address hidden>
> To: <email address hidden>
> Date: Wed, 27 Aug 2008 14:24:43 +0000
> Subject: [Bug 253268] Re: php5-cgi not working with suphp in Hardy
>
> dx9s: Where did this deb come from?
>
> Thanks
> chuck
>
> --
> php5-cgi not working with suphp in Hardy
> https://bugs.launchpad.net/bugs/253268
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in “php5” source package in Ubuntu: New
> Status in “suphp” source package in Ubuntu: New
> Status in “suphp” source package in Debian: New
>
> Bug description:
> Suphp doesn't work in Hardy. It seems that it is simply ignored and php processes are executed under www-data.
>
> It was working fine under Gutsy. I dist-upgraded a month ago but I discovered the problem only recently (because one of my website was unable to read a config file chmoded to 700). I'm pretty sure it's the dist-upgrade because the suphp log stopped the day I dist-upgraded (approximately at least).
>
> I didn't change anything in the config in the meantime. Also, when investigation the problem, I copied /etc/apache2 /etc/php5 and /etc/suphp from a working Debian installation. It doesn't work under Hardy.
>
>
> The symptoms are the following :
> 1) if mod_php5 is enabled, processes run with www-data permissions. phpinfo() returns "Apache 2.0 Handler " as the server API. (when suphp is working, it returns "Cgi/FastCgi" AFAIK
>
> 2) if mod_php5 is not enabled, you will receive an error 500. The logs contain the following lines :
> [Wed Jul 30 14:31:55 2008] [error] [client 212.190.219.18] SecurityException in Application.cpp:440: Handler not found in configuration
> [Wed Jul 30 14:31:55 2008] [error] [client 212.190.219.18] Caused by KeyNotFoundException in Configuration.cpp:234: Handler "application/x-httpd-php" not found
> [Wed Jul 30 14:31:55 2008] [error] [client 212.190.219.18] Premature end of script headers: index.php
>
>
> If both suphp and php5 are disabled, then your browser offers you to download the file (which is normal).
>
> Also, it has to be noted that suphp is well active because if you try to access a software not in the defined root, you will get an error in the logs. So, it seems like the problem is not suphp but the cgi part of php5 which is not responding or something like that.
>
> I'm not an expert so I'm not sure about the where to assign this issue.

_________________________________________________________________
See how Windows Mobile brings your life together—at home, work, or on the go.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093182mrt/direct/01/