I used the Lenny Perfect Server Tutorial to install my server.
I use php fastcgi in all sites. My problem was that php was not allowed to write to files in the docroot, even if owner and group are correct (webXX and clientXX), rights of all directories and files were 755. Then I tried 775, and suddenly php was allowed to write in the docroot.
"That's not so pretty" I thought, so I looked around and found suexec.
I didn't found a switch in ISPConfig to enable suexec, so I added it manually to my vhost for testing:
SuexecUserGroup web13 client4
Now php could write in the docroot with 755. "Nice" I thought. Until I tested it in the depth:
-r--r--r-- 1 root root 54 2009-10-21 18:11 test.php
test.php can be executed, even if owner is root.
test.php can delete files owned by root, even if I set owner of test.php to web13 and group to client4.
-r--r--r-- 1 web13 client4 54 2009-10-21 18:11 test.php
-r--r--r-- 1 root root 0 2009-10-21 19:44 deleteme
Deleting is always possible.
Why is this possible? I thought suexec would prevent something link this.
-rwsr-xr-- 1 root www-data 14K 2009-07-14 22:47 /usr/lib/apache2/suexec
I read that suexec has to be owned by apache, but here it is owned by root. If I change the owner to www-data, apache won't stat (no suexec wrapper found).
When I do "su web13" I stay root, but I get no error.
SU 10/22 11:21 + pts/1 root-web13