Configure suexec for Apache2 on Ubuntu 14.04

The suexec mechanism allows you to execute CGI scripts on behalf of different system users. In this article, I’ll walk through an example of setting up suexec based on Linux Ubuntu 14.04.

It is very convenient to use suexec if you have multiple websites on the single server and you use sftp isolation to access the files. With suexec you’ll never see the problems with the file owner/permissions mismatch

Install the required software:

apt-get install php5-cgi libapache2-mod-fcgid apache2-suexec apache2-suexec-custom -y

Enable apache2 modules

a2enmod fcgid  
a2enmod suexec

Now we need to identify php files as cgi scripts to be executed by the fcgid module There are multiple options to enable this

  1. Updarte global fcgid.conf
  2. Update configuration files of every website

The second option:

nano /etc/apache2/sites-enabled/**sitename.conf**

Update the website configuration with the following:

<IfModule mod_mime.c>
  AddHandler     fcgid-script .php
  FCGIWrapper /usr/bin/php5-cgi .php

Next we need to specify the name of the user and group that should be used by suexec to work with the website files (additionally I use separate php.ini for every website on this server):

<IfModule mod_suexec.c>
  FcgidInitialEnv PP_CUSTOM_PHP_INI /etc/php_conf.d/websitename_php.ini
  SuexecUserGroup "<strong>systemuser</strong>" "<strong>systemgroup</strong>"

The remaining configuration is unchanged.

Restart apache daemon to apply the changes

service apache2 restart

Allow listing for the website folder:

chmod +x /var/www/**sitename.conf**

Add executable permission to all php files in the website folder:

find /var/www/**sitename.conf** -type f -name `*.php` -exec chmod +x {} \;