Hi, I would like to configure some client webs to use SuExec + php-fpm or php-fcgi in order to create new files with the permission of the web user instead of www-data. That works fine as long as there are no symlinks. However, for TYPO3 installations it is very common to use symlinks pointing to a central installation of the core TYPO3 system. The php_basedir is set accordingly to include said directory. Unfortunately both, php-fpm and php-fcgi seem to be running into problems with that kind of setup. For php-fpm the frontend displays "File not found." and the logfile log/error.log contains "/var/www/clients/client24/web110/cgi-bin/php5-fcgi-*-80-myweb.de" stderr: Primary script unknown" For php-fcgi the displayed message is "no input file specified." and the log file does not contain any entry except for an 404 in the access.log Any ideas? It works without the symlinks, but I'd really like to keep that kind of setup for multiple reasons. Thanks...
Suexec is a apache security extension, it ensures that all files executed by php are owned by the correct user (the user f the website). If you symlink files from a global directory, then these files are owned by a wrong user and suexec will not execute them as thats a security violation.
That's true - the files in the web are owned by web123:client123 while the files in /var/www/shared/typo3 (in my case) are owned by www-data:www-data. However, I have now found my mistake - it actually works when the user web123 has the correct permissions on the folder. I have now just changed the permissions to o+rx permissions on the files and folders under the shared directory and it works. Thanks!
