I have created several websites. Now I need to perform root tasks. I created a webplatform and installed. root owns all scripts in /var/private-www/ and they are chmodded (0777). In /var/private-www/test.php stands: <?php echo exec('whoami'); ?>. My suPHP config is this:
[global]
;Path to logfile
logfile=/var/log/suphp/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=root
;Path all scripts have to be in
docroot=/var/private-www
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=0
; Minimum GID
min_gid=0
[handlers]
;Handler for php-scripts
application/x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
When I execute test.php in my webbrowser, it says: www-data :(. Not root... Even when I execute it in the command line. Besides, I did a2enmod suphp and apachectl restart, so I was thinking it would work. How can I fix this?
This is not the answer you are looking for, but you should consider this a bit:
Although there are cases where you would like to do so, running all your php scripts as root in general is bad practice and you may face a number of obstacles.
One easy way to avoid this is to use sudo. Add your commands to sudoers for www-data and let your scripts execute an external command with sudo.
Even external php scripts can be ran as root via sudo. This way you will achieve privilege separation.
Otherwise you will have to run apache+modphp as root or hack the code of suphp.