0

I am looking at enabling FastCGI to handle PHP execution on all of my domains. I tried it the other day and ran into one problem with my PHP configuration.

I currently have a php-browscap.ini located on my server that is used by all of my domains. It is located within my companies domain directory so something like this:

browscap = /var/www/vhosts/mycompany.com/httpdocs/scripts/php_browscap.ini

In order for this to work I wouldn't usually have to do anything because the apache user would have access to all of the web directories.

However, now that the user must be domain specific, I am having permission issues access the browscap. Does any body know a fix that I can implement into my PHP configuration to allow access to another domains directory?

I do not want to have to place a browscap file in each domains directory although I know this would be one fix

Would it work if I placed the file outside of the web directory?

e.g. /company/php-browscap.ini

Where 'company' is a custom folder in my root directory which contains scripts for my server. I havent tried this because it requires quite a lot of changes but if I know it will work then I will give it a go.

Ben Carey
  • 16,540
  • 19
  • 87
  • 169
  • 1
    What about storing it in a directory all users have read only access to like /usr/lib/php/browsecap.ini or /usr/share/browsecap.ini or something like that? Then modify PHP.ini to point there and all sites should be able to use it with no problem. – drew010 Jan 28 '12 at 19:44
  • That is what I have said I will do if I know it will work. Are you saying that FastCGI is allowed to access files outside of the 'example.com' directory, if the user has the appropriate permissions? – Ben Carey Jan 28 '12 at 19:46
  • It can access files anywhere on the server if the permissions are correct. As long as the files and directory have world read permissions set, it can read them (which is typical for those directories). You will need superuser access to place the file in that location, but it can be read by anyone, but not modified or deleted. – drew010 Jan 28 '12 at 19:50
  • You are having trouble with reading it from the home directory, because home directories typically don't have world read permission (they are chmod 711 [no world read/write]). – drew010 Jan 28 '12 at 19:53
  • Okay brilliant, thats all I needed to know. Can you place that in the answer so I can mark this as answered? Thanks very much. As you were able to answer that so quickly, would you be able to have a look at another question I am about to post that is slightly related. It is concerning the 'open_basedir' and moving files cross domain with FastCGI? – Ben Carey Jan 28 '12 at 19:55
  • Will do and then I'll take a look at the other Q. – drew010 Jan 28 '12 at 19:58
  • Thank you, new question located here: http://stackoverflow.com/questions/9048174/php-open-basedir-with-fastcgi – Ben Carey Jan 28 '12 at 20:07

1 Answers1

1

If you place the browsecap.ini file in a directory that has world read permission (e.g. 755 drwxr-xr-x) then FastCGI (or any user) can read the file. Such directories could be /usr/lib/php (if exists) or /usr/share.

If you chmod the file to 744, then all users can read it but not delete or modify it, as long as all the parent directories are world readable as well.

drew010
  • 68,777
  • 11
  • 134
  • 162