(Contributed by Mandrake Linux user Jeff Bert)
- Got 'php-4.1.2.tar.gz' and compiled as a CGI Binary
it using (minimum options shown):
- Untarred it to /usr/local/src
- cd /usr/local/src/php-4.1.2
- ./configure --enable-track-vars --enable-force-cgi-redirect
--with-config-file-path=/etc
- make
- strip php
- cp php /home/USERNAME/public_html/cgi-bin/php4-12.cgi
- chmod 700 /home/USERNAME/public_html/cgi-bin/php4-12.cgi
- Got 'cgiwrap-3.7.1.tar.gz' from: http://cgiwrap.unixtools.org/
- Got 'php-cgiwrap' patch from: http://www.klaban.torun.pl/patches/cgiwrap/
- Un-tarred 'cgiwrap-3.7.1.tar.gz' into '/usr/local/src'
and patched it
- cd /usr/local/src/cgiwrap-3.7.1
- cp /path-to-patch/cgiwrap-3.7.1-p7-withphp.diff.gz
.
- gzip -dc cgiwrap-3.7.1-p7-withphp.diff.gz
| patch -p1
- Created "cgi-sys" for system cgi-bin to run cgiwrap
from:
- mkdir -p /var/www/cgi-sys
- chmod 755 /var/www/cgi-sys
- Added to my httpd.conf file:
ScriptAlias /cgi-sys/ /var/www/cgi-sys/
<Directory /var/www/cgi-sys>
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
- Compiled cgiwrap with (minimum options shown):
- ./configure --with-httpd-user=apache --with-install-dir=/var/www/cgi-sys
- make
- make install
- Got rid of the php-cgiwrap links to cgiwrap so that
I can custom install those separately with a second cgiwrap compile:
- rm -f /var/www/cgi-sys/php*
- make clean
- ./configure --with-httpd-user=apache --with-install-dir=/tmp
--with-cgi-dir=public_html
- make
- make install
- cp /tmp/cgiwrap /var/www/cgi-sys/php-cgiwrap
- ln /var/www/cgi-sys/php-cgiwrap /var/www/cgi-sys/php-cgiwrapd
- rm /tmp/*cgiwrap* -f
- Set up 'Vhosts.conf' with for each host that is php
wrapped (not all are):
AddHandler php-cgiwrap .php
Action php-cgiwrap /cgi-sys/php-cgiwrap/USERNAME/cgi-bin/php4-12.cgi
So what I did was create two different wrappers... one
for cgi scripts that have to be called via:
http:domain/cgi-bin/cgiwrap/USERNAME/path-to-script-inside-cgi-bin/script.cgi
and the other for php files called via:
http:domain/path-to-php-script-NOT-inside-cgi-bin/script.php
The reason this works is that the patch to cgiwrap allows
you to get rid of the #!/path-to-php/ and the php CGI binary allows you to
not have to put the php files in the cgi-bin.
Now, this raises some security issues that goes against
the ilk of those who swear by cgiwrap religiously. Putting a language parser
in the cgi-bin is a security risk per http://www.cert.org/advisories/CA-1996-11.html
. So, I'm not sure this is the best setup for everyone.
The reasons I did this was that so I could create scripts that would be easily
ported to my alternate account at pair.com. Also, some of my webusers wanted
to customize their php installs and I wanted to give them that but to force
the risk to them. Because wrapping php puts the risk to damage to the system
to their files only, i hope ;)
section index top
|