These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for FastCGI App vs Apache Module. Is FastCGI not secure? on the new forum.
Web Hosting and Cloud Computing Control Panels
Howdy,
Under most circumstances, using FCGID (and CGI) is the best mode to use, and the most secure.
With the help of suexec, it will run PHP apps as the Virtual Server owner.
If you're receiving an error that states something isn't writable, that suggests a configuration problem -- Drupal runs quite well using FCGID, and the Virtual Server owner should always have permission to write to directories in their account.
You may want to verify that your directories are actually owned as your Virtual Server owner, and not someone else.
-Eric
Hi Eric,
I know Drupal runs well using FCGID, but this always happens on any vanilla Drupal website installed on any freshly setup Virtulamin server with permissions to write to directories. Even with all the directories and files belonging to the right username it fails to pass Security Review module of Drupal. The problem is not on Virtualmin side, it is on Drupal Association or rather Acquia side, which is imposing this module to all hosting vendors. You can read some background of the issue here https://groups.drupal.org/node/206978
In short default settings of a Drupal website created on freshly installed default Virtualmin is not good for Security Review module of Drupal. And we just wanted to hear your opinion on this matter that is driven quite ridiculous by Drupal Association and Acquia people.