Check config gives me this error

SuExec cannot be used to run PHP scripts in CGI or FCGId modes : The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin virtual server home directory is /home. CGI scripts run as domain owners will not be executed.

Everything else is fine.

Status: 
Active

Comments

Ilia's picture
Submitted by Ilia on Sat, 06/06/2020 - 08:50

Hi,

Yes, CentOS 8 will only support running PHP scripts as a domain owner, only by using PHP-FPM.

We did this to avoid building custom Apache packages and let a distro handle it.

By default, on RHEL systems suexec is hardcoded to /var/www and we use /home for storing user files. What could work is using bindfs (or mount -o bind - drawback is that it can be only executed by root user) to handle hardcoded suexec directory.

Hi Ilia, With all due respect. we like Virtualmin and even supported by purchasing Virtualmin Pro.

However, we have decided to switch from Debian to CentOS 8 on our servers including the webserver.

We are not in public Web-hosting business but we do web host several of our associated businesses. We have switched from ISPconfig and began consolidation of cPanel based from our public webhosting locations.

The switch was determined based on the Webmin/Virtualmin technology that we felt would take us further ahead.

I agreed with Virtualmin's approach that domain name owners should store everything in their own /home directories and not /var/www/public_html/????

I also agree with RHEL staying with traditional approach in /var/www...

However, we disagree with mounting bind that exposes executing everything with root privileges.

Our choices are limited: 1. Don't use RHEL/CentOS 8 2. Stop using Virtualmin.

Unfortunately, the choice is simple. No. 2.

It 's a tough choice. Basically, We (The IT team and me) have switched to CentOS 8 and would like to stay with it.

Keep up the good work and all the best.

Ilia's picture
Submitted by Ilia on Wed, 06/10/2020 - 11:16

I also agree with RHEL staying with traditional approach in /var/www...

You can configure Automatic home directory base at Webmin/System/Users and Groups module and switch it from /home to /var/www

Our choices are limited 1. Don't use RHEL/CentOS 8 2. Stop using Virtualmin.

There are many more other choices. There is nothing wrong with Debian 10 distro, which, by the way, has Posfix 3.4 with SNI support, unlike CentOS 8. If you don't like Debian that much, not a problem, it would also be possible to build Apache with suexec configured to /home and simply replace suexec binary (which works perfectly fine) or build a complete, own Apache rpm package.

The switch was determined based on the Webmin/Virtualmin technology that we felt would take us further ahead.

Do you need any other scripts to be run aside from PHP?

I am only doing the web server. I belong to an IT team in North America deploying global IT infrastructure for our global organization.

The decision to switch to CentOS 8 (not 7) was based on a directive from the global IT. We are still and will continue to use Debian and have upgraded to Debian 10 in our IT infrastructure.

One other method is to install Debian 10 in a VM and run the web-hosting using Virtualmin from there. This way everybody is happy ;)

"Do you need any other scripts to be run aside from PHP?"

Perhaps later. Thanks for offering.