FastCGI does not work with SELinux enabled

Created:

2016-11-16 13:00:08 UTC

Modified:

2017-08-19 03:11:01 UTC

0

Was this article helpful?


Have more questions?

Submit a request

FastCGI does not work with SELinux enabled

Applicable to:

  • Plesk for Linux

Symptoms

PHP in FastCGI mode does not work. It seems to work properly with SELinux disabled, but it generates error  when it is in "Enforcing" state.

# getenforce
Enforcing

Apache error log files contain the following entries

In domains error log /var/www/vhosts/example.com/logs/error_log:

PLESK_INFO: [warn] [client 203.0.113.2] (104)Connection reset by peer: mod_fcgid: error reading data from FastCGI server
[error] [client 203.0.113.2] Premature end of script headers: info.php

In server wide error log /var/log/httpd/error_log:

PLESK_INFO: failed to open log file /var/log/httpd/suexec_log
fopen: Permission denied

In /var/log/httpd/suexec_log log file can be found the following error:

PLESK_INFO: [2017-08-07 23:58:46]: uid: (10004/johndoe) gid: (503/503) cmd: cgi_wrapper [2017-08-07 23:58:46]: failed to setgid (503: cgi_wrapper)

Cause

Invalid SELinux security context.

Resolution

  1. Connect to the server using SSH

  2. Set the correct security context to the /usr/sbin/suexec binary

    # chcon system_u:object_r:httpd_suexec_exec_t:s0 /usr/sbin/suexec

Have more questions? Submit a request
Please sign in to leave a comment.