Mod_php causes Permissions Issues?

In http://www.virtualmin.com/node/8462#comment-48251 there is allusion to a serious sounding issue with mod_php. So I am using fcgid for about 35 web hosting clients on my VPS. Rimuhosting is telling me that I am runing out of memory, partly because "you have a lot of instances of php-cgi being spawned by apache".

Is this mod_php information valid? It does seem that would break some apps due to SuExec, etc. Can this issue be fixed? Is there any data about the difference in RAM footprint between mod_php and the CGI variants? This would help me scale my VPS.

Thanks, Ken

Status: 
Active

Comments

Joe's picture
Submitted by Joe on Wed, 11/04/2009 - 22:52 Pro Licensee

How much memory do you have? And how heavily is your server being used?

In general mod_fcgid is more memory efficient than mod_php, but in some circumstances it can take more. If your system is not seeing heavy load, you could switch to CGI (which only starts PHP when the site is being accessed and doesn't maintain any daemons) for some or all of your sites. This would make those sites quite a bit slower.

The "serious sounding issue" is merely that applications have access to all user home files with the same privileges as the Apache user. This may or may not be a security issue in your case...if you don't have untrusted users able to upload or modify scripts, this is not much of a concern.

There are a few little tweaks you can make to the mod_fcgid configuration to make it a bit less memory intensive, like reducing the number of processes that stick around all the time.