Fixing php-fcgi (php5-fastcgi) Init Script

A long time ago when I setup my self-hosted WordPress blog (what you’re reading on now), I had to install PHP onto my system.  I believe I followed some guide for configuring a php-fcgi Init script (used to run and manage the program as a service).  I can not remember the exact details of what happened during that time, but I realized recently that even though the service starts, if I run the command ‘service php-fcgi status’, it will show up as having failed to start.

After some tweaking and editing, I now have the Init script running properly.  Below are the details as to what I had to change to get this to work.  If you installed php-fcgi and need an Init script for it, then you can use the final version below (this is verified to work on openSUSE 12.3).

Originally the PHP_CGI_ARGS variable was:

PHP_CGI_ARGS=”- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND”

…and the actual line to start the process in the start() function was

/sbin/startproc -u “$USER”  /usr/bin/env — “$PHP_CGI_ARGS”

What I believe the issue was, is that /sbin/startproc was essentially trying to daemonize the /usr/bin/env process instead of /usr/bin/php-cgi.  As you can see by the final version of the Init file below, I changed the PHP_CGI_ARGS variable to:

PHP_CGI_ARGS=”- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS”

…and the line in the start() function to:

/usr/bin/env — $PHP_CGI_ARGS /sbin/startproc -u $USER $PHP_CGI -b $BIND

This way /usr/bin/env, whose purpose in this script is to run a command with a modified environment, will run /sbin/startproc who in turn will daemonize the /usr/bin/php-cgi process (what we wanted to run as a service, a.k.a. daemon, in the first place).

Final version of ‘/etc/init.d/php-fcgi’:

#!/bin/bash
### BEGIN INIT INFO
# Provides:          php-fcgi
# Required-Start:    $network
# Should-Start:      nginx lighttpd httpd
# Required-Stop:     $network
# Should-Stop:       nginx lighttpd httpd
# Default-Start:     3 4 5
# Default-Stop:      0 1 2 6
# Short-Description: starts php over fcgi
# Description:       starts php over fcgi
### END INIT INFO

(( EUID )) && echo .You need to have root priviliges.. && exit 1
BIND=127.0.0.1:9000
USER=wwwrun
PHP_FCGI_CHILDREN=2
PHP_FCGI_MAX_REQUESTS=1000

PHP_CGI=/usr/bin/php-cgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS"
RETVAL=0

start() {
      echo -n "Starting PHP FastCGI: "
      /usr/bin/env -- $PHP_CGI_ARGS /sbin/startproc -u $USER $PHP_CGI -b $BIND
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}
stop() {
      echo -n "Stopping PHP FastCGI: "
      killall -q -w -u $USER $PHP_CGI
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}

case "$1" in
    start)
      start
  ;;
    stop)
      stop
  ;;
    restart)
      stop
      start
  ;;
    *)
      echo "Usage: php-fastcgi {start|stop|restart}"
      exit 1
  ;;
esac
exit $RETVAL

After changing your script, if on a current openSUSE system, you will have to run the following command before using the normal service command to start, stop, or restart the php-fcgi service.:

# systemctl daemon-reload

LinuxCounter – Keeping Track of the Linux User Population

Today I came across The LinuxCounter Project.  The general idea is to be able find out how many Linux users, and systems, there are out there.  To do this you can register yourself and your systems (which get registered to your account).  As they say on their site, not everyone will register themselves so the numbers listed on the site are not accurate.

I’m all for Linux and I like the idea of being able to see how many Linux users there are in the world.  Unfortunately, as you might have guessed, registering is just another way of putting your information out there.  LinuxCounter does allow you to choose what you want to share, such as your name, email, your systems’ hostnames, and other details.  I have almost all settings set to not publicly visible, so if you would like to get an idea of what type of information you can see, then check out my profile page here:

At the bottom of the page you can click on one of my machines to see the details of what is shared there.  As you can see, there is little information shared but still enough to give an attacker a base for where to start (ex: they know what distribution I am running).  You can choose to add your systems in via their update script, or manually from your profile.  If you enter information in manually, you have more control over what gets sent to the server versus if you use their update script.  No matter which option you choose, you can always log in to your profile and change the preferences for what information is public.

All that said, I am going to give a brief description here on how to configure the update script on your system, along with how to not have the update script send you distribution and distribution version information  The method I used is a straight download of the script, I did not add any repos.  You should have already created your account at this point before going forward.  I will be adding the system directly from the update script (it is possible to add it manually first via the website and then update with the script).  Note: It is best practice to run this as a normal user, not as root.

All steps below are done in a terminal:

  1. Create and/or go to the directory you would like the script to be in:

    ex: $ mkdir ~/bin; cd ~/bin

  2. Download the script:

    $ wget -N –no-cache http://linuxcounter.net/script/lico-update.sh

  3. Make the script executable:

    $ chmod 0774 lico-update.sh

  4. Configure the system. Follow all prompts; if it asks for a value and you do not have it yet (e.g. your update key) then leave it blank.

    $ ./lico-update.sh -i

  5. Edit your configuration

    $ vi ~/.linuxcounter/`hostname`

    Add your machine number and update key to the configuration.

    update_key=’######’
    machine_number=’#######’

    Edit the distribution variable to prevent you distribution from being uploaded.

    distribution=’Unknown’

    Edit the distribversion variabel to prevent your distribution version from being uploaded.

    distribversion=”

  6. To view what data will be sent to LinuxCounter, without actually sending it:

    $ ./lico-update.sh -s

  7. Send your data:

    $ ./lico-update.sh -m

  8. Add a cron job to automatically update the information

    $ ./lico-update.sh -ci

You should log into your account on LinuxCounter and verify your systems are showing correctly.  Your personal certificate (the image with your user number and number of machines) will update every 30 minutes, but your machines should be showing at the very bottom of the Profile page as well as in the top right that displays your user number and number of machines.

As always, if you have any questions or comments then leave them below!