I seem to have a problem with suPHP and Joomla extensions.
Every new extension I install upload with -rx------- file rights.
As you can guess this is causing no end of trouble and manual work.

Can anyone point me in the right directions where to look for these settings?

Sam

Do you see any errors in Apache's error log?

Yup,

Like this... (taken after another try to add pictures with Virtuemart/Joomla e-shop.)

server1:/home/admin# tail -30 /root/ispconfig/httpd/logs/error_log
[Wed May 16 15:08:08 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Wed May 16 15:08:08 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Wed May 16 15:08:08 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Wed May 16 15:08:08 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Wed May 16 15:08:08 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Wed May 16 15:08:08 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
[Thu May 17 13:07:07 2007] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
[Thu May 17 13:07:07 2007] [error] System: Connection reset by peer (errno: 104)
[Fri May 25 12:47:34 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
[Fri May 25 12:47:34 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
du: `/var/www/web16/web/components/com_joomlaxplorer': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/.config': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/.include': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_ftptmp': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_js': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_lang': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_lib': Permission denied
du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_style': Permission denied
du: `/var/www/web16/web/mambots/docman': Permission denied
du: `/var/www/web16/user/web16_user1/Maildir': Permission denied
[Sat May 26 15:31:02 2007] [notice] caught SIGTERM, shutting down
PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/gd.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/gd.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mhash.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mhash.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mysql.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mysql.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so: cannot open shared object file: No such file or directory in Unknown on line 0
[Sat May 26 15:31:10 2007] [notice] Apache/1.3.37 (Unix) PHP/5.2.1 mod_ssl/2.8.28 OpenSSL/0.9.8e configured -- resuming normal operations
[Sat May 26 15:31:10 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Mon May 28 20:58:28 2007] [notice] caught SIGTERM, shutting down
[Mon May 28 20:58:36 2007] [notice] Apache/1.3.37 (Unix) PHP/5.2.1 mod_ssl/2.8.28 OpenSSL/0.9.8e configured -- resuming normal operations
[Mon May 28 20:58:36 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)

You are looking at the wrong logfile. Your websites are not run on the ISPConfig apache server, they are run on the apache server of your linux distribution. The error log is in the log directory of the website directory.

I'm using the VMware ISPconfig appliance.
It has default apache config so the log files will be in /var/log
Do you mean those?

Sam

There does not appear to be any related error messages in /var/log/apache2

Sam

No, I'am not talkong about these logfiles. The errors are logged in the logfile which is inside the website directory and not in /var/log. Your website directory is /var/www/www.yourdomain.com/..

This is from the error.log

[Mon Jun 11 16:52:39 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
[Mon Jun 11 16:52:39 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
[Mon Jun 11 16:52:40 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
[Mon Jun 11 16:52:40 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
[Mon Jun 11 16:52:47 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
[Mon Jun 11 16:52:47 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
[Mon Jun 11 16:55:33 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/favicon.ico
[Mon Jun 11 16:59:17 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
[Mon Jun 11 16:59:24 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_virtuemart
[Mon Jun 11 16:59:33 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
[Mon Jun 11 17:00:18 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?pshop_mode=admin&page=product.product_list&option=com_virtuemart
[Mon Jun 11 17:00:33 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
[Mon Jun 11 17:01:47 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
[Mon Jun 11 17:02:06 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_mambots
[Mon Jun 11 17:02:24 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
[Mon Jun 11 17:04:57 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
[Mon Jun 11 17:06:46 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
[Mon Jun 11 17:07:12 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
[Mon Jun 11 17:07:17 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_virtuemart
[Mon Jun 11 17:07:21 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?pshop_mode=admin&page=product.product_list&option=com_virtuemart
[Mon Jun 11 17:07:29 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_virtuemart&page=product.product_list&category_id=5
[Mon Jun 11 17:07:34 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_virtuemart&page=product.product_list&category_id=2
[Mon Jun 11 17:07:46 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?page=product.product_form&limitstart=0&keyword=&product_id=35&product_parent_id=&option=com_virtuemart
[Mon Jun 11 17:07:47 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/administrator/index2.php?page=product.product_form&limitstart=0&keyword=&product_id=35&product_parent_id=&option=com_virtuemart
[Mon Jun 11 17:07:47 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/b62bcba0bb7b7d1e9f41e77fcbe696a6.gif, referer: http://www.domain.com/administrator/index2.php?page=product.product_form&limitstart=0&keyword=&product_id=35&product_parent_id=&option=com_virtuemart
[Mon Jun 11 17:07:48 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/a8da2e5b0b0b2dd2b0c32d9720fc0d77.gif, referer: http://www.domain.com/administrator/index2.php?page=product.product_form&limitstart=0&keyword=&product_id=35&product_parent_id=&option=com_virtuemart
[Mon Jun 11 17:09:46 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
[Mon Jun 11 17:09:47 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/3d2e9e3e12c4111e1f10240a9ebf8471.jpg, referer: http://www.domain.com/administrator/index2.php
[Mon Jun 11 17:09:47 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/6705c1243c8cf1e9d8418e809f3b343b.jpg, referer: http://www.domain.com/administrator/index2.php

Clearly there is a problem with the file permissions but is it the .htaccess file that is causing it?

Sam

Hi Till
Hi Falko

New Problem

Went to upload some pics in my joomla virtumart shop and found they disapeared. On closer inspection they are there but with file permissions of 600 which means nobody can see them. When I chmod them back to 644 everything is fine.

Apache log showed error


[Wed Jun 27 14:14:12 2007] [error] [client 202.134.250.214] (13)Permission denied: file permissions deny server access: /var/www/web2/web/components/com_virtuemart/shop_image/product/8af45d7077b9fc7a719486c9662fed00.jpg, referer: http://www.my1084.com/administrator/index2.php

System is debian etch with suphp and ispconfig

I have now tested on a second debian etch machine with suphp and ispconfig and got the same result.

Is this a joomla issue or a suphp issue as without suphp files are chowned by www-data and this dosnt happen.

Files must have minimum of chmod 755 and 644 in joomla

Edit

Thought you might like the output of ls -la /var/www

server1:/var/www# ls -la /var/www
total 32
drwxr-xr-x 8 root root 4096 2007-06-27 11:43 .
drwxr-xr-x 15 root root 4096 2007-06-26 17:58 ..
drwxr-xr-x 2 root root 4096 2007-06-26 14:17 apache2-default
lrwxrwxrwx 1 root root 21 2007-06-27 07:13 phpmyadmin -> /usr/share/phpmyadmin
drwxr-xr-x 2 root root 4096 2007-06-27 09:14 sharedip
drwxr-xr-x 8 web2_my1084.com www-data 4096 2007-06-27 14:00 web2
drwxr-xr-x 2 root root 4096 2007-06-26 14:49 webalizer
lrwxrwxrwx 1 www-data web2 13 2007-06-27 10:51 www.my1084.com -> /var/www/web2



Thanks:)
Steve

The mode of a uploaded file can be changed by the script that handles the upload (in this case joomla). But I'am not sure if this can be set globally anywhere else. Maybe joomla has a setting to set the chmod mode anywhere in the config files?

The mode of a uploaded file can be changed by the script that handles the upload (in this case joomla). But I'am not sure if this can be set globally anywhere else. Maybe joomla has a setting to set the chmod mode anywhere in the config files?


Hi Till

Yes Joomla has a setting to chmod all files from its admin global settings page. I tried this and I can do a global chmod that does change the chmod of all files and is now set to do this for all new files but this is having NO Affect on the images being uploaded in the virtuemart shop. This is definitely a permissions issue in suphp not recognising that Joomla should have permission to upload the pictures. Other threads showed people with the same issue when installing modules but nobody has shown an answer to this problem.

I also tried changing the uid and gid in the suphp config from 100 to 1 with no affect.

Is there a way to give the user more privileges and how do I determine exactly what privilages suphp is looking for.

Thanks
Steve:)

This is definitely a permissions issue in suphp not recognising that Joomla should have permission to upload the pictures.

No, it is not. SuPHP does not alter the permissions at all. The problem is that your shop extension does not take care of the global joomla setting. A chmod on files has to be done by the PHP script.

No, it is not. SuPHP does not alter the permissions at all. The problem is that your shop extension does not take care of the global joomla setting. A chmod on files has to be done by the PHP script.


OK I found the answer

Changed unmask from 0077 to 0022 and joomla and all pics are now uploading with correct permissions.
Definately a suphp problem changed in the etc/suphp.config file

[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=www-data

;Path all scripts have to be in docroot=/

;Path to chroot() to before executing script

;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0022

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-php=php:/usr/bin/php5-cgi

;Handler for CGI-scripts
x-suphp-cgi=execute:!self


THanks till

Steve:)

Just wondering if there are any security issues with changing the unmask setting to 0022

Thanks
Steve:)

Hi!

My problem is similar but still a little different.
In my case after installing an extension (doesn't matter which) by the Joomla! installers,chowns of the new copied files get changed to some other.After that I can't do anything with them and directories they are in.
The server runs FreeBSD and belongs to one of the hosting companies in Poland.After contacting the server administrator a bash script runs once in 30 minutes and changes everything back to normal.
Is there a way to fix this problem ? Manual installation of the components could be a workaround but it's easy to make a mistake that way.

I guess your question is not ISPConfig related, as ISPConfig did not run on FreeBSD?

No.
Joomla! runs ok on a server with ISPConfig.

Just wondering if there are any security issues with changing the unmask setting to 0022

That are the default settings for most FTP servers as well, so 022 should be ok. :)

No.
Joomla! runs ok on a server with ISPConfig.
But do you use ISPConfig on that FreeBSD server?

Sorry for the delay.
No Falko.I don't use ISPConfig on FreeBSD.This system is administered by a hosting company that uses DirectAdmin to configure their server.
My problem is similar to steve1084's so I posted what I went thru and am very interested in the possible cause or security enhancments that could make files installed by Joomla! have a different owner (chmod seems to be ok).
The administrator blaims Joomla! for all of this but how could a script change the owner of files so they are owned by a user with a higher UID ? It seems strange to me.
I'm using Debian Sarge with ISPConfig and SuPHP at home and don't have any problems like that with Joomla!

So Joomla changes the owner from the user it's running under to another user? This can always be done if the files are owned by the Joomla user. Unfortunately I'm not so familiar with Joomla, so I don't know why it changes ownerships.

So Joomla changes the owner from the user it's running under to another user?
That's right.This happens only on the server I described above.I've got no problems on other servers.