HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   suPHP and suEXEC broken by default in Ubuntu 10.04 Perfect Server (http://www.howtoforge.com/forums/showthread.php?t=46192)

jumba 28th May 2010 23:00

[SOLVED] suPHP and suEXEC broken by default in Ubuntu 10.04 Perfect Server
 
I followed the Ubuntu 10.04 perfect server guide and installed ISPConfig 3.
I want to install Joomla so I created a website with suEXEC + PHP Fast-CGI and another site with suPHP.

Neither suEXEC + PHP Fast-CGI nor suPHP work correctly by default.
If I upload a file via FTP it will be owned by the correct owner (like web1) but any file created by Joomla will be owned by www-data.

If you try to install Joomla you will see an error at the beginning saying that configuration.php is not writable.
If you change the permissions of /web from the default value of 710 to 777, Joomla can write to configuration.php but the owner will be www-data.
You can now continue installing Joomla but you cannnot install anything from within Joomla since all the files it tries to create are owned by www-data.

The first thing you notice when you connect to your site's account with ssh or FTP is that some of the default permissions are wrong.

in /var/www/clients/client1/web1 all files and directories are owned by web1 (group client1)
/.cache is 755
/cgi-bin is 751
/log is 777
/tmp is 777
/web is 710
.bash_history is 755

in /web the /stats directory has 755 but it is owned by root.
The are other files from /web are owned by web1 client1 but their permissions are 754 not 644

So, there is absolutely no difference between a site with suPHP and another one with suEXEC + Fast-CGI. They both have the same default permissions and any file created by Joomla is owned by www-data.

Any suggestion on how to fix this?
The permissions are OK in Ubuntu 8.04 with ISPConfig 3 and suPHP.

till 28th May 2010 23:42

Quote:

he first thing you notice when you connect to your site's account with ssh or FTP is that some of the default permissions are wrong.
The permissions are absolutely correct and as they should. You mix up the security modes here. Your old server is set to another securioty mode the the new one. With the new high security level, the permissions have to be like this. Your suexec and suphp problem are not realted to this.

Quote:

So, there is absolutely no difference between a site with suPHP and another one with suEXEC + Fast-CGI
Thats as it should. If they were different, then the setup would be incorrect. The difference is not in directory settings, its in the vhost file.

To find the reason for your problems, check this:

Any jobs listed in the jobqueue in the ispconfig monitor?

If no, then set the website to suexec + fastcgi. Wait a few minutes and then get the vhost file of this vhost and post its content here.

jumba 29th May 2010 00:53

Thanks for the quick answer.
I created a new site with suexec and fastcgi.
There are no jobs in the queue.

Code:

<Directory /var/www/test.zz>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/test.zz/web
 
    ServerName test.zz
    ServerAlias www.test.zz
    ServerAdmin webmaster@test.zz

    ErrorLog /var/log/ispconfig/httpd/test.zz/error.log
       
    <Directory /var/www/test.zz/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web4/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # suexec enabled
    SuexecUserGroup web4 client1
    # php as fast-cgi enabled
    <IfModule mod_fcgid.c>
      # SocketPath /tmp/fcgid_sock/
      IdleTimeout 3600
      ProcessLifeTime 7200
      # MaxProcessCount 1000
      DefaultMinClassProcessCount 3
      DefaultMaxClassProcessCount 100
      IPCConnectTimeout 8
      IPCCommTimeout 360
      BusyTimeout 300
    </IfModule>
    <Directory /var/www/test.zz/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
        <Directory /var/www/clients/client1/web4/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web4 client1
    </IfModule>


</VirtualHost>


mike_p 29th May 2010 09:15

What result are you expecting when using suexec?

The default setup via ISPConfig is to restrict use of CGI to the cgi-bin.

To enable cgi in other directories you'll also have to set the options to +ExecCGI for whatever directory.

Suexec enforces the requirements
1/ the script must be owned by the user/group specified by the
SuexecUserGroup directive and have 755 permissions
2/ the containing directory must also be owned by the same user/group.

jumba 29th May 2010 16:44

Quote:

Originally Posted by mike_p (Post 229573)
What result are you expecting when using suexec?

Well, I expect suEXEC + Fast-CGI or suPHP to work correctly.
Because none of them works as expected, any new file Joomla tries to create is owned by www-data.

In Ubuntu 8.04 + ISPConfig 3 + manual installation of suPHP there are no problems with permissions in Joomla.

jumba 29th May 2010 16:58

The default settings make it impossible to run a Joomla site.

till 29th May 2010 17:04

Quote:

Originally Posted by jumba (Post 229609)
The default settings make it impossible to run a Joomla site.

We are currently investigating here a problem why it does not work on your server while it works on other servers incl. the test servers that I have here. So thats not related to default settings at all.

till 29th May 2010 17:07

Quote:

Originally Posted by jumba (Post 229563)
Thanks for the quick answer.
I created a new site with suexec and fastcgi.
There are no jobs in the queue.

Code:

<Directory /var/www/test.zz>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/test.zz/web
 
    ServerName test.zz
    ServerAlias www.test.zz
    ServerAdmin webmaster@test.zz

    ErrorLog /var/log/ispconfig/httpd/test.zz/error.log
       
    <Directory /var/www/test.zz/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web4/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # suexec enabled
    SuexecUserGroup web4 client1
    # php as fast-cgi enabled
    <IfModule mod_fcgid.c>
      # SocketPath /tmp/fcgid_sock/
      IdleTimeout 3600
      ProcessLifeTime 7200
      # MaxProcessCount 1000
      DefaultMinClassProcessCount 3
      DefaultMaxClassProcessCount 100
      IPCConnectTimeout 8
      IPCCommTimeout 360
      BusyTimeout 300
    </IfModule>
    <Directory /var/www/test.zz/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
        <Directory /var/www/clients/client1/web4/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web4 client1
    </IfModule>


</VirtualHost>


The vhost file is ok. Suexec is enabled and the vhost also uses fcgi.

1) How exactly didn you access the contents of this site? By entering http://www.test.zz in the webbrowser?

2) Add a phpinfo file in this vhost, then open it with the webbrowser and post it here.

jumba 29th May 2010 18:20

1 Attachment(s)
Quote:

Originally Posted by till (Post 229613)
How exactly didn you access the contents of this site? By entering http://www.test.zz in the webbrowser?

Yes, in the browser. My ispconfig installation is in a VM, on my computer. It's not accessible from the internet.
I added www.test.zz and the hostname and IP address of the VM to my /etc/hosts.

Before posting here, I installed the Ubuntu 10.04 Perfect Server + ISPConfig 3 on 2 different VMs. It's the same problem on both of them.

I attached an .mht with the PHP info. It should open just fine in Firefox or Opera.

jumba 1st June 2010 14:15

Any suggestions?


All times are GMT +2. The time now is 20:56.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.