HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   disable security constrain in ispconfig 3 control panel to enable the multisites (http://www.howtoforge.com/forums/showthread.php?t=50319)

qiubosu 2nd December 2010 10:45

disable security constrain in ispconfig 3 control panel to enable the multisites
 
in ispconfig 3 control panel, to use the shared drupal codebase for multisites, how to disable the security constraint? only disable the security for the domain with the drupal codebase shared by other domains? while the other domains share the drupal codebase don't need to disable their security constrains?

cbj4074 2nd December 2010 15:37

As far as I know, you will not be able to use suPHP on any of the sites that must access the shared Drupal code-base. You will likely be required to set the PHP mode to one of the other options on the Sites -> [choose domain] page within ISPConfig, such as Fast-CGI.

Personally, I would not configure the shared Drupal code-base as an actual "Website" (unless you require end-user [as opposed to root] FTP/sFTP access to the files). Instead, I would install Drupal to /usr/share/drupal or similar.

Then, all you should need to do is add the necessary shared Drupal directories to PHP's open_basedir directive for each site (Home -> Sites -> [domain.tld] -> Options [tab]). Here's an example of adding the necessary Roundcube directories to the open_basedir directive in order for users to be able to access Webmail from a given virtual host:

Code:

<Directory /var/www/domain.tld/web/>
php_admin_value safe_mode off
php_admin_value register_globals off
php_admin_value magic_quotes_gpc off
php_admin_value display_errors off
php_admin_value upload_tmp_dir "/var/www/clients/client2/web1/tmp"
php_admin_value open_basedir "/tmp:/etc/roundcube/:/usr/share/roundcube:/var/log/roundcube:/var/lib/roundcube:/var/lib/roundcube/skins:/var/lib/roundcube/skins/default/templates:/var/lib/roundcube/plugins:/var/lib/roundcube/config:/var/lib/roundcube/bin:/var/lib/roundcube/program:/var/log/roundcube:/usr/share/php:/usr/share/pear:/var/www/clients/client2/web1/web:/var/www/clients/client2/web1/tmp"
</Directory>

Obviously, you will need to change the "domain.tld" in the first line, and replace all of the Roundcube paths with the appropriate Drupal paths.

To determine which Drupal paths must be added to the open_basedir directive, try accessing the homepage on any of the sites that use the code-base, then check /var/www/domain.tld/log/error.log each time the page does not load. Each time access to the Drupal site is denied on the grounds of an open_basedir restriction, the exact path that must be added will appear in error.log.

Also, you will probably want to create a symbolic link or an Apache alias that points from each separate Website to the shared Drupal directory (e.g., /usr/share/drupal).

Further, appropriate permissions must be set on the shared Drupal directory for access to be possible from each separate site.

Finally, note that you must wait a few minutes between the time that you update a given Website's PHP or Apache directives and the time that the changes take effect.

Good luck!

qiubosu 3rd December 2010 00:10

Quote:

Originally Posted by cbj4074 (Post 245651)
Further, appropriate permissions must be set on the shared Drupal directory for access to be possible from each separate site.

may you help to give an example of your statement above?

qiubosu 10th December 2010 23:04

Quote:

Originally Posted by cbj4074 (Post 245651)
As far as I know, you will not be able to use suPHP on any of the sites that must access the shared Drupal code-base. You will likely be required to set the PHP mode to one of the other options on the Sites -> [choose domain] page within ISPConfig, such as Fast-CGI.

Personally, I would not configure the shared Drupal code-base as an actual "Website" (unless you require end-user [as opposed to root] FTP/sFTP access to the files). Instead, I would install Drupal to /usr/share/drupal or similar.

if not configure the shared drupal codebase as an actual website, then how to install the codebase site and configure it by login to the site? use http://localhost for this?

Quote:

Then, all you should need to do is add the necessary shared Drupal directories to PHP's open_basedir directive for each site (Home -> Sites -> [domain.tld] -> Options [tab]). Here's an example of adding the necessary Roundcube directories to the open_basedir directive in order for users to be able to access Webmail from a given virtual host:
do you mean add to "Apache directives" text field under Options tab? is this equivalent to edit httpd.conf? or .htaccess file?

Quote:

Code:

<Directory /var/www/domain.tld/web/>
php_admin_value safe_mode off
php_admin_value register_globals off
php_admin_value magic_quotes_gpc off
php_admin_value display_errors off
php_admin_value upload_tmp_dir "/var/www/clients/client2/web1/tmp"
php_admin_value open_basedir "/tmp:/etc/roundcube/:/usr/share/roundcube:/var/log/roundcube:/var/lib/roundcube:/var/lib/roundcube/skins:/var/lib/roundcube/skins/default/templates:/var/lib/roundcube/plugins:/var/lib/roundcube/config:/var/lib/roundcube/bin:/var/lib/roundcube/program:/var/log/roundcube:/usr/share/php:/usr/share/pear:/var/www/clients/client2/web1/web:/var/www/clients/client2/web1/tmp"
</Directory>


is "php_admin_value open_basedir "/tmp:/etc/roundcube/:/usr/share/roundcube:/var/log/roundcube:/var/lib/roundcube:/var/lib/roundcube/skins:/var/lib/roundcube/skins/default/templates:/var/lib/roundcube/plugins:/var/lib/roundcube/config:/var/lib/roundcube/bin:/var/lib/roundcube/program:/var/log/roundcube:/usr/share/php:/usr/share/pear:/var/www/clients/client2/web1/web:/var/www/clients/client2/web1/tmp"
" equivalent to the content in the "PHP open_basedir" field under Options tab?


All times are GMT +2. The time now is 08:19.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.