HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   ISPConfig 3 Priority Support (http://www.howtoforge.com/forums/forumdisplay.php?f=35)
-   -   Help with Permissions Please (http://www.howtoforge.com/forums/showthread.php?t=61544)

darinpeterson 20th April 2013 16:07

Help with Permissions Please
 
Thank you very much for this forum that is dedicated to your supporters!

I am working to migrate my custom CMS, Piece Builder, to ISPConfig 3. It looks like I'm going to be running into permissions issues when trying to write a users pages to their domain.

OS: Debian Squeeze
ISPConfig: v3.0.5.2

I'm currently faced with two large hurdles:
  • Creating folders in a client web# folder. I'm currently logged in as root, and I'm trying to create a new folder in /var/www/clients/client#/web#/, and I get "permission denied". I don't understand how this can be permission denied for root. How can I solve this problem, please?
  • Piece Builder (pb) under one client needs the ability to write to other clients folders web folders. Under the web# folder there will be a symbolic link to the primary pb library that contains all the PHP files to allow operation of the CMS. On my current server, I made apache the owner of files/folders that pb needs to write. I would like to maintain the setting that a user becomes owner of the files in their folder on update, because that helps me with quota concerns. What is the best way for me to allow pb to do it's job?

Thank you for your help...

Darin

falko 20th April 2013 19:05

Quote:

Originally Posted by darinpeterson (Post 296069)
[*]Creating folders in a client web# folder. I'm currently logged in as root, and I'm trying to create a new folder in /var/www/clients/client#/web#/, and I get "permission denied". I don't understand how this can be permission denied for root. How can I solve this problem, please?

That happens because the immutable bit is set on the web# folder: http://www.aboutlinux.info/2005/11/m...hich-even.html

You can change this behaviour under System > Server Configuration > Web > Permissions.

Quote:

Originally Posted by darinpeterson (Post 296069)
[*]Piece Builder (pb) under one client needs the ability to write to other clients folders web folders. Under the web# folder there will be a symbolic link to the primary pb library that contains all the PHP files to allow operation of the CMS. On my current server, I made apache the owner of files/folders that pb needs to write. I would like to maintain the setting that a user becomes owner of the files in their folder on update, because that helps me with quota concerns. What is the best way for me to allow pb to do it's job?

This is difficult and maybe only possible with mod_php because it runs as the Apache user (whereas FastCGI, CGI, etc. run as the web user), but I would advise against using this on a shared server because of security reasons.

darinpeterson 20th April 2013 19:27

Thank you for taking the time to reply. I appreciate it.

Quote:

Originally Posted by falko (Post 296090)
You can change this behaviour under System > Server Configuration > Web > Permissions.

I have updated the immutable bit setting.

Quote:

Originally Posted by falko (Post 296090)
This is difficult and maybe only possible with mod_php because it runs as the Apache user (whereas FastCGI, CGI, etc. run as the web user), but I would advise against using this on a shared server because of security reasons.

I'm not familiar with mod_php, so I'm going to need to do some research on that.

I own the hardware node, and have setup a virtual server just for pb clients. None of them have ftp access to the server, they can currently only modify their websites through the pb interface.

I was hoping that I might be able to enable permissions by:

System > CP Users > pb > Groups

and checking each of the other user's.

If there's not a good way to do this, maybe I should setup this virtual node w/o ISPConfig, and configure Apache manually. I'd prefer to manage all with ISPConfig 3, but if it cannot be done without big architectural changes to pb, I will have to look at alternatives.

I have promised clients to have the migration completed this week. Once I have permissions issues resolved, it will probably take one day to perform all of the migrations.

What do you recommend?

Thank you,
Darin

falko 21st April 2013 11:29

If you use this hardware node only yourself and have no FTP accounts on it, you can use mod_php and chown all web sites to www-data:www-data (that's the user/group Apache runs as under Debian/Ubuntu), and it should be fine.

You might have to adjust the open_basedir setting on the Options tab so that your software can access scripts outside of its own web site.


All times are GMT +2. The time now is 12:42.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.