View Single Post
  #1  
Old 19th March 2008, 21:05
berny berny is offline
Junior Member
 
Join Date: Nov 2007
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default suPHP fails with mod 0600 on Debian Etch

Hello,

I have an installation of ISPConfig 2.2.21 and have installed suPHP according to the howot found at http://www.howtoforge.com/install-su...2.20-and-above

suPHP now seems to be working well for php-scripts and textpattern sites when using 0664 access rights on files.

However, I want to have 0600 so no ftp-user or shell-user can see files from another web. But if I give group and other no read rights apache throws an error 403.

What do I need to do?

Here is my config:


From /etc/apache2/vhosts/Vhosts_ispconfig.conf:

Code:
###################################
#
# ISPConfig vHost Configuration File
#         Version 1.0
#
###################################
#
NameVirtualHost xxx.xxx.xxx.249:80
<VirtualHost xxx.xxx.xxx.249:80>
  ServerName localhost
  ServerAdmin root@localhost
  DocumentRoot /var/www/sharedip
</VirtualHost>
#
#
######################################
# Vhost: www.yyyy.de:80
######################################
#
#
<VirtualHost xxx.xxx.xxx.249:80>
SuexecUserGroup web1_ web1
ServerName www.yyyy.de:80
ServerAdmin webmaster@yyyy.de
DocumentRoot /var/www/web1/web
ServerAlias yyyy.de
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 i
ndex.shtml index.cgi index.pl index.jsp Default.htm default.htm
Alias  /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Directory /var/www/web1/web>
  suPHP_Engine on
  suPHP_UserGroup web1_ web1
  AddHandler x-httpd-php .php .php3 .php4 .php5
  suPHP_AddHandler x-httpd-php
  SetEnv php_safe_mode Off
</Directory>
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>

If I access a file with 0600 (-rw-------) access rights, the browser shows an error 403 and I get an entry in /var/www/web1/log/error.log
Code:
[Wed Mar 19 19:29:40 2008] [error] [client xx.xxx.xxx.xx] (13)Permission denied: file permissions deny server access: /var/www/web1/web/index.html
Partial Workaround:

A partial workaround I have found so far is add the user www-data to the group of the web and set access-rights to 0660. The disadvantage is that www-data needs to be added manually to every group.
Reply With Quote
Sponsored Links