View Single Post
  #7  
Old 5th January 2011, 00:27
filipealvarez filipealvarez is offline
Member
 
Join Date: Apr 2009
Posts: 34
Thanks: 0
Thanked 1 Time in 1 Post
Default

Till, I FOUND the problem, the debian package apache2-suexec-custom was missing!

I simply do this:

apt-get install apache2-suexec-custom

Restart the apache and the repeating the tests I got this output:

# id
uid=5004(web4) gid=5005(client1) groups=5002(sshusers),5005(client1)

And the ps aux:

web4 9058 0.0 0.0 168312 13280 ? S 21:11 0:00 /usr/bin/php-cgi -d open_basedir=/var/www/clients/client1/web4/web:/var/www/clients/client1/web4/tmp:/var/www/new.compreauto.com.br/web:/srv/www/new.compreauto.com.br/web:/usr/share/php5:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin -d upload_tmp_dir=/var/www/clients/client1/web4/tmp -d session.save_path=/var/www/clients/client1/web4/tmp

I search in the how to ( http://www.howtoforge.com/perfect-se...-ispconfig3-p4 ) and the line refering a apache/php install is:

apt-get install apache2 apache2.2-common apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap phpmyadmin php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libapache2-mod-ruby

Just apache2-suexec was installed, so I think that tip maybe util for Debian 5.0.7 users in general!

But I feel other difference between ispconfig in Debian 5 than Ubuntu 8.0.4, the user web4 in Ubuntu keep's into the home directory (/var/www/clients/client1/, he cannot listen / or /tmp for example.)

Do you know a tip to fix that?

Is horrible to know that a malicious php script can list the /var/www/clients.

Thanks and I again, the original problem is SOLVED, I expose the second problem in this thread just because I consider a bit related
Reply With Quote