Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th March 2008, 21:05
berny berny is offline
Junior Member
 
Join Date: Nov 2007
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default suPHP fails with mod 0600 on Debian Etch

Hello,

I have an installation of ISPConfig 2.2.21 and have installed suPHP according to the howot found at http://www.howtoforge.com/install-su...2.20-and-above

suPHP now seems to be working well for php-scripts and textpattern sites when using 0664 access rights on files.

However, I want to have 0600 so no ftp-user or shell-user can see files from another web. But if I give group and other no read rights apache throws an error 403.

What do I need to do?

Here is my config:


From /etc/apache2/vhosts/Vhosts_ispconfig.conf:

Code:
###################################
#
# ISPConfig vHost Configuration File
#         Version 1.0
#
###################################
#
NameVirtualHost xxx.xxx.xxx.249:80
<VirtualHost xxx.xxx.xxx.249:80>
  ServerName localhost
  ServerAdmin root@localhost
  DocumentRoot /var/www/sharedip
</VirtualHost>
#
#
######################################
# Vhost: www.yyyy.de:80
######################################
#
#
<VirtualHost xxx.xxx.xxx.249:80>
SuexecUserGroup web1_ web1
ServerName www.yyyy.de:80
ServerAdmin webmaster@yyyy.de
DocumentRoot /var/www/web1/web
ServerAlias yyyy.de
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 i
ndex.shtml index.cgi index.pl index.jsp Default.htm default.htm
Alias  /cgi-bin/ /var/www/web1/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web1/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Directory /var/www/web1/web>
  suPHP_Engine on
  suPHP_UserGroup web1_ web1
  AddHandler x-httpd-php .php .php3 .php4 .php5
  suPHP_AddHandler x-httpd-php
  SetEnv php_safe_mode Off
</Directory>
Alias /error/ "/var/www/web1/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
</VirtualHost>

If I access a file with 0600 (-rw-------) access rights, the browser shows an error 403 and I get an entry in /var/www/web1/log/error.log
Code:
[Wed Mar 19 19:29:40 2008] [error] [client xx.xxx.xxx.xx] (13)Permission denied: file permissions deny server access: /var/www/web1/web/index.html
Partial Workaround:

A partial workaround I have found so far is add the user www-data to the group of the web and set access-rights to 0660. The disadvantage is that www-data needs to be added manually to every group.
Reply With Quote
Sponsored Links
  #2  
Old 20th March 2008, 18:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Quote:
SuexecUserGroup web1_ web1
Is web1_ the correct user name?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 20th March 2008, 19:27
berny berny is offline
Junior Member
 
Join Date: Nov 2007
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
Is web1_ the correct user name?
Yes it is. The user "web1_" has the admin-flag set in the ISPConfig web-interface and the user web1_ owns the directories and files.

Code:
zwei:/var/www/web1/web# ls -lha
insgesamt 160K
drwxrwxr-x 26 web1_ web1 4,0K 2008-03-20 18:15 .
drwxr-xr-x  9 web1_ web1 4,0K 2008-03-19 18:37 ..

[...]

-rw-r----- 1 web1_ web1 52 2008-03-20 18:20 test.html

[...]
BTW, should the thread be moved into the ISPConfig-Installation/Configuration Forum?

Thanks a lot.
Reply With Quote
  #4  
Old 21st March 2008, 15:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

What's in /etc/suphp.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 22nd March 2008, 15:03
berny berny is offline
Junior Member
 
Join Date: Nov 2007
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The complete content of /etc/suphp.conf is:

Code:
[global]
;Path to logfile
logfile=/var/log/suphp.log

;Loglevel
loglevel=info

;User Apache is running as
webserver_user=www-data

;Path all scripts have to be in
docroot=/

;Path to chroot() to before executing script
;chroot=/mychroot

; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false

;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true

;Send minor error messages to browser
errors_to_browser=false

;PATH environment variable
env_path=/bin:/usr/bin

;Umask to set, specify in octal notation
umask=0077

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100

[handlers]
;Handler for php-scripts
x-httpd-php=php:/home/admispconfig/ispconfig/tools/suphp/usr/bin/php-wrapper

;Handler for CGI-scripts
x-suphp-cgi=execute:!self
Reply With Quote
  #6  
Old 23rd March 2008, 19:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,745 Times in 2,578 Posts
Default

Looks ok.
I couldn't find anything about it on the web, but I think that Apache still needs read access to the files.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian Etch - Automatix2 fails install Codecs ensens HOWTO-Related Questions 2 18th February 2008 19:22
Perfect setup Debian Etch ISPConfig - DNS Server kdclaver Installation/Configuration 16 28th December 2007 02:39
Bind Failed christoph2k HOWTO-Related Questions 4 28th April 2007 01:57
install fails, debian etch 4.0 edo660 Installation/Configuration 12 27th April 2007 03:40
e-mail problem!!! Debian 3.1 maroonworks Installation/Configuration 18 6th December 2005 15:42


All times are GMT +2. The time now is 10:41.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.