Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th February 2006, 10:25
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default write access to wwwrun/www-data in users DocumentRoot

Hi everybody - it´s monday and the problems are with me, again
Is there a - practicable - way to give apache/mod_php write access to the users public web directorys?

I have to make the users public web directories write accessible for wwwrun (or www-data). With the default ISPconfig installation (Suse10, perfect setup) that is´nt possible (or I´m wrong?). So I made following changes and it works:

Add user wwwrun to the web10-group
Code:
groupmod --add-user wwwrun web10
make web10-dir writeable for all group members
Code:
chmod 775  /home/www/web10
make web-dir writeable for everybody
Code:
chmod 777  /home/www/web10/web
(actual it should be enough to give 775 - but it isn´t and I dont understand why - but for the asked problem I will ignore this at this time)
That works - but isnt very smart of course.
At last it is now very unsecure to give users shell access because all users would have write access to the directories from the other users But that is for me the smaller problem, so would´nt give shell access.

Now I would go to patch the ispconfig scripts which create the users directories and would set the above values with chmod/chown and so on.

So my questions:
- which ISPConfig script/s I have to patch?
- is there another way to give write access to the public dirs?

thanks in advance!
__________________
regards,
Stefan.
Reply With Quote
Sponsored Links
  #2  
Old 6th February 2006, 10:41
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

something I forgot - these solutions are working, I know, but they´re would be a compromise only:

- to run the php script as cgi (additional to the mod_php) is not the preferred solutions
- http://www.suphp.org

is there another solution?
__________________
regards,
Stefan.
Reply With Quote
  #3  
Old 6th February 2006, 14:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
So my questions:
- which ISPConfig script/s I have to patch?
The xript is /root/ispconfig/scripts/lib/config.lib.php. Look at the function make_docroot() (around line 966).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 6th February 2006, 18:45
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
The xript is /root/ispconfig/scripts/lib/config.lib.php. Look at the function make_docroot() (around line 966).
Thank you Falko - I think I first check out su_php. If that do not work I like, I´ll patch the file (but probably it will ...)
If somebody else could use this info: the two rows on line 1083 should be changed from
Code:
exec("chown -R $apache_user:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R $apache_user:web$doc_id $web_path &> /dev/null");
to
Code:
exec("chown -R wwwrun:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R wwwrun:web$doc_id $web_path &> /dev/null");
sometimes wwwrun is www-data - check this out before! This is not tested!


there is a very strange thing I observed:
is there any process that checks every 1-2 minutes the file owners in /home/www and makes changes on it?

I added one user manually with useradd, this user has now the uid 10028 (this is the highest number in /etc/passwd but not the last entry).

Now, a web directory /www/web22 is being permanently changed to xyz.web22 (where xyz is the user with uid 10028). All other dirs in /www are untouched.

(the /www/web22 directory is the second last web, so the last is web23)
Do you know what this could be?
__________________
regards,
Stefan.

Last edited by st2xo; 6th February 2006 at 18:47.
Reply With Quote
  #5  
Old 6th February 2006, 23:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
If somebody else could use this info: the two rows on line 1083 should be changed from
Code:
exec("chown -R $apache_user:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R $apache_user:web$doc_id $web_path &> /dev/null");
to
Code:
exec("chown -R wwwrun:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R wwwrun:web$doc_id $web_path &> /dev/null");
sometimes wwwrun is www-data - check this out before! This is not tested!
$apache_user contains the Apache user - in your case wwwrun, so there's no need to change this.


Quote:
Originally Posted by st2xo
I added one user manually with useradd, this user has now the uid 10028 (this is the highest number in /etc/passwd but not the last entry).

Now, a web directory /www/web22 is being permanently changed to xyz.web22 (where xyz is the user with uid 10028). All other dirs in /www are untouched.

(the /www/web22 directory is the second last web, so the last is web23)
Do you know what this could be?
By default ISPConfig creates users with UIDs above 10000. When you add users manually, you should use UIDs below 10000. What happened on your system is this:
You created users with ISPConfig up to the UID 10027. Then you added a user manually; because you did not specify a certain UID, the user got the UID 10028.
Then you created the next user in ISPConfig. Because ISPConfig doesn't know that you created another user manually in the meantime, the new user gets the UID 10028. And voilà, you have two users with conflicting UIDs.
You should assign another UID (below 10000) to your manually created user.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 7th February 2006, 10:15
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
$apache_user contains the Apache user - in your case wwwrun, so there's no need to change this.
mhmh, then its even more strange on my system - the web-directories in /home/www are owned by the user with administrator-Checkbox in User&Email-Settings.

Directories created by ISPconfig without any changes from me (I did´nt patched the config.lib.php file) are like this:
Code:
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 web18/
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 www.XYZ.de/
If I deselect the admin-Checkbox the file owner changes immediately to
Code:
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 web18/
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 www.XYZ.de/
If now selected another user as admin the file owner changes again
Code:
drwxr-xr-x  10 web18_test2     web18 4.0K Feb  7 09:55 web18/
drwxr-xr-x  10 web18_test2     web18 4.0K Feb  7 09:55 www.XYZ.de/
So there´s is no wwwrun user set and without set any admin-checkox root is owner of the dirs (but that seems to be correct?!)
Setting wwwrun as as the owner of alle files by ISPConfig-default would be solve all my problems How can I make that? Or whats going wrong there?
(the perfect setup was installed fine on a brandnew suse10-OS, all default, no errors, no strange things)

Quote:
Originally Posted by falko
You should assign another UID (below 10000) to your manually created user.
thanks! That´s it. I changed the uid manually in /etc/passwd. After exiting vi the owner from this one directory was already fixed. Now I remember that somewhere I read this thing with the uid upper than 10000
__________________
regards,
Stefan.
Reply With Quote
  #7  
Old 7th February 2006, 12:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
mhmh, then its even more strange on my system - the web-directories in /home/www are owned by the user with administrator-Checkbox in User&Email-Settings.
That's the way it is intended. If a web site has an admin, then the admin owns these directories. If there's no admin, then the directories should be owned by the Apache user.

Quote:
Originally Posted by st2xo
Directories created by ISPconfig without any changes from me (I did´nt patched the config.lib.php file) are like this:
Code:
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 web18/
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 www.XYZ.de/
If I deselect the admin-Checkbox the file owner changes immediately to
Code:
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 web18/
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 www.XYZ.de/
root is not ok. Then something's strange on your system...

Quote:
Originally Posted by st2xo
Setting wwwrun as as the owner of alle files by ISPConfig-default would be solve all my problems How can I make that? Or whats going wrong there?
You can change the code and hard-code wwwrun into it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD is not working after install the ISPConfig gimhan90 Server Operation 8 3rd February 2006 09:25
Ability to add components for users webstergd Feature Requests 1 20th December 2005 10:25
regarding proftpd and users with shell access Ovidiu Server Operation 2 5th December 2005 13:03


All times are GMT +2. The time now is 17:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.