#1  
Old 4th March 2010, 16:14
bn61 bn61 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 18
Thanks: 1
Thanked 1 Time in 1 Post
Default typo3 mit ispconfig3 / suexec

Hi,
I have setup an apache (SUExec/fcgi) with the help of ISPConfig3.
In order to find a suitable solution I started off with the typo3 sources within the webserver directory.
When I try calling the typo3 backend I get the following error:
Code:
Warning: fopen() [function.fopen]: open_basedir restriction in effect.
File(/var/www/BLABLA/web/typo3temp/llxml/misc.xml_f45d73fa32.de.iso-8859-1.cache)
is not within the allowed path(s):
(/var/www/BLABLA/:/var/www/clients/client2/web2/)
in /var/www/clients/client2/web2/web/t3lib/class.t3lib_div.php  on line 2752

Warning:
fopen(/var/www/BLABLA/web/typo3temp/llxml/misc.xml_f45d73fa32.de.iso-8859-1.cache)
[function.fopen]: failed to open stream: 
Operation not permitted in /var/www/clients/client2/web2/web/t3lib/class.t3lib_div.php on line 2752

ERROR: File not written to disk! Write permission error in filesystem?
Clearly this error message contradicts itself since the file in question is in the directory that is defined in the open_basedir statement.
Any ideas?
Reply With Quote
Sponsored Links
  #2  
Old 4th March 2010, 16:34
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
Default

Are all files and folders owned by the user and group of the website?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 4th March 2010, 16:51
bn61 bn61 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 18
Thanks: 1
Thanked 1 Time in 1 Post
Default

Yes, every single one.
Reply With Quote
  #4  
Old 4th March 2010, 17:42
bn61 bn61 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 18
Thanks: 1
Thanked 1 Time in 1 Post
Default addendum: my config files

/etc/apache2/sites-available/BLABLA.vhost:
Code:
<Directory /var/www/BLABLA>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/BLABLA/web

    ServerName BLABLA
    ServerAdmin webmaster@BLABLA

    ErrorLog /var/log/ispconfig/httpd/BLABLA/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    <Directory /var/www/BLABLA/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client2/web2/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # cgi enabled
        <Directory /var/www/clients/client2/web2/cgi-bin>
      Order allow,deny
      Allow from all
    </Directory>
    ScriptAlias  /cgi-bin/ /var/www/clients/client2/web2/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    # suexec enabled
    SuexecUserGroup web2 client2
    # php as fast-cgi enabled
    <Directory /var/www/BLABLA/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web2/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride all
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>
/var/www/php-fcgi-scripts/web2/.php-fcgi-starter
Code:
#!/bin/sh
PHPRC="/etc/php5/cgi/"
export PHPRC
PHP_DOCUMENT_ROOT="/var/www/clients/client2/web2"
export PHP_DOCUMENT_ROOT
# The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
# mod_fcgi will control the number of childs themself and never use the additional processes.
# PHP_FCGI_CHILDREN=8
# export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS
exec /usr/bin/php-cgi \
 -d open_basedir=/var/www/BLABLA/:/var/www/clients/client2/web2/ \
-d upload_tmp_dir=/var/www/clients/client2/web2/tmp \
-d session.save_path=/var/www/clients/client2/web2/tmp \
-d memory_limit="64M" \
-d IPCCommTimeout=60 \
 $1
(the green parts are manually changed by me)

Code:
server:/var/www/clients/client2/web2/web# ls -l
total 368
drwxr-xr-x  2 web2 client0    111 2010-02-26 18:44 error
drwxr-xr-x  7 web2 client0   4096 2010-03-03 22:22 fileadmin
-rw-r--r--  1 web2 client0  18348 2008-01-29 11:27 GPL.txt
-rw-r--r--  1 web2 client0     13 2008-02-08 11:01 index.htm
-rw-r--r--  1 web2 client0   2903 2008-01-29 11:27 index.php
drwxr-xr-x  3 web2 client0   4096 2010-03-02 18:32 misc
-rwxr-xr--  1 web2 client0     34 2010-02-26 18:44 robots.txt
drwxr-xr-x  2 web2 client0   4096 2010-03-03 00:30 stats
drwxr-xr-x  7 web2 client0   4096 2010-03-03 19:06 t3lib
drwxr-xr-x 13 web2 client0   4096 2010-03-03 11:21 typo3
drwxrwxrwx  5 web2 client0   4096 2010-03-03 22:22 typo3conf
drwxrwxrwx 11 web2 client0  20480 2010-03-03 22:22 typo3temp
drwxr-xr-x 14 web2 client0   4096 2010-03-03 22:22 uploads
Reply With Quote
  #5  
Old 4th March 2010, 17:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
Default

The permissions do not look right. It seems as if you moved the site to another client without changing the owner of the files. Please post the output of:

ls -la /var/www/clients/client2/web2/web
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 4th March 2010, 18:08
bn61 bn61 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 18
Thanks: 1
Thanked 1 Time in 1 Post
Default

yes, I just saw that the group rights were not correct and changed them to client2. unfortunately that gave me the same results.

anyway here is the results of ls -la /var/www/clients/client2/web2/web
Code:
-rw-r--r--  1 web2 client2 215227 2008-01-29 11:27 ChangeLog
-rw-r--r--  1 web2 client2   4690 2008-03-07 17:08 dmailerd.php
drwxr-xr-x  2 web2 client2    111 2010-02-26 18:44 error
drwxr-xr-x  7 web2 client2   4096 2010-03-03 22:22 fileadmin
-rw-r--r--  1 web2 client2  18348 2008-01-29 11:27 GPL.txt
-rw-r--r--  1 web2 client2    535 2010-03-03 14:30 .htaccess
-rw-r--r--  1 web2 client2     13 2008-02-08 11:01 index.htm
-rw-r--r--  1 web2 client2   2903 2008-01-29 11:27 index.php
drwxr-xr-x  3 web2 client2   4096 2010-03-02 18:32 misc
-rwxr-xr--  1 web2 client2     34 2010-02-26 18:44 robots.txt
drwxr-xr-x  2 web2 client2   4096 2010-03-03 00:30 stats
drwxr-xr-x  7 web2 client2   4096 2010-03-03 19:06 t3lib
drwxr-xr-x 13 web2 client2   4096 2010-03-03 11:21 typo3
drwxrwxrwx  5 web2 client2   4096 2010-03-03 22:22 typo3conf
drwxrwxrwx 11 web2 client2  20480 2010-03-03 22:22 typo3temp
drwxr-xr-x 14 web2 client2   4096 2010-03-03 22:22 uploads
Reply With Quote
  #7  
Old 4th March 2010, 20:00
bn61 bn61 is offline
Junior Member
 
Join Date: Feb 2010
Posts: 18
Thanks: 1
Thanked 1 Time in 1 Post
Default

I took a look at my suexec.log:
Code:
[2010-03-04 19:33:10]: uid: (5005/web4) gid: (5008/5008) cmd: .php-fcgi-starter
The thing that caught my eye is the "mismatch" of the uid. (5005 and web4 are the same user)
Could that be the problem? And if so, where does it stem from?
Reply With Quote
Reply

Bookmarks

Tags
fcgi, open_basedir, suexec, typo3

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
amavis rejects all inbound emails aclhkaclhk Installation/Configuration 5 28th February 2010 04:24
network issues now it says "401 The web site is blocked by administrator" Check General 3 26th February 2008 14:22
Question about installing TYPO3 Hans Installation/Configuration 7 25th September 2006 14:33
SuExec compiling qtam0 Server Operation 6 24th September 2006 02:25
Typo3 and ISPConfig linuxuser1 General 9 17th February 2006 10:30


All times are GMT +2. The time now is 08:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.