Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th May 2010, 23:00
jumba jumba is offline
Member
 
Join Date: May 2010
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default [SOLVED] suPHP and suEXEC broken by default in Ubuntu 10.04 Perfect Server

I followed the Ubuntu 10.04 perfect server guide and installed ISPConfig 3.
I want to install Joomla so I created a website with suEXEC + PHP Fast-CGI and another site with suPHP.

Neither suEXEC + PHP Fast-CGI nor suPHP work correctly by default.
If I upload a file via FTP it will be owned by the correct owner (like web1) but any file created by Joomla will be owned by www-data.

If you try to install Joomla you will see an error at the beginning saying that configuration.php is not writable.
If you change the permissions of /web from the default value of 710 to 777, Joomla can write to configuration.php but the owner will be www-data.
You can now continue installing Joomla but you cannnot install anything from within Joomla since all the files it tries to create are owned by www-data.

The first thing you notice when you connect to your site's account with ssh or FTP is that some of the default permissions are wrong.

in /var/www/clients/client1/web1 all files and directories are owned by web1 (group client1)
/.cache is 755
/cgi-bin is 751
/log is 777
/tmp is 777
/web is 710
.bash_history is 755

in /web the /stats directory has 755 but it is owned by root.
The are other files from /web are owned by web1 client1 but their permissions are 754 not 644

So, there is absolutely no difference between a site with suPHP and another one with suEXEC + Fast-CGI. They both have the same default permissions and any file created by Joomla is owned by www-data.

Any suggestion on how to fix this?
The permissions are OK in Ubuntu 8.04 with ISPConfig 3 and suPHP.

Last edited by jumba; 6th June 2010 at 19:02.
Reply With Quote
Sponsored Links
  #2  
Old 28th May 2010, 23:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,589
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
he first thing you notice when you connect to your site's account with ssh or FTP is that some of the default permissions are wrong.
The permissions are absolutely correct and as they should. You mix up the security modes here. Your old server is set to another securioty mode the the new one. With the new high security level, the permissions have to be like this. Your suexec and suphp problem are not realted to this.

Quote:
So, there is absolutely no difference between a site with suPHP and another one with suEXEC + Fast-CGI
Thats as it should. If they were different, then the setup would be incorrect. The difference is not in directory settings, its in the vhost file.

To find the reason for your problems, check this:

Any jobs listed in the jobqueue in the ispconfig monitor?

If no, then set the website to suexec + fastcgi. Wait a few minutes and then get the vhost file of this vhost and post its content here.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 29th May 2010, 00:53
jumba jumba is offline
Member
 
Join Date: May 2010
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the quick answer.
I created a new site with suexec and fastcgi.
There are no jobs in the queue.

Code:
<Directory /var/www/test.zz>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/test.zz/web
  
    ServerName test.zz
    ServerAlias www.test.zz
    ServerAdmin webmaster@test.zz

    ErrorLog /var/log/ispconfig/httpd/test.zz/error.log
	
    <Directory /var/www/test.zz/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web4/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # suexec enabled
    SuexecUserGroup web4 client1
    # php as fast-cgi enabled
    <IfModule mod_fcgid.c>
      # SocketPath /tmp/fcgid_sock/
      IdleTimeout 3600
      ProcessLifeTime 7200
      # MaxProcessCount 1000
      DefaultMinClassProcessCount 3
      DefaultMaxClassProcessCount 100
      IPCConnectTimeout 8
      IPCCommTimeout 360
      BusyTimeout 300
    </IfModule>
    <Directory /var/www/test.zz/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
	<Directory /var/www/clients/client1/web4/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web4 client1
    </IfModule>


</VirtualHost>

Last edited by jumba; 29th May 2010 at 01:09.
Reply With Quote
  #4  
Old 29th May 2010, 09:15
mike_p mike_p is offline
Senior Member
 
Join Date: Mar 2010
Location: Surrey, England
Posts: 140
Thanks: 9
Thanked 28 Times in 17 Posts
Default

What result are you expecting when using suexec?

The default setup via ISPConfig is to restrict use of CGI to the cgi-bin.

To enable cgi in other directories you'll also have to set the options to +ExecCGI for whatever directory.

Suexec enforces the requirements
1/ the script must be owned by the user/group specified by the
SuexecUserGroup directive and have 755 permissions
2/ the containing directory must also be owned by the same user/group.
Reply With Quote
  #5  
Old 29th May 2010, 16:44
jumba jumba is offline
Member
 
Join Date: May 2010
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by mike_p View Post
What result are you expecting when using suexec?
Well, I expect suEXEC + Fast-CGI or suPHP to work correctly.
Because none of them works as expected, any new file Joomla tries to create is owned by www-data.

In Ubuntu 8.04 + ISPConfig 3 + manual installation of suPHP there are no problems with permissions in Joomla.
Reply With Quote
  #6  
Old 29th May 2010, 16:58
jumba jumba is offline
Member
 
Join Date: May 2010
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The default settings make it impossible to run a Joomla site.
Reply With Quote
  #7  
Old 29th May 2010, 17:04
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,589
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
Originally Posted by jumba View Post
The default settings make it impossible to run a Joomla site.
We are currently investigating here a problem why it does not work on your server while it works on other servers incl. the test servers that I have here. So thats not related to default settings at all.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 29th May 2010, 17:07
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,589
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
Originally Posted by jumba View Post
Thanks for the quick answer.
I created a new site with suexec and fastcgi.
There are no jobs in the queue.

Code:
<Directory /var/www/test.zz>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/test.zz/web
  
    ServerName test.zz
    ServerAlias www.test.zz
    ServerAdmin webmaster@test.zz

    ErrorLog /var/log/ispconfig/httpd/test.zz/error.log
	
    <Directory /var/www/test.zz/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web4/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # suexec enabled
    SuexecUserGroup web4 client1
    # php as fast-cgi enabled
    <IfModule mod_fcgid.c>
      # SocketPath /tmp/fcgid_sock/
      IdleTimeout 3600
      ProcessLifeTime 7200
      # MaxProcessCount 1000
      DefaultMinClassProcessCount 3
      DefaultMaxClassProcessCount 100
      IPCConnectTimeout 8
      IPCCommTimeout 360
      BusyTimeout 300
    </IfModule>
    <Directory /var/www/test.zz/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
	<Directory /var/www/clients/client1/web4/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web4 client1
    </IfModule>


</VirtualHost>
The vhost file is ok. Suexec is enabled and the vhost also uses fcgi.

1) How exactly didn you access the contents of this site? By entering http://www.test.zz in the webbrowser?

2) Add a phpinfo file in this vhost, then open it with the webbrowser and post it here.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 29th May 2010, 18:20
jumba jumba is offline
Member
 
Join Date: May 2010
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
How exactly didn you access the contents of this site? By entering http://www.test.zz in the webbrowser?
Yes, in the browser. My ispconfig installation is in a VM, on my computer. It's not accessible from the internet.
I added www.test.zz and the hostname and IP address of the VM to my /etc/hosts.

Before posting here, I installed the Ubuntu 10.04 Perfect Server + ISPConfig 3 on 2 different VMs. It's the same problem on both of them.

I attached an .mht with the PHP info. It should open just fine in Firefox or Opera.
Attached Files
File Type: zip phpinfo-mht.zip (19.4 KB, 143 views)
Reply With Quote
  #10  
Old 1st June 2010, 14:15
jumba jumba is offline
Member
 
Join Date: May 2010
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Any suggestions?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security - mod_php with FTP vs SuPHP or SuExec ethanlifka Installation/Configuration 1 22nd February 2010 10:18


All times are GMT +2. The time now is 14:51.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.