#1  
Old 19th September 2010, 15:04
staatslot staatslot is offline
Junior Member
 
Join Date: Aug 2010
Posts: 10
Thanks: 1
Thanked 2 Times in 1 Post
Default suphp + ssl runs as www-data

Hi all,

I think I've found a nasty bug in ISPconfig 3.0.2.2.
When a site that has suphp enabled runs at port 443 (SSL) php doens't run as the suphp user, but as www-data. When displaying that same site at port 80 (with no settings altered) it runs as the suphp user.

I took a look at the vhost file of the sites I noticed this difference:

PORT 80
Code:
    # Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
    # suphp enabled
    <Directory /var/www/clients/client17/web22/web>
        suPHP_Engine on
        # suPHP_UserGroup web22 client17
        AddHandler x-httpd-suphp .php .php3 .php4 .php5
        suPHP_AddHandler x-httpd-suphp
    </Directory>
PORT 443
Code:
    suPHP_Engine on
    # suPHP_UserGroup web22 client17
    AddHandler x-httpd-suphp .php .php3 .php4 .php5
    suPHP_AddHandler x-httpd-suphp
The configuration file (php.ini) path is also different for both ports when running phpinfo().
PORT 80
Code:
/etc/php5/cgi
PORT 443
Code:
/etc/php5/apache2
Changing the vhost files does the trick, so my best guess is ISPconfig is lacking to write the correct code to the vhost file for the SSL part of a website.

Any help is very much appreciated!
Reply With Quote
Sponsored Links
  #2  
Old 19th September 2010, 15:16
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,980
Thanks: 825
Thanked 5,371 Times in 4,218 Posts
Default

You can change the code for the vhost in /usr/local/ispconfig/server/conf/vhost.conf.master
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th September 2010, 15:51
staatslot staatslot is offline
Junior Member
 
Join Date: Aug 2010
Posts: 10
Thanks: 1
Thanked 2 Times in 1 Post
Thumbs up

thanks Till, I changed that file and now it works fine!
Maybe something to fix for the next major release?

Thanks a lot!
Reply With Quote
  #4  
Old 19th September 2010, 16:06
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,980
Thanks: 825
Thanked 5,371 Times in 4,218 Posts
Default

I will add it to the bugtracker.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 21st September 2010, 03:12
u4david u4david is offline
Member
 
Join Date: Nov 2009
Posts: 99
Thanks: 1
Thanked 0 Times in 0 Posts
Default Could you drop more detail on this fix?

just little more detail .Thank you.
Reply With Quote
  #6  
Old 22nd September 2010, 10:36
staatslot staatslot is offline
Junior Member
 
Join Date: Aug 2010
Posts: 10
Thanks: 1
Thanked 2 Times in 1 Post
Default

Quote:
Originally Posted by u4david View Post
just little more detail .Thank you.
no problem.
Open the /usr/local/ispconfig/server/conf/vhost.conf.master file on your webserver, not the server ispconfig is running. Browse to the part that reads
Code:
###########################################################
# SSL Vhost
###########################################################
locate this piece of code:
Code:
<tmpl_if name='suexec'op='==' value='y'>
    # suexec enabled
    SuexecUserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
</tmpl_if>
beneath it repace with:

Code:
# Clear PHP settings of this website
    <FilesMatch "\.ph(p3?|tml)$">
        SetHandler None
    </FilesMatch>
<tmpl_if name='php' op='==' value='mod'>
    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
    php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
    php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='php_open_basedir'>
</tmpl_if>
</tmpl_if>
<tmpl_if name='php' op='==' value='suphp'>
    # suphp enabled
    <Directory {tmpl_var name='web_document_root'}>
        suPHP_Engine on
        # suPHP_UserGroup <tmpl_var name='system_user'> <tmpl_var name='system_group'>
        AddHandler x-httpd-suphp .php .php3 .php4 .php5
        suPHP_AddHandler x-httpd-suphp
    </Directory>
</tmpl_if>
that does the trick. but according to till it will be fixed in a next release as he added it to the bugtracker.
Reply With Quote
  #7  
Old 22nd September 2010, 14:47
u4david u4david is offline
Member
 
Join Date: Nov 2009
Posts: 99
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default Thank you

Thank you that will do.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Security problem 2 ???? the revenge :) albertux Installation/Configuration 2 22nd September 2009 18:44
Mail Log Question - Is This Normal gwiz Installation/Configuration 7 12th September 2009 03:09
550 Sender verify failed Allen15 Installation/Configuration 11 13th February 2009 14:02
Problem recieving mail webstergd Installation/Configuration 19 16th December 2005 12:08


All times are GMT +2. The time now is 11:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.