Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th September 2006, 21:47
RicochetPeter RicochetPeter is offline
Member
 
Join Date: Apr 2006
Posts: 41
Thanks: 3
Thanked 1 Time in 1 Post
Default PHP write permissions

Hi folks,

I have some sort of permission problem regarding php wanting to change/create files:

Imagine I have a web at /var/www/web1/web:
Code:
drwxrwxr-x   7 web1_benjamin web1 4096 2006-07-12 20:52 web
which obviously belongs to web1_benjamin.

Now, any php script residing in this (or any deeper) directory that wants to create or modify files will spit out an error:
Code:
Warning: touch() [function.touch]: Unable to create file test.txt because Permission denied in /var/www/web1/web/test/test.php on line 5
PHP will succeed in creating/modifying files when I either chmod a+w or chgrp www-data the directory. The first is not really desired (I'd actually like ISPConfig to create directories w/o any rights for others....) and the second means handwork.
Secondly, the created files are user www-data and group www-data:
Code:
-rw-r--r--   1 www-data    www-data    0 2006-09-20 21:33 test.txt

OK, let's sum it up:
  1. How do I make ISPConfig create directories rwxrwx--- when it sets up a web
  2. How do I make Apache/PHP use the user/group of the web it's working in to create/modify files?


PS: this is ISPConfig 2.2.0, running on Ubuntu 5.10

Last edited by RicochetPeter; 20th September 2006 at 22:12.
Reply With Quote
Sponsored Links
  #2  
Old 21st September 2006, 11:52
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,812
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

1) you will have to change the sources for this.

2) Run PHP with suPHP or as cgi with suexec instead of mod_php, so the php scripts will run under the admin user of the website. You will have to update to ISPConfig 2.2.6 to be able to use suPHP together with ISPConfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 21st September 2006, 22:07
RicochetPeter RicochetPeter is offline
Member
 
Join Date: Apr 2006
Posts: 41
Thanks: 3
Thanked 1 Time in 1 Post
Default

I upgraded to 2.2.6 (seems to be working just fine), and also tried to switch from PHP5 as a module to PHP5 as a CGI.

Starting Apache gives me this error:
Code:
Invalid command 'php_admin_flag', perhaps mis-spelled or defined by a module not included in the server configuration
Many questions:

1a) Do I understand this correctly, that php_admin_flags can only be put in the apache config files when PHP is a module?
1b) Should they be in a .htaccess if PHP is a cgi?
2) Do I have to activate the "Suexec" option in Management->Server->Settings?
3) Does ISPConfig need to know (by some setting) that I want to use PHP as a cgi?
4) Did I go wrong somewhere?

Last edited by RicochetPeter; 21st September 2006 at 22:35.
Reply With Quote
  #4  
Old 22nd September 2006, 10:06
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,812
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

1a) yes
1b) It does not work in .htaccess files too.
2) yes.
3) no, but you will have to deactivate the sfaemode checkboxes, as safemode is not supported in cgi-php.
4) no, just deactivate safemode in the website settings.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 22nd September 2006, 17:19
RicochetPeter RicochetPeter is offline
Member
 
Join Date: Apr 2006
Posts: 41
Thanks: 3
Thanked 1 Time in 1 Post
Default

I took one of my webs and disabled safe_mode, and ISPConfig still uses "php_admin_flag safe_mode Off", so Apache will stumble over that config line again....

the vhost now looks like this:
Code:
<VirtualHost 85.85.85.85:80>
Include /etc/apache2/vhost_includes/bla.de.conf
ServerName www.bla.de:80
ServerAdmin webmaster@bla.de
DocumentRoot /var/www/web12/web
ServerAlias bla.de
DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp
Default.htm default.htm
ScriptAlias  /cgi-bin/ /var/www/web12/cgi-bin/
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
ErrorLog /var/www/web12/log/error.log
AddType application/x-httpd-php .php .php3 .php4 .php5
<Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
<Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
</Files>
php_admin_flag safe_mode Off
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
Alias /error/ "/var/www/web12/web/error/"
ErrorDocument 400 /error/invalidSyntax.html
ErrorDocument 401 /error/authorizationRequired.html
ErrorDocument 403 /error/forbidden.html
ErrorDocument 404 /error/fileNotFound.html
ErrorDocument 405 /error/methodNotAllowed.html
ErrorDocument 500 /error/internalServerError.html
ErrorDocument 503 /error/overloaded.html
AliasMatch ^/~([^/]+)(/(.*))? /var/www/web12/user/$1/web/$3
AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web12/user/$1/web/$3
</VirtualHost>

Last edited by RicochetPeter; 22nd September 2006 at 17:33.
Reply With Quote
  #6  
Old 22nd September 2006, 17:58
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,812
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

I'am not sure if the suphp setting is compatible with cgi-php, but its worth atry.

Please change the line:

$go_info["server"]["apache2_php"] = 'both';

to:

$go_info["server"]["apache2_php"] = 'suphp';

in the config.inc.php file, then edit your website settings so ISPConfig recreates your config files.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 23rd September 2006, 00:15
RicochetPeter RicochetPeter is offline
Member
 
Join Date: Apr 2006
Posts: 41
Thanks: 3
Thanked 1 Time in 1 Post
Default

This gave me more Apache startup errors, complaining about "suPHP" settings.

Whatever,

I took directions on the web how to enable mod_php and php-cgi side by side so I can play a little...

A correct implementation for the needs I described in the beginning (php scripts run with the user/group of the web they're in) you need the following things:

- php(4|5)-cgi
- /etc/apache2/conf.d/php(4|5)-cgi config file like:
Code:
 Action         application/x-php4-cgi /cgi-bin/php4
 AddType        application/x-php4-cgi .cphp
- a link in /var/www/webxy/cgi-bin/ to /usr/lib/cgi-bin/php(4|5) (not symbolic)

and what's the most didfficult part:

- a self-compiled suexec binary (/usr/lib/apache2/suexec2) that will not complain about the ownership of the php cgi binary

Jeez, am I the first to want this scheme for the hosting users?
Reply With Quote
  #8  
Old 23rd September 2006, 14:10
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,812
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
Default

Then dont use the PHP cehckboxes at all and copy the lines:

Quote:
Action application/x-php4-cgi /cgi-bin/php4
AddType application/x-php4-cgi .cphp
In the apache directives field of the website.


Quote:
Jeez, am I the first to want this scheme for the hosting users?
No, but most users are using SuPHP instaed of SuExec, which works fine with ISPConfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 27th September 2006, 09:01
djamoer djamoer is offline
Junior Member
 
Join Date: Sep 2006
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default My server still unable to use Suexec

Hi guys,

Thanks to Till Brehm for setting up my server.
I'm confused on why the Suexec doesn't work on my server. I tried enabling it on the system setting and disable PHP Safe Mode on the site that I want to use Suexec on.

Is there anything that I did wrong? What should I do to check whether my server support Suexec or not?

Thanks
Reply With Quote
  #10  
Old 27th September 2006, 09:27
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,812
Thanks: 821
Thanked 5,339 Times in 4,188 Posts
 
Default

I Guess suexec is compiled into your server. Simply turning on SuEXEC does not mean tht PHP is now run as CGI, you will have to install a CGI PHP binary and add some additional apache configuration code to the apache directives field to enable php as CGI. If you want to use SuPHP, make sure that SuPHP is available for your linux distribution and enable SuPHP in the config.inc.php file.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freebsd 6.1 support misterm Installation/Configuration 10 9th April 2009 09:29
VirtualHosts marra87 General 9 12th September 2006 04:09
2 domains, 1 site wadims Installation/Configuration 13 31st May 2006 00:21
Downgrade php5 to php4.4.2 llizards Installation/Configuration 4 13th March 2006 23:58
all my site go to /var/www/ Absolusteph Installation/Configuration 14 11th March 2006 21:27


All times are GMT +2. The time now is 16:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.