suPHP: Unworkable.

[jonwatson]

Hello,

I'm disabling suPHP. I simply can't figure out how my users are supposed to use their hosting accounts with it turned on.

For example, when a mortal user uploads Wordpress or Simple Machines, they are unable to run the index.php or install.php scripts because the target UID (nobody) doesn't match the actual UID (the user) of the script file. Since mortal users cannot chmod a file to be owned by the nobody user, they're stuck. I have to go in and chmod all of the files that suPHP whines about.

I think it's a good idea, but in practise it's not workable. I think there should be a way to shut this off within ISPConfig.

[till]

SuPHP works pretty well.

1) All files that you upload with FTP are uploaded under the same user that uses suPHP too. If this is not the case in your setup, you configured something wrong.
2) All users can chmod a file if you allow chmod for FTP, but thats not nescessary at all if you use suPHP

[jonwatson]

Quote:

Originally Posted by till

SuPHP works pretty well.

1) All files that you upload with FTP are uploaded under the same user that uses suPHP too. If this is not the case in your setup, you configured something wrong.
2) All users can chmod a file if you allow chmod for FTP, but thats not nescessary at all if you use suPHP

The users are correct, but suPHP requires some (I have yet to determine why it only complains about some files) files to be owned by 65534 (nobody) before it will let them run. I see this with Wordpress's install.php and SMF Forums install.php. There are some other files in Wordpress' wp-admin/ directory that it also won't let run. I have to chown them to nobody before they can run.

I haven't actually tried FTP, I've been scp or wgetting files in the shell, but I'm doing it as the user and not as root.

I'm willing to reconfigure suPHP, but given that there is no user-end configuration for it in the HowTo or duing the ISPConfig install, it's highly unlikely that I configured it wrong.

[till]

There no chown of a user nescessary. Mybe you uplodaed the files with wrong mode, they must be world redable so the apache webserver can access them, or you must add the user nobody to the website group.

[jonwatson]

Quote:

Originally Posted by till

There no chown of a user nescessary. Mybe you uplodaed the files with wrong mode, they must be world redable so the apache webserver can access them, or you must add the user nobody to the website group.

After some time with suPHP, it seems that you're right. My users never have a problem, I only see the problem when I move and install scripts as root.

So, the lesson is to su into the user that's going to own the script before installing it and that seems to make everything work.

But I guess you knew that.

[Hans]

This week Falko posted my howto, which shows you how to setup suPHP on an ISPConfig-server.
(for you too late) but hopefully a nice guide for future use.

Here it is:
http://www.howtoforge.com/suphp_debian_ispconfig

[till]

Quote:

So, the lesson is to su into the user that's going to own the script before installing it and that seems to make everything work. But I guess you knew that.

Yes, it can not work when the files owned by root. Either su to the user bfeore you start the installation or chown the files recursively to the user and group of the website after installation or upload the files by FTP or login with the admin user of the website by SSH.