Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th January 2006, 00:17
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
Default Generating a .run file from a www-data script, please say I can...

How can I get a www-data:www-data script to create a .run file? I need this badly....
Maybe it can be validated somehow (the www-data user script)
Reply With Quote
Sponsored Links
  #2  
Old 4th January 2006, 00:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Do you mean /home/admispconfig/ispconfig/.run?
You could make /home/admispconfig/ispconfig world-writable, e.g.
Code:
chmod 777 /home/admispconfig/ispconfig
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 4th January 2006, 01:20
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
Default

Would that be secure?
I did a new deamon to check for my new .run (wiki.data) file... but I dont know if this is OK. I mean, it works, but I dont like to have a deamon only to run the *final* step for the wiki installation.
Also I tried to make ispconfig_wconf deamon to check for that new .run (wiki.data) file but I guess my sintax is not OK (I dont know bash).
How could I modify this to get the deamon ispconfig_wconf to check also for another file? for example /var/www/installers/wiki_temp/wiki.data
Code:
while (true) do
  if [ -f /home/admispconfig/ispconfig/.run ]; then
    rm -f /home/admispconfig/ispconfig/.run
    /root/ispconfig/php/php -q /root/ispconfig/scripts/writeconf.php &> /dev/null
  fi
  sleep 10
done

Last edited by danf.1979; 4th January 2006 at 01:22.
Reply With Quote
  #4  
Old 4th January 2006, 10:06
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by danf.1979
Would that be secure?
It's ok as long as you don't chown the other directories in /home/admispconfig/ispconfig!
Quote:
Originally Posted by danf.1979
I did a new deamon to check for my new .run (wiki.data) file... but I dont know if this is OK. I mean, it works, but I dont like to have a deamon only to run the *final* step for the wiki installation.
Also I tried to make ispconfig_wconf deamon to check for that new .run (wiki.data) file but I guess my sintax is not OK (I dont know bash).
How could I modify this to get the deamon ispconfig_wconf to check also for another file? for example /var/www/installers/wiki_temp/wiki.data
Code:
while (true) do
  if [ -f /home/admispconfig/ispconfig/.run ]; then
    rm -f /home/admispconfig/ispconfig/.run
    /root/ispconfig/php/php -q /root/ispconfig/scripts/writeconf.php &> /dev/null
  fi
  sleep 10
done
You can try something like this:
Code:
while (true) do
  if [ -f /home/admispconfig/ispconfig/.run ] || [ -f /var/www/installers/wiki_temp/wiki.data ]; then
    rm -f /home/admispconfig/ispconfig/.run  &> /dev/null
    rm -f /var/www/installers/wiki_temp/wiki.data  &> /dev/null
    /root/ispconfig/php/php -q /root/ispconfig/scripts/writeconf.php &> /dev/null
  fi
  sleep 10
done
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 4th January 2006, 10:41
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,083
Thanks: 826
Thanked 5,397 Times in 4,241 Posts
Default

Quote:
Originally Posted by danf.1979
How can I get a www-data:www-data script to create a .run file? I need this badly....
Maybe it can be validated somehow (the www-data user script)
Why do you need that? The problem with letting www-data create a .run file is that then every user that is hosted on the server can run a DOS attack against ISPConfig by setting a new .run file every few seconds.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #6  
Old 4th January 2006, 11:42
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
Default

I downloaded MediaWiki and found out it has its own installer. The installer is very good, and I dont want to rewrite it.
Of course, the user begans the installation in ispconfig. He provide:

1) Database name
2) Password
3) Install path

Then I write those data plus some extra ones to a mysql table so writeconf.php can read them and copy all wiki files to the user directory, but at this moment I can't chown the install path to the real username, I must leave it as www-data, because after the ispconfig installer copies all necessary files to the directory the user has chosen, I request him to follow a link and *finish* the installation with the real wiki install script. This script runs as www-data and attempt to generate a config file when the user has completed the install process. That's why I must leave the directory as www-data owner, until the final step of the wiki installation.

And that's why I wanted to integrate de wiki install script to the .run system, because I wanted to make:
1) a final chown -R $username:web$web_id for the wiki path
2) delete de config/ directory
3) chmod go-w the generated config file.

So the user has to do very, very little to install wiki.
Reply With Quote
  #7  
Old 4th January 2006, 11:44
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
Default

Maybe there is a way to validate the installation script like with md5?
Reply With Quote
  #8  
Old 4th January 2006, 11:53
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,083
Thanks: 826
Thanked 5,397 Times in 4,241 Posts
Default

Thats generally a good idea, but i think that opening the admin part to the www-admin user is not a good idea.

What do you think about this solution:

In the first part of the installation, where you create the database, you put a rondomly created md5 hash in the ispconfig database and write this hash to a file, e.g. .install_secret that is stored in the directory where you install mediawiki. This file might also include the complete URL of the file called below.

After the mediawike script has finished, it reads this md5 hash, and calls a script that runs as admispconfig user. For example:

https://www.yourserver.com:81/tools/...=34f632s274322

The finish.php script compares if the secret is identical with the one we stored in the database, if its identic, it will set the .run file.

Its a bit complicated, but i think its more secure.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 4th January 2006, 12:07
danf.1979 danf.1979 is offline
Senior Member
 
Join Date: Dec 2005
Location: Chile
Posts: 247
Thanks: 4
Thanked 3 Times in 2 Posts
Send a message via MSN to danf.1979
Default

I like that, but I've never done something similar before... so I'm a little lost on how to execute the final.php from the wiki install script and pass the md5 hash hidden to the user.
Would i have to put a function like this in the wiki script?
Code:
function finish($hash) {
    exec("/home/admispconfig/.../final.php?var=$hash);
}
Sorry, my experience is limited...
Reply With Quote
  #10  
Old 4th January 2006, 12:19
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,083
Thanks: 826
Thanked 5,397 Times in 4,241 Posts
 
Default

Quote:
Originally Posted by danf.1979
I like that, but I've never done something similar before... so I'm a little lost on how to execute the final.php from the wiki install script and pass the md5 hash hidden to the user.
Would i have to put a function like this in the wiki script?
Code:
function finish($hash) {
    exec("/home/admispconfig/.../final.php?var=$hash);
}
The solution is even simpler. You must call the script with http! Otherwise it is executesd as wwwrun and not admispconfig user!

Code:
$returnvalues = file("https://www.yourserver.com:81/tools/tools/installer/final.php?var=$hash");
As you dont know the correct value for https://www.yourserver.com:81 in the mediawiki script, it is a good idea to store this in the secret file too.

One comment to your code above. If you put a variable in an exec statement, make sure that it cannot conatin any executable commands. Example:

Code:
$hash = escapeshellcmd($hash);
exec("/home/admispconfig/.../final.php?var=$hash);


Quote:
Sorry, my experience is limited...
Everyone of us started with programming some time ago. We have the development forums to help each other in ispconfig programming and to find the best solution for a given dev problem
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 4th January 2006 at 12:27.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail System doesnt work! crichton Installation/Configuration 3 17th September 2007 23:49
2.6.12 debian install problems s2angel Installation/Configuration 6 31st December 2005 13:21
PHP/MySQL/Apache2/ISPConfig configuration issues? senzapaura General 21 25th December 2005 14:01
IMAP & POP3 FC3 Samer A. Yaghi Installation/Configuration 6 17th October 2005 12:54
/stats doesn't work (password not accepted) Hellbound General 6 15th September 2005 15:34


All times are GMT +2. The time now is 22:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.