Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th February 2006, 10:25
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default write access to wwwrun/www-data in users DocumentRoot

Hi everybody - its monday and the problems are with me, again
Is there a - practicable - way to give apache/mod_php write access to the users public web directorys?

I have to make the users public web directories write accessible for wwwrun (or www-data). With the default ISPconfig installation (Suse10, perfect setup) that isnt possible (or Im wrong?). So I made following changes and it works:

Add user wwwrun to the web10-group
Code:
groupmod --add-user wwwrun web10
make web10-dir writeable for all group members
Code:
chmod 775  /home/www/web10
make web-dir writeable for everybody
Code:
chmod 777  /home/www/web10/web
(actual it should be enough to give 775 - but it isnt and I dont understand why - but for the asked problem I will ignore this at this time)
That works - but isnt very smart of course.
At last it is now very unsecure to give users shell access because all users would have write access to the directories from the other users But that is for me the smaller problem, so wouldnt give shell access.

Now I would go to patch the ispconfig scripts which create the users directories and would set the above values with chmod/chown and so on.

So my questions:
- which ISPConfig script/s I have to patch?
- is there another way to give write access to the public dirs?

thanks in advance!
__________________
regards,
Stefan.
Reply With Quote
Sponsored Links
  #2  
Old 6th February 2006, 10:41
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

something I forgot - these solutions are working, I know, but theyre would be a compromise only:

- to run the php script as cgi (additional to the mod_php) is not the preferred solutions
- http://www.suphp.org

is there another solution?
__________________
regards,
Stefan.
Reply With Quote
  #3  
Old 6th February 2006, 14:35
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
So my questions:
- which ISPConfig script/s I have to patch?
The xript is /root/ispconfig/scripts/lib/config.lib.php. Look at the function make_docroot() (around line 966).
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #4  
Old 6th February 2006, 18:45
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
The xript is /root/ispconfig/scripts/lib/config.lib.php. Look at the function make_docroot() (around line 966).
Thank you Falko - I think I first check out su_php. If that do not work I like, Ill patch the file (but probably it will ...)
If somebody else could use this info: the two rows on line 1083 should be changed from
Code:
exec("chown -R $apache_user:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R $apache_user:web$doc_id $web_path &> /dev/null");
to
Code:
exec("chown -R wwwrun:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R wwwrun:web$doc_id $web_path &> /dev/null");
sometimes wwwrun is www-data - check this out before! This is not tested!


there is a very strange thing I observed:
is there any process that checks every 1-2 minutes the file owners in /home/www and makes changes on it?

I added one user manually with useradd, this user has now the uid 10028 (this is the highest number in /etc/passwd but not the last entry).

Now, a web directory /www/web22 is being permanently changed to xyz.web22 (where xyz is the user with uid 10028). All other dirs in /www are untouched.

(the /www/web22 directory is the second last web, so the last is web23)
Do you know what this could be?
__________________
regards,
Stefan.

Last edited by st2xo; 6th February 2006 at 18:47.
Reply With Quote
  #5  
Old 6th February 2006, 23:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
If somebody else could use this info: the two rows on line 1083 should be changed from
Code:
exec("chown -R $apache_user:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R $apache_user:web$doc_id $web_path &> /dev/null");
to
Code:
exec("chown -R wwwrun:web$doc_id $web_path_realname &> /dev/null");
exec("chown -R wwwrun:web$doc_id $web_path &> /dev/null");
sometimes wwwrun is www-data - check this out before! This is not tested!
$apache_user contains the Apache user - in your case wwwrun, so there's no need to change this.


Quote:
Originally Posted by st2xo
I added one user manually with useradd, this user has now the uid 10028 (this is the highest number in /etc/passwd but not the last entry).

Now, a web directory /www/web22 is being permanently changed to xyz.web22 (where xyz is the user with uid 10028). All other dirs in /www are untouched.

(the /www/web22 directory is the second last web, so the last is web23)
Do you know what this could be?
By default ISPConfig creates users with UIDs above 10000. When you add users manually, you should use UIDs below 10000. What happened on your system is this:
You created users with ISPConfig up to the UID 10027. Then you added a user manually; because you did not specify a certain UID, the user got the UID 10028.
Then you created the next user in ISPConfig. Because ISPConfig doesn't know that you created another user manually in the meantime, the new user gets the UID 10028. And voil, you have two users with conflicting UIDs.
You should assign another UID (below 10000) to your manually created user.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 7th February 2006, 10:15
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
$apache_user contains the Apache user - in your case wwwrun, so there's no need to change this.
mhmh, then its even more strange on my system - the web-directories in /home/www are owned by the user with administrator-Checkbox in User&Email-Settings.

Directories created by ISPconfig without any changes from me (I didnt patched the config.lib.php file) are like this:
Code:
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 web18/
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 www.XYZ.de/
If I deselect the admin-Checkbox the file owner changes immediately to
Code:
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 web18/
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 www.XYZ.de/
If now selected another user as admin the file owner changes again
Code:
drwxr-xr-x  10 web18_test2     web18 4.0K Feb  7 09:55 web18/
drwxr-xr-x  10 web18_test2     web18 4.0K Feb  7 09:55 www.XYZ.de/
So theres is no wwwrun user set and without set any admin-checkox root is owner of the dirs (but that seems to be correct?!)
Setting wwwrun as as the owner of alle files by ISPConfig-default would be solve all my problems How can I make that? Or whats going wrong there?
(the perfect setup was installed fine on a brandnew suse10-OS, all default, no errors, no strange things)

Quote:
Originally Posted by falko
You should assign another UID (below 10000) to your manually created user.
thanks! Thats it. I changed the uid manually in /etc/passwd. After exiting vi the owner from this one directory was already fixed. Now I remember that somewhere I read this thing with the uid upper than 10000
__________________
regards,
Stefan.
Reply With Quote
  #7  
Old 7th February 2006, 12:03
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
mhmh, then its even more strange on my system - the web-directories in /home/www are owned by the user with administrator-Checkbox in User&Email-Settings.
That's the way it is intended. If a web site has an admin, then the admin owns these directories. If there's no admin, then the directories should be owned by the Apache user.

Quote:
Originally Posted by st2xo
Directories created by ISPconfig without any changes from me (I didnt patched the config.lib.php file) are like this:
Code:
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 web18/
drwxr-xr-x  10 web18_stefan    web18 4.0K Feb  3 15:17 www.XYZ.de/
If I deselect the admin-Checkbox the file owner changes immediately to
Code:
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 web18/
drwxr-xr-x  10 root            web18 4.0K Feb  7 09:51 www.XYZ.de/
root is not ok. Then something's strange on your system...

Quote:
Originally Posted by st2xo
Setting wwwrun as as the owner of alle files by ISPConfig-default would be solve all my problems How can I make that? Or whats going wrong there?
You can change the code and hard-code wwwrun into it.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 8th February 2006, 10:00
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
root is not ok. Then something's strange on your system...
You can change the code and hard-code wwwrun into it.
I changed the code to wwwrun on a few positions around line 1081, in make_docroot() with no result.

Even if wwwrun is hardcoded, e.g. set as
Code:
$apache_user = "wwwrun"; #$this->apache_user;
(and a few other similar positions)

this has no effect.
File owner will be set as root, like described above

- Is there any debug mode to help to check out for me this problem?

- Which file permissions /home and /home/www has to be set? (/home=root.root+755 and /home/www=root.www+775 is on my system)

- wwwrun is a member from group www and has nothing to to with the admispconfig-user in /etc/passwd and /etc/groups - is that correct?

Thank you very much in advance for any hints!
__________________
regards,
Stefan.
Reply With Quote
  #9  
Old 8th February 2006, 16:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,743 Times in 2,577 Posts
Default

Quote:
Originally Posted by st2xo
- Is there any debug mode to help to check out for me this problem?
No... Further down the function you have an $owner variable and some more chown commands. Have a look at these.

Quote:
Originally Posted by st2xo
- Which file permissions /home and /home/www has to be set? (/home=root.root+755 and /home/www=root.www+775 is on my system)
That's ok.

Quote:
Originally Posted by st2xo
- wwwrun is a member from group www and has nothing to to with the admispconfig-user in /etc/passwd and /etc/groups - is that correct?
That's also ok.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 8th February 2006, 20:06
st2xo st2xo is offline
Member
 
Join Date: Jan 2006
Location: Wiesloch [DE]
Posts: 47
Thanks: 3
Thanked 0 Times in 0 Posts
 
Default

Quote:
Originally Posted by falko
root is not ok. Then something's strange on your system...
Hi Falko

I found the "root" the code in
/root/ispconfig/scripts/lib/config.lib.php
in function
apache_user(), Line 1777
If I put in a hardcoded wwwrun all file permissions will be ok.

Code:
function apache_user(){
  global $mod;
  $httpd_conf = $mod->system->server_conf["dist_httpd_conf"];
  $includes = $mod->file->find_includes($httpd_conf);
  $anz_includes = sizeof($includes);
  for($i=0;$i<$anz_includes;$i++){
    $includes[$i] = $mod->file->unix_nl($mod->file->no_comments($includes[$i]));
    if($line = $mod->system->grep($includes[$i], "User", "w")){
      $lines = explode("\n", $line);
      $line = $lines[0];
      $line = trim($line);
      while(strstr($line, "  ")){
        $line = str_replace("  ", " ", $line);
      }
      list($f1, $apache_user) = explode(" ", $line);
      $apache_user = trim($apache_user);
      $i = $anz_includes;
    }
  }
  # st2xo: $apache_user is nowhere set in this function...
  if(isset($apache_user) && $mod->system->is_user($apache_user)){
    # ... so this never will be returned
    return $apache_user;
  } else {
    # ... and root will be returned in every case
    return "root";
  }
}
How will be the variable $apache_user set in the function apache_user()?
I think there is a global $apache_user or something like that missing.

Or Iam completely wrong now?
__________________
regards,
Stefan.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD is not working after install the ISPConfig gimhan90 Server Operation 8 3rd February 2006 09:25
Ability to add components for users webstergd Feature Requests 1 20th December 2005 10:25
regarding proftpd and users with shell access Ovidiu Server Operation 2 5th December 2005 13:03


All times are GMT +2. The time now is 12:50.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.