Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 11th November 2009, 16:23
dclardy dclardy is offline
Senior Member
 
Join Date: Sep 2009
Location: Dallas, TX
Posts: 347
Thanks: 10
Thanked 50 Times in 28 Posts
Default How to install ImageMagick

I am running a Drupal site on my server, and one of the contributed modules I have installed needs ImageMagick. How do I securely allow access to /usr/bin/convert.

I think that I have Chmod 777 to the entire /usr/bin. Is there anyway to check this, and what permissions should I place?

Thanks for the help.
Reply With Quote
Sponsored Links
  #2  
Old 11th November 2009, 16:35
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Do not chmod 777 or every of your users is able to replace the binary with aharmful application. Just leve it as it is as the binary is executable by every normal user already.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 11th November 2009, 16:58
dclardy dclardy is offline
Senior Member
 
Join Date: Sep 2009
Location: Dallas, TX
Posts: 347
Thanks: 10
Thanked 50 Times in 28 Posts
Default

Well I am pretty sure that I have already done that. What should the permissions be on /usr/bin.
Reply With Quote
  #4  
Old 11th November 2009, 17:14
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

Please post the exact error messages from the error log of the website and the error messages in the application if we shall be able to help you with that.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 11th November 2009, 17:14
dclardy dclardy is offline
Senior Member
 
Join Date: Sep 2009
Location: Dallas, TX
Posts: 347
Thanks: 10
Thanked 50 Times in 28 Posts
Default

Also, one of my sites is able to find the directory, but one of them is not able to. Any ideas? The error on the one that is not able to is this:



Code:
  * warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/bin/convert) is not within the allowed path(s): (/var/www/clients/client1/web1) in /var/www/clients/client1/web1/web/includes/image.imagemagick.inc on line 55.
    * No file /usr/bin/convert could be found. PHP's open_basedir security restriction is set to /var/www/clients/client1/web1, which may be interfering with the attempts to locate ImageMagick.
Reply With Quote
  #6  
Old 11th November 2009, 19:05
dclardy dclardy is offline
Senior Member
 
Join Date: Sep 2009
Location: Dallas, TX
Posts: 347
Thanks: 10
Thanked 50 Times in 28 Posts
Default

Here are the error files again:

* warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/bin/convert) is not within the allowed path(s): (/var/www/clients/client1/web1) in /var/www/clients/client1/web1/web/includes/image.imagemagick.inc on line 55.
* No file /usr/bin/convert could be found. PHP's open_basedir security restriction is set to /var/www/clients/client1/web1, which may be interfering with the attempts to locate ImageMagick.
Reply With Quote
  #7  
Old 12th November 2009, 00:28
dclardy dclardy is offline
Senior Member
 
Join Date: Sep 2009
Location: Dallas, TX
Posts: 347
Thanks: 10
Thanked 50 Times in 28 Posts
Default

I have been doing some more digging into this, and it appears that the PHP is running in safe mode. This is blocking the server being able to look in this directory for the one site. I am still not sure why it is working on the other one.

I did some more testing, and I had turned on SuPHP on one the website that it was working on. I went back to that site and turned on FastCGI. It still worked. I did the same thing in the other site, and it worked.

Why would that be?

Thanks.
Reply With Quote
  #8  
Old 12th November 2009, 13:33
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
Default

The problem is not related ro safemode as safemode. The problems is the open_basedir setting which denies the access to system directories for security reasons. There are 2 possible solutions:

1) If you dont need access for all sites to the convert binary, copy create a bin directory in the website root directory and copy the convert program to this place or make a hardlink.

2) Add ":usr/bin" at the end of theopen_basedir path in the vhost template and the fcgi script templates in /usr/local/ispconfig/server/conf/ and then update the site to allow all scripts the access to the /usr/bin/ directory.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 12th November 2009, 19:10
dclardy dclardy is offline
Senior Member
 
Join Date: Sep 2009
Location: Dallas, TX
Posts: 347
Thanks: 10
Thanked 50 Times in 28 Posts
Default

Alright. I have tried to do this, but I must being doing something wrong. These are the files that I have edited.

vhost.conf.master
php-fcgi-starter.master

I added the the :usr/bin in these locations:

vhost.conf.master

Code:
<tmpl_if name='php' op='==' value='mod'>
    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
    php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
    php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
<tmpl_if name='security_level' op='==' value='20'>
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:usr/bin
php-fcgi-starter.master

Code:
#!/bin/sh
PHPRC="<tmpl_var name='php_ini_path'>"
export PHPRC
PHP_DOCUMENT_ROOT="<tmpl_var name='document_root'>"
export PHP_DOCUMENT_ROOT
# The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
# mod_fcgi will control the number of childs themself and never use the additional processes.
# PHP_FCGI_CHILDREN=<tmpl_var name='php_fcgi_children'>
# export PHP_FCGI_CHILDREN
PHP_FCGI_MAX_REQUESTS=<tmpl_var name='php_fcgi_max_requests'>
export PHP_FCGI_MAX_REQUESTS
exec <tmpl_var name='php_fcgi_bin'> \
<tmpl_if name="security_level" op="==" value="20"> -d open_basedir=<tmpl_var name='document_root'>:usr/bin \
-d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
-d session.save_path=<tmpl_var name='document_root'>/tmp \
</tmpl_if> $1
This is not working correctly for me. Here is the new error. It appears that directories are not being separated.

No file /usr/bin/convert could be found. PHP's open_basedir security restriction is set to /var/www/clients/client1/web2:usr/bin, which may be interfering with the attempts to locate ImageMagick.

Any ideas?
Reply With Quote
  #10  
Old 12th November 2009, 23:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,022
Thanks: 840
Thanked 5,655 Times in 4,464 Posts
 
Default

Sorry, I had a typo in my example. The path is /usr/bin and not usr/bin.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
dclardy (13th November 2009)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Install failure -- Apache 1.3 missing? Allen15 Installation/Configuration 11 24th February 2009 10:53
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 11:46
VMWare Server Free License - Invalid bardgd HOWTO-Related Questions 6 19th November 2006 18:50
install Net::DNS chrno Installation/Configuration 4 5th September 2006 18:01
Mandriva 10.2 Perfect Setup Install Problems... ctroyp Installation/Configuration 12 30th December 2005 17:04


All times are GMT +2. The time now is 02:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.