Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th December 2011, 19:27
kelyiu3000 kelyiu3000 is offline
Junior Member
 
Join Date: Aug 2011
Posts: 24
Thanks: 5
Thanked 0 Times in 0 Posts
Default A question about www-data

Here is the problem that php application create a folder or file with www-data privilege. In general, it can be edit, remove or add new operation in this folder within this application. As I upgraded to 3.0.4.1, I find that the php application cannot remove the folder.

How to solve this problem?

Thank you very much.
Reply With Quote
Sponsored Links
  #2  
Old 19th December 2011, 20:11
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

change php mode to php-fcgi and enable the suexec checkbox in website settings.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th December 2011, 20:42
kelyiu3000 kelyiu3000 is offline
Junior Member
 
Join Date: Aug 2011
Posts: 24
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
change php mode to php-fcgi and enable the suexec checkbox in website settings.
I am already in FAST-CGI mode......and I need to run some cgi application outside the cgi-bin folder.....so I need to disable the suexec to run it.

Any other solution?
Or some alternative way to enable to run some cgi application outside the cgi-bin folder?

BTW, Thank you.
Reply With Quote
  #4  
Old 19th December 2011, 21:14
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Therea are 2 options:

a) enable susxec and your scripts run under the web user and client group.
b) disable suexec and the scripts run as www-data

There is no third option, so you have to decide what you want.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
kelyiu3000 (20th December 2011)
  #5  
Old 20th December 2011, 04:12
kelyiu3000 kelyiu3000 is offline
Junior Member
 
Join Date: Aug 2011
Posts: 24
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
Therea are 2 options:

a) enable susxec and your scripts run under the web user and client group.
b) disable suexec and the scripts run as www-data

There is no third option, so you have to decide what you want.
Thank you very much.
One more question please. How to enable CGI application can outside the cgi-bin folder? I don't understand why cannot run it outside the cgi-bin folder with susxec enabled?

BTW, your answer is very useful.
Reply With Quote
  #6  
Old 20th December 2011, 08:22
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Do you mean a cgi application with ending .cgi or .pl or do you talk about .php files? The most common problem are permissions and file ownership. You should make sure that the files and folders inside the "web" folder are owned by the web user and client group of this website. Then you might want to check if the security level is set to high under System > server config > web as thats the recommended level.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 20th December 2011, 15:31
kelyiu3000 kelyiu3000 is offline
Junior Member
 
Join Date: Aug 2011
Posts: 24
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
Do you mean a cgi application with ending .cgi or .pl or do you talk about .php files? The most common problem are permissions and file ownership. You should make sure that the files and folders inside the "web" folder are owned by the web user and client group of this website. Then you might want to check if the security level is set to high under System > server config > web as thats the recommended level.
Thank you.
Yes. It is a serious conflict for me. First, I need to run CGI applications with ending .cgi or .pl outside the cgi-bin folder so I disabled the SuEXEC in installation but I get the problem about php application cannot remove the folder because of www-data premission. That is the problem I need to solve.

P.S. run in FAST-CGI mode and all files and folders inside the "web" folder owned by the web user and client group and Medium Security level

Situation:
Enable susxec-->CGI got 500 Internal Server Error, PHP run as web user and client group
disable suexec-->CGI run fine, PHP run as www-data and happen cannot remove problem

Can I set to low Security level to allow 777 to files with suexec?
This is very a stressed problem for me.

Please help.....
Thank you very much.
Attached Images
  

Last edited by kelyiu3000; 20th December 2011 at 15:37.
Reply With Quote
  #8  
Old 20th December 2011, 15:49
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,070
Thanks: 826
Thanked 5,396 Times in 4,240 Posts
Default

Quote:
Enable susxec-->CGI got 500 Internal Server Error, PHP run as web user and client group
Plaese post the exact error message that you find in the error.log of the website.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 20th December 2011, 18:55
kelyiu3000 kelyiu3000 is offline
Junior Member
 
Join Date: Aug 2011
Posts: 24
Thanks: 5
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
Plaese post the exact error message that you find in the error.log of the website.
error.log
[Wed Dec 21 01:39:10 2011] [error] [client 192.168.1.1] suexec policy violation: see suexec log for more details, referer:
[Wed Dec 21 01:39:10 2011] [error] [client 192.168.1.1] Premature end of script headers: action.cgi, referer:
[Wed Dec 21 01:40:33 2011] [error] [client 192.168.1.1] suexec policy violation: see suexec log for more details, referer:
[Wed Dec 21 01:40:33 2011] [error] [client 192.168.1.1] Premature end of script headers: action.cgi, referer:


suexec.log
[2011-12-21 01:39:04]: uid: (5004/web1) gid: (5005/client1) cmd: .php-fcgi-starter
[2011-12-21 01:39:10]: uid: (5004/web1) gid: (5005/client1) cmd: action.cgi
[2011-12-21 01:39:10]: directory is writable by others: (/var/www/clients/client1/web1/web/game/watlas)
[2011-12-21 01:40:22]: uid: (5004/web1) gid: (5005/client1) cmd: .php-fcgi-starter
[2011-12-21 01:40:33]: uid: (5004/web1) gid: (5005/client1) cmd: action.cgi
[2011-12-21 01:40:33]: directory is writable by others: (/var/www/clients/client1/web1/web/game/watlas)

Thank you very much.
Reply With Quote
  #10  
Old 21st December 2011, 11:50
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
 
Default

Quote:
[2011-12-21 01:39:10]: directory is writable by others: (/var/www/clients/client1/web1/web/game/watlas)
Try
Code:
chmod 775 /var/www/clients/client1/web1/web/game/watlas
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
squirrelmail and postfix witoszek General 12 1st December 2009 18:07
Security problem 2 ???? the revenge :) albertux Installation/Configuration 2 22nd September 2009 18:44
Mail Log Question - Is This Normal gwiz Installation/Configuration 7 12th September 2009 03:09
550 Sender verify failed Allen15 Installation/Configuration 11 13th February 2009 14:02
Problem recieving mail webstergd Installation/Configuration 19 16th December 2005 12:08


All times are GMT +2. The time now is 22:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.