flaw in suphp.conf

Discussion in 'Developers' Forum' started by vogelor, May 19, 2008.

  1. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    i think, there are 2 flaws in suphp.conf

    1) the loglevel is set to info. This means every page, suphp "opens" for the apache is added th the log-file. if a admin didn't realise (and change) it, the log is very fast growing.
    i think, it is better to change

    Code:
    loglevel=info
    to

    Code:
    loglevel=warn
    the next flaw is:

    the security options are:
    file_group_writeable=true
    file_others_writeable=false
    dir_group_writeable=true
    dir_others_writeable=false

    but the umask is set to 0077 this means, by every creation of a new dir, others writeable is set to ON and so suphp stops executing the php file with the error "dir is writeable by others".
    To avoid this error, we have to change

    Code:
    umask=0077
    to

    Code:
    umask=0022
    can anyone with write-access to the source-code please change this?


    Olli
     
    Last edited: Jul 14, 2008
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thanks, I added it to the bugtracker.
     
  3. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    aaargh!

    aaaargh!
    i always forgot that there is a bugtracker!
    how can i access the bug tracker?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The bugtracker is here:

    http://bugtracker.ispconfig.org

    after you signed up for a account, please send me a pm or email so that I can add your account to the developers group.
     
  5. falko

    falko Super Moderator ISPConfig Developer

    I've just fixed this.
     
  6. misterm

    misterm Member HowtoForge Supporter

    have an error in my logs

    Hello with all When I want to activate this:

    J' have an error in my logs:

    Version of suphp 0.6.3

    MM:confused:
     
  7. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    SORRY!
    i lost a char. the right spelling was

    loglevel=warn

    and not
    oglevel=warn
     
    Last edited: Jul 14, 2008
  8. misterm

    misterm Member HowtoForge Supporter

    No the concern

    Hello, a thing also, how one makes to have the file Web in permission chmod " 0777" , it there with means or not

    MM:confused:;)
     
  9. vogelor

    vogelor ISPConfig Developer ISPConfig Developer

    sorry, i don't understand your question. can you please write it in other words:confused:
     

Share This Page