How to install ImageMagick

Discussion in 'General' started by dclardy, Nov 11, 2009.

  1. dclardy

    dclardy New Member

    I am running a Drupal site on my server, and one of the contributed modules I have installed needs ImageMagick. How do I securely allow access to /usr/bin/convert.

    I think that I have Chmod 777 to the entire /usr/bin. Is there anyway to check this, and what permissions should I place?

    Thanks for the help.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Do not chmod 777 or every of your users is able to replace the binary with aharmful application. Just leve it as it is as the binary is executable by every normal user already.
     
  3. dclardy

    dclardy New Member

    Well I am pretty sure that I have already done that. What should the permissions be on /usr/bin.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the exact error messages from the error log of the website and the error messages in the application if we shall be able to help you with that.
     
  5. dclardy

    dclardy New Member

    Also, one of my sites is able to find the directory, but one of them is not able to. Any ideas? The error on the one that is not able to is this:



    Code:
      * warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/bin/convert) is not within the allowed path(s): (/var/www/clients/client1/web1) in /var/www/clients/client1/web1/web/includes/image.imagemagick.inc on line 55.
        * No file /usr/bin/convert could be found. PHP's open_basedir security restriction is set to /var/www/clients/client1/web1, which may be interfering with the attempts to locate ImageMagick.
     
  6. dclardy

    dclardy New Member

    Here are the error files again:

    * warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/bin/convert) is not within the allowed path(s): (/var/www/clients/client1/web1) in /var/www/clients/client1/web1/web/includes/image.imagemagick.inc on line 55.
    * No file /usr/bin/convert could be found. PHP's open_basedir security restriction is set to /var/www/clients/client1/web1, which may be interfering with the attempts to locate ImageMagick.
     
  7. dclardy

    dclardy New Member

    I have been doing some more digging into this, and it appears that the PHP is running in safe mode. This is blocking the server being able to look in this directory for the one site. I am still not sure why it is working on the other one.

    I did some more testing, and I had turned on SuPHP on one the website that it was working on. I went back to that site and turned on FastCGI. It still worked. I did the same thing in the other site, and it worked.

    Why would that be?

    Thanks.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    The problem is not related ro safemode as safemode. The problems is the open_basedir setting which denies the access to system directories for security reasons. There are 2 possible solutions:

    1) If you dont need access for all sites to the convert binary, copy create a bin directory in the website root directory and copy the convert program to this place or make a hardlink.

    2) Add ":usr/bin" at the end of theopen_basedir path in the vhost template and the fcgi script templates in /usr/local/ispconfig/server/conf/ and then update the site to allow all scripts the access to the /usr/bin/ directory.
     
  9. dclardy

    dclardy New Member

    Alright. I have tried to do this, but I must being doing something wrong. These are the files that I have edited.

    vhost.conf.master
    php-fcgi-starter.master

    I added the the :usr/bin in these locations:

    vhost.conf.master

    Code:
    <tmpl_if name='php' op='==' value='mod'>
        # mod_php enabled
        AddType application/x-httpd-php .php .php3 .php4 .php5
        php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fwebmaster@<tmpl_var name='domain'>"
        php_admin_value upload_tmp_dir <tmpl_var name='document_root'>/tmp
        php_admin_value session.save_path <tmpl_var name='document_root'>/tmp
    <tmpl_if name='security_level' op='==' value='20'>
        php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:[B]usr/bin[/B]
    php-fcgi-starter.master

    Code:
    #!/bin/sh
    PHPRC="<tmpl_var name='php_ini_path'>"
    export PHPRC
    PHP_DOCUMENT_ROOT="<tmpl_var name='document_root'>"
    export PHP_DOCUMENT_ROOT
    # The variable PHP_FCGI_CHILDREN is onyl useful for lighty or nginx as apache
    # mod_fcgi will control the number of childs themself and never use the additional processes.
    # PHP_FCGI_CHILDREN=<tmpl_var name='php_fcgi_children'>
    # export PHP_FCGI_CHILDREN
    PHP_FCGI_MAX_REQUESTS=<tmpl_var name='php_fcgi_max_requests'>
    export PHP_FCGI_MAX_REQUESTS
    exec <tmpl_var name='php_fcgi_bin'> \
    <tmpl_if name="security_level" op="==" value="20"> -d open_basedir=<tmpl_var name='document_root'>[B]:usr/bin[/B] \
    -d upload_tmp_dir=<tmpl_var name='document_root'>/tmp \
    -d session.save_path=<tmpl_var name='document_root'>/tmp \
    </tmpl_if> $1
    This is not working correctly for me. Here is the new error. It appears that directories are not being separated.

    No file /usr/bin/convert could be found. PHP's open_basedir security restriction is set to /var/www/clients/client1/web2:usr/bin, which may be interfering with the attempts to locate ImageMagick.

    Any ideas?
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Sorry, I had a typo in my example. The path is /usr/bin and not usr/bin.
     
  11. dclardy

    dclardy New Member

    Problem solved.
     
  12. kanani

    kanani New Member

    and the solution was?

    How bout posting the fix so others can benefit.
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The fix is described in the thread. Just change the line:

    Code:
    <tmpl_if name="security_level" op="==" value="20"> -d open_basedir=<tmpl_var name='document_root'> \
    
    to:

    Code:
    <tmpl_if name="security_level" op="==" value="20"> -d open_basedir=<tmpl_var name='document_root'>:/usr/bin \
    
     
  14. dclardy

    dclardy New Member

    Just to clarify:

    In /usr/local/ispconfig/server/conf:

    Change the vhost.conf.master

    From:

    Code:
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp
    To:

    Code:
    php_admin_value open_basedir <tmpl_var name='document_root'>/web:<tmpl_var name='document_root'>/tmp:/usr/share/php5:/tmp:/usr/bin
    In my case, I wanted to use it with FastCGI. I also changed this the fastcgi starter as well.

    Change the php-fcgi-starter.master

    From:

    Code:
    <tmpl_if name="security_level" op="==" value="20"> -d open_basedir=<tmpl_var name='document_root'> \
    To:

    Code:
    <tmpl_if name="security_level" op="==" value="20"> -d open_basedir=<tmpl_var name='document_root'>:/usr/bin \

    You then have to change the PHP in the control panel, and then change it back to make it work.

    Hope it helps.
     
  15. enumoran

    enumoran New Member

    Thanks a lot for clarifying this.
     

Share This Page