suPHP and chrooted

Discussion in 'Installation/Configuration' started by SamTzu, May 30, 2007.

  1. SamTzu

    SamTzu Member HowtoForge Supporter

    I seem to have a problem with suPHP and Joomla extensions.
    Every new extension I install upload with -rx------- file rights.
    As you can guess this is causing no end of trouble and manual work.

    Can anyone point me in the right directions where to look for these settings?

    Sam
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Do you see any errors in Apache's error log?
     
  3. SamTzu

    SamTzu Member HowtoForge Supporter

    Yup,

    Like this... (taken after another try to add pictures with Virtuemart/Joomla e-shop.)

    server1:/home/admin# tail -30 /root/ispconfig/httpd/logs/error_log
    [Wed May 16 15:08:08 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
    [Wed May 16 15:08:08 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
    [Wed May 16 15:08:08 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
    [Wed May 16 15:08:08 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
    [Wed May 16 15:08:08 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
    [Wed May 16 15:08:08 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
    [Thu May 17 13:07:07 2007] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows)
    [Thu May 17 13:07:07 2007] [error] System: Connection reset by peer (errno: 104)
    [Fri May 25 12:47:34 2007] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows)
    [Fri May 25 12:47:34 2007] [error] OpenSSL: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request [Hint: speaking HTTP to HTTPS port!?]
    du: `/var/www/web16/web/components/com_joomlaxplorer': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/.config': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/.include': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_ftptmp': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_js': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_lang': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_lib': Permission denied
    du: `/var/www/web16/web/administrator/components/com_joomlaxplorer/_style': Permission denied
    du: `/var/www/web16/web/mambots/docman': Permission denied
    du: `/var/www/web16/user/web16_user1/Maildir': Permission denied
    [Sat May 26 15:31:02 2007] [notice] caught SIGTERM, shutting down
    PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/gd.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/gd.so: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mhash.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mhash.so: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mysql.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/mysql.so: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning: PHP Startup: Unable to load dynamic library '/root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so' - /root/ispconfig/php/lib/php/extensions/no-debug-non-zts-20060613/sqlite.so: cannot open shared object file: No such file or directory in Unknown on line 0
    [Sat May 26 15:31:10 2007] [notice] Apache/1.3.37 (Unix) PHP/5.2.1 mod_ssl/2.8.28 OpenSSL/0.9.8e configured -- resuming normal operations
    [Sat May 26 15:31:10 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
    [Mon May 28 20:58:28 2007] [notice] caught SIGTERM, shutting down
    [Mon May 28 20:58:36 2007] [notice] Apache/1.3.37 (Unix) PHP/5.2.1 mod_ssl/2.8.28 OpenSSL/0.9.8e configured -- resuming normal operations
    [Mon May 28 20:58:36 2007] [notice] Accept mutex: sysvsem (Default: sysvsem)
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You are looking at the wrong logfile. Your websites are not run on the ISPConfig apache server, they are run on the apache server of your linux distribution. The error log is in the log directory of the website directory.
     
  5. SamTzu

    SamTzu Member HowtoForge Supporter

    I'm using the VMware ISPconfig appliance.
    It has default apache config so the log files will be in /var/log
    Do you mean those?

    Sam
     
  6. SamTzu

    SamTzu Member HowtoForge Supporter

    There does not appear to be any related error messages in /var/log/apache2

    Sam
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    No, I'am not talkong about these logfiles. The errors are logged in the logfile which is inside the website directory and not in /var/log. Your website directory is /var/www/www.yourdomain.com/..
     
  8. SamTzu

    SamTzu Member HowtoForge Supporter

    This is from the error.log

    [Mon Jun 11 16:52:39 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
    [Mon Jun 11 16:52:39 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
    [Mon Jun 11 16:52:40 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
    [Mon Jun 11 16:52:40 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
    [Mon Jun 11 16:52:47 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
    [Mon Jun 11 16:52:47 2007] [alert] [client 84.249.235.27] /var/www/web16/web/.htaccess: Options not allowed here
    [Mon Jun 11 16:55:33 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/favicon.ico
    [Mon Jun 11 16:59:17 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
    [Mon Jun 11 16:59:24 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_virtuemart
    [Mon Jun 11 16:59:33 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
    [Mon Jun 11 17:00:18 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator...ge=product.product_list&option=com_virtuemart
    [Mon Jun 11 17:00:33 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
    [Mon Jun 11 17:01:47 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
    [Mon Jun 11 17:02:06 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_mambots
    [Mon Jun 11 17:02:24 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
    [Mon Jun 11 17:04:57 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
    [Mon Jun 11 17:06:46 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/index.php
    [Mon Jun 11 17:07:12 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
    [Mon Jun 11 17:07:17 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php?option=com_virtuemart
    [Mon Jun 11 17:07:21 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator...ge=product.product_list&option=com_virtuemart
    [Mon Jun 11 17:07:29 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator...emart&page=product.product_list&category_id=5
    [Mon Jun 11 17:07:34 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator...emart&page=product.product_list&category_id=2
    [Mon Jun 11 17:07:46 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator...d=35&product_parent_id=&option=com_virtuemart
    [Mon Jun 11 17:07:47 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/components/com_virtuemart/shop_image/web, referer: http://www.domain.com/administrator...d=35&product_parent_id=&option=com_virtuemart
    [Mon Jun 11 17:07:47 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/b62bcba0bb7b7d1e9f41e77fcbe696a6.gif, referer: http://www.domain.com/administrator...d=35&product_parent_id=&option=com_virtuemart
    [Mon Jun 11 17:07:48 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/a8da2e5b0b0b2dd2b0c32d9720fc0d77.gif, referer: http://www.domain.com/administrator...d=35&product_parent_id=&option=com_virtuemart
    [Mon Jun 11 17:09:46 2007] [error] [client 84.249.235.27] File does not exist: /var/www/web16/web/includes/js/ThemeOffice/joomla_16x16.png, referer: http://www.domain.com/administrator/index2.php
    [Mon Jun 11 17:09:47 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/3d2e9e3e12c4111e1f10240a9ebf8471.jpg, referer: http://www.domain.com/administrator/index2.php
    [Mon Jun 11 17:09:47 2007] [error] [client 84.249.235.27] (13)Permission denied: file permissions deny server access: /var/www/web16/web/components/com_virtuemart/shop_image/product/6705c1243c8cf1e9d8418e809f3b343b.jpg, referer: http://www.domain.com/administrator/index2.php

    Clearly there is a problem with the file permissions but is it the .htaccess file that is causing it?

    Sam
     
  9. steve1084

    steve1084 New Member

    (13)Permission denied

    Hi Till
    Hi Falko

    New Problem

    Went to upload some pics in my joomla virtumart shop and found they disapeared. On closer inspection they are there but with file permissions of 600 which means nobody can see them. When I chmod them back to 644 everything is fine.

    Apache log showed error


    [Wed Jun 27 14:14:12 2007] [error] [client 202.134.250.214] (13)Permission denied: file permissions deny server access: /var/www/web2/web/components/com_virtuemart/shop_image/product/8af45d7077b9fc7a719486c9662fed00.jpg, referer: http://www.my1084.com/administrator/index2.php

    System is debian etch with suphp and ispconfig

    I have now tested on a second debian etch machine with suphp and ispconfig and got the same result.

    Is this a joomla issue or a suphp issue as without suphp files are chowned by www-data and this dosnt happen.

    Files must have minimum of chmod 755 and 644 in joomla

    Edit

    Thought you might like the output of ls -la /var/www

    server1:/var/www# ls -la /var/www
    total 32
    drwxr-xr-x 8 root root 4096 2007-06-27 11:43 .
    drwxr-xr-x 15 root root 4096 2007-06-26 17:58 ..
    drwxr-xr-x 2 root root 4096 2007-06-26 14:17 apache2-default
    lrwxrwxrwx 1 root root 21 2007-06-27 07:13 phpmyadmin -> /usr/share/phpmyadmin
    drwxr-xr-x 2 root root 4096 2007-06-27 09:14 sharedip
    drwxr-xr-x 8 web2_my1084.com www-data 4096 2007-06-27 14:00 web2
    drwxr-xr-x 2 root root 4096 2007-06-26 14:49 webalizer
    lrwxrwxrwx 1 www-data web2 13 2007-06-27 10:51 www.my1084.com -> /var/www/web2



    Thanks:)
    Steve
     
    Last edited: Jun 27, 2007
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    The mode of a uploaded file can be changed by the script that handles the upload (in this case joomla). But I'am not sure if this can be set globally anywhere else. Maybe joomla has a setting to set the chmod mode anywhere in the config files?
     
  11. steve1084

    steve1084 New Member


    Hi Till

    Yes Joomla has a setting to chmod all files from its admin global settings page. I tried this and I can do a global chmod that does change the chmod of all files and is now set to do this for all new files but this is having NO Affect on the images being uploaded in the virtuemart shop. This is definitely a permissions issue in suphp not recognising that Joomla should have permission to upload the pictures. Other threads showed people with the same issue when installing modules but nobody has shown an answer to this problem.

    I also tried changing the uid and gid in the suphp config from 100 to 1 with no affect.

    Is there a way to give the user more privileges and how do I determine exactly what privilages suphp is looking for.

    Thanks
    Steve:)
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    No, it is not. SuPHP does not alter the permissions at all. The problem is that your shop extension does not take care of the global joomla setting. A chmod on files has to be done by the PHP script.
     
  13. steve1084

    steve1084 New Member


    OK I found the answer

    Changed unmask from 0077 to 0022 and joomla and all pics are now uploading with correct permissions.
    Definately a suphp problem changed in the etc/suphp.config file


    THanks till

    Steve:)
     
    Last edited: Jun 28, 2007
  14. steve1084

    steve1084 New Member

    Just wondering if there are any security issues with changing the unmask setting to 0022

    Thanks
    Steve:)
     
  15. Leszek

    Leszek New Member

    Hi!

    My problem is similar but still a little different.
    In my case after installing an extension (doesn't matter which) by the Joomla! installers,chowns of the new copied files get changed to some other.After that I can't do anything with them and directories they are in.
    The server runs FreeBSD and belongs to one of the hosting companies in Poland.After contacting the server administrator a bash script runs once in 30 minutes and changes everything back to normal.
    Is there a way to fix this problem ? Manual installation of the components could be a workaround but it's easy to make a mistake that way.
     
  16. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess your question is not ISPConfig related, as ISPConfig did not run on FreeBSD?
     
  17. Leszek

    Leszek New Member

    No.
    Joomla! runs ok on a server with ISPConfig.
     
  18. falko

    falko Super Moderator ISPConfig Developer

    That are the default settings for most FTP servers as well, so 022 should be ok. :)
     
  19. falko

    falko Super Moderator ISPConfig Developer

    But do you use ISPConfig on that FreeBSD server?
     
  20. Leszek

    Leszek New Member

    Sorry for the delay.
    No Falko.I don't use ISPConfig on FreeBSD.This system is administered by a hosting company that uses DirectAdmin to configure their server.
    My problem is similar to steve1084's so I posted what I went thru and am very interested in the possible cause or security enhancments that could make files installed by Joomla! have a different owner (chmod seems to be ok).
    The administrator blaims Joomla! for all of this but how could a script change the owner of files so they are owned by a user with a higher UID ? It seems strange to me.
    I'm using Debian Sarge with ISPConfig and SuPHP at home and don't have any problems like that with Joomla!
     

Share This Page