[SOLVED] suPHP and suEXEC broken by default in Ubuntu 10.04 Perfect Server I followed the Ubuntu 10.04 perfect server guide and installed ISPConfig 3. I want to install Joomla so I created a website with suEXEC + PHP Fast-CGI and another site with suPHP. Neither suEXEC + PHP Fast-CGI nor suPHP work correctly by default. If I upload a file via FTP it will be owned by the correct owner (like web1) but any file created by Joomla will be owned by www-data. If you try to install Joomla you will see an error at the beginning saying that configuration.php is not writable. If you change the permissions of /web from the default value of 710 to 777, Joomla can write to configuration.php but the owner will be www-data. You can now continue installing Joomla but you cannnot install anything from within Joomla since all the files it tries to create are owned by www-data. The first thing you notice when you connect to your site's account with ssh or FTP is that some of the default permissions are wrong. in /var/www/clients/client1/web1 all files and directories are owned by web1 (group client1) /.cache is 755 /cgi-bin is 751 /log is 777 /tmp is 777 /web is 710 .bash_history is 755 in /web the /stats directory has 755 but it is owned by root. The are other files from /web are owned by web1 client1 but their permissions are 754 not 644 So, there is absolutely no difference between a site with suPHP and another one with suEXEC + Fast-CGI. They both have the same default permissions and any file created by Joomla is owned by www-data. Any suggestion on how to fix this? The permissions are OK in Ubuntu 8.04 with ISPConfig 3 and suPHP.
The permissions are absolutely correct and as they should. You mix up the security modes here. Your old server is set to another securioty mode the the new one. With the new high security level, the permissions have to be like this. Your suexec and suphp problem are not realted to this. Thats as it should. If they were different, then the setup would be incorrect. The difference is not in directory settings, its in the vhost file. To find the reason for your problems, check this: Any jobs listed in the jobqueue in the ispconfig monitor? If no, then set the website to suexec + fastcgi. Wait a few minutes and then get the vhost file of this vhost and post its content here.
Thanks for the quick answer. I created a new site with suexec and fastcgi. There are no jobs in the queue. Code: <Directory /var/www/test.zz> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/test.zz/web ServerName test.zz ServerAlias www.test.zz ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/test.zz/error.log <Directory /var/www/test.zz/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web4/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # suexec enabled SuexecUserGroup web4 client1 # php as fast-cgi enabled <IfModule mod_fcgid.c> # SocketPath /tmp/fcgid_sock/ IdleTimeout 3600 ProcessLifeTime 7200 # MaxProcessCount 1000 DefaultMinClassProcessCount 3 DefaultMaxClassProcessCount 100 IPCConnectTimeout 8 IPCCommTimeout 360 BusyTimeout 300 </IfModule> <Directory /var/www/test.zz/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web4/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web4 client1 </IfModule> </VirtualHost>
What result are you expecting when using suexec? The default setup via ISPConfig is to restrict use of CGI to the cgi-bin. To enable cgi in other directories you'll also have to set the options to +ExecCGI for whatever directory. Suexec enforces the requirements 1/ the script must be owned by the user/group specified by the SuexecUserGroup directive and have 755 permissions 2/ the containing directory must also be owned by the same user/group.
Well, I expect suEXEC + Fast-CGI or suPHP to work correctly. Because none of them works as expected, any new file Joomla tries to create is owned by www-data. In Ubuntu 8.04 + ISPConfig 3 + manual installation of suPHP there are no problems with permissions in Joomla.
We are currently investigating here a problem why it does not work on your server while it works on other servers incl. the test servers that I have here. So thats not related to default settings at all.
The vhost file is ok. Suexec is enabled and the vhost also uses fcgi. 1) How exactly didn you access the contents of this site? By entering http://www.test.zz in the webbrowser? 2) Add a phpinfo file in this vhost, then open it with the webbrowser and post it here.
Yes, in the browser. My ispconfig installation is in a VM, on my computer. It's not accessible from the internet. I added www.test.zz and the hostname and IP address of the VM to my /etc/hosts. Before posting here, I installed the Ubuntu 10.04 Perfect Server + ISPConfig 3 on 2 different VMs. It's the same problem on both of them. I attached an .mht with the PHP info. It should open just fine in Firefox or Opera.
Hi! I've got the same problem. I installed ISPConfig using the "Perfect Server" Howto (BTW: Great Howto!). I started with page 3 because the system is pre-installed (using a JiffyBox - virtual cloudserver on demand - www.jiffybox.de). OS is Ubuntu 10.04 LTS x64. Kernel 2.6.33.2-x86_64-jb1. The system is, as I wrote above, a virtual server using Xen. PHP is always running as mod_php, no matter if I select "FastCGI" or "CGI" or anything else. phpinfo() always tells "Apache 2.0 Handler" The vhost file seems to be ok for me: Code: DocumentRoot /var/www/blog.***.de/web ServerName blog.***.de ServerAdmin webmaster@blog.***.de ErrorLog /var/log/ispconfig/httpd/blog.***.de/error.log ErrorDocument 400 /error/400.html ErrorDocument 401 /error/401.html ErrorDocument 403 /error/403.html ErrorDocument 404 /error/404.html ErrorDocument 405 /error/405.html ErrorDocument 500 /error/500.html ErrorDocument 503 /error/503.html <Directory /var/www/blog.***.de/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> <Directory /var/www/clients/client1/web1/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all # ssi enabled AddType text/html .shtml AddOutputFilter INCLUDES .shtml Options +Includes </Directory> # cgi enabled <Directory /var/www/clients/client1/web1/cgi-bin> Order allow,deny Allow from all </Directory> ScriptAlias /cgi-bin/ /var/www/clients/client1/web1/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl # suexec enabled SuexecUserGroup web1 client1 # php as fast-cgi enabled <IfModule mod_fcgid.c> # SocketPath /tmp/fcgid_sock/ IdleTimeout 3600 ProcessLifeTime 7200 # MaxProcessCount 1000 DefaultMinClassProcessCount 3 DefaultMaxClassProcessCount 100 IPCConnectTimeout 8 IPCCommTimeout 360 BusyTimeout 300 </IfModule> <Directory /var/www/blog.***.de/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web1/web> AddHandler fcgid-script .php .php3 .php4 .php5 FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php Options +ExecCGI AllowOverride All Order allow,deny Allow from all </Directory> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1 client1 </IfModule> Can you please help me solving this? Thank you! Andreas
That's my problem also. Even if I create a client and only allow him to select FastCGI for the websites, phpinfo tells that it uses Apache 2.0 Handler. @falko an empty .htaccess is created by default in each site. I always deleted it and of course, it makes no difference. I installed ISPConfig 3.0.2.1 for the third time, same problem. What files do we need to edit to fix this?
Can you try to disable PHP globally, as shown in chapter 17.1 on http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-2-p6 ?
Hi Falko, disabling PHP globally works, thank you! Now I can switch between the PHP modes in ISPConfig Maybe you can add this tip to the ISPC3 Howto?
globally disabling php does not do it for me for suphp Hello, ubuntu 10.04, ispconfig 3 multiserver installation... I have two other ispconfig servers running on ubuntu 9.10 without problems. PHP is configured via suPHP, but on the 10.04 it is running with mod_php. I have tried to disable php globally in mime.types and php5.conf like described in the howto for ispconfig 2, Chapter 17.1. the vhost config looks like this: Code: ... <Directory /var/www/clients/client3/web31/web> suPHP_Engine on # suPHP_UserGroup web31 client3 AddHandler x-httpd-suphp .php .php3 .php4 .php5 suPHP_AddHandler x-httpd-suphp </Directory> ... all I get is an error 500: SecurityException in Application.cpp:511: Unknown Interpreter: php Premature end of script headers: index.php Edit: fastcgi+suexec is working, suPHP is not! any Idea? Thanks, Björn