Hi, ISPConfig really works great and secure on a production webserver. But we also want to work with ISPConfig on our development server. And there we will have a network share to /var/www for developer access over samba or afp. So if we run ISPConfig then all client web folder will have there own user and group. But we access the network share with just common user/pass for all developers. -> so we get permission conflicts How do other developers work in such a scenario? Could we make ISPConfig insecure for our development and just using a global user:group like www-data but all the comfort of an easy administration with ISPConfig? Thanks for any response and solution.
ISPConfig does not support this, but you should be able to run all websites under www-data with a small hack. Edit the file /usr/local/ispconfig/interface/web/sites/web_domain_edit.php, in line 485 you see these lines: $system_user = $app->db->quote('web'.$this->id); $system_group = $app->db->quote('client'.$client_id); change them to: $system_user = 'www-data'; $system_group = 'www-data'; and do the same in line 584. This is a hack for a internal dev systemm, so dont use it on servers that were directly connected to the internet. Also these changes will get overwritten on ispconfig update, but this should not be a big problem on a dev server as you wont update ispconfig that frequently there I guess.
Hi Till, thanks for your answer. But this don´t work here, after changing the lines to $system_user = 'www-data'; $system_group = 'www-data'; the fields in the database will not be updated. Not for creating a new site, nor updating a site. So I tried to manually change the fields in the database and after that changing details for the site in the ui to force an update. Now the user/group is www-data for the /var/www/mysite folder, but suddenly ISPConfig is not availiable anymore and i got an permission error? Only if I change the owner/group from ispconfig to www-data for all ispconfig scripts, the frontend comes back again. Are there any other things to do? Does this work only by patching before ispconfig installation? I´m using the latest ispconfig version under debian 6 with updated mysql and php (5.3.x) over dotdeb repository.
It should work for all new sites that were created after the change. It should not affect ispconfig interface at all as thes settings are not related to the ispconfig vhost, they affect only hosted sites.
Hi Till, even if I change the sql statement directly in web_domain_edit $sql = "UPDATE web_domain SET system_user = 'www-data', system_group = 'www-data', document_root = '$document_root', allow_override = '$htaccess_allow_override', php_open_basedir = '$php_open_basedir' WHERE domain_id = ".$this->id; $app->db->query($sql); nothing is changing and the database fields are not updated?? Did a clean install for testing again. Seems that the sql statements will not be fired?
Hi Till, found another occurence in /usr/local/ispconfig/interface/lib/plugins/sites_web_domain_plugin.inc.php After changing there, it seems to work. Are there any files left to be patched?
But now again the ISPConfig frontend gives a permission denied. ps aux | grep apache root 5092 0.0 0.8 346160 17160 ? Ss 16:30 0:00 /usr/sbin/apache2 -k start www-data 5095 0.0 0.1 149788 3952 ? S 16:30 0:00 /usr/sbin/apache2 -k start www-data 5096 0.0 0.4 347080 9756 ? S 16:30 0:00 /usr/sbin/apache2 -k start www-data 5097 0.0 0.5 347604 10896 ? S 16:30 0:00 /usr/sbin/apache2 -k start www-data 5098 0.0 0.4 347080 10172 ? S 16:30 0:00 /usr/sbin/apache2 -k start www-data 5099 0.0 0.5 347448 10640 ? S 16:30 0:00 /usr/sbin/apache2 -k start www-data 5100 0.0 0.4 346948 9564 ? S 16:30 0:00 /usr/sbin/apache2 -k start www-data 5137 0.0 0.4 346948 9560 ? S 16:34 0:00 /usr/sbin/apache2 -k start root 5221 0.0 0.0 7552 864 pts/1 S+ 16:36 0:00 grep apache After changing to chown -R www-data:www-data /usr/local/ispconfig interface is back again.