Hi all! I discovered suPHP by this forum, then I think someone here are using it... I discovered a big issue: suPHP ignores php_admin and php_admin_values in apache2.conf (or Vhosts_ispconfig.conf)! Then a cfg like this: Code: <VirtualHost 1.2.2.4:80> ... php_admin_flag safe_mode On php_admin_value open_basedir /var/www/web2/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /var/www/web2/phptmp/ php_admin_value session.save_path /var/www/web2/phptmp/ ... </VirtualHost> ...doesn't work! The only way to change php settings per-virtualhost is creating a custom php.ini file in a custom directory: Code: <VirtualHost 1.2.2.4:80> ... suPHP_ConfigPath /etc/apache2/dir_with_customized_php_ini ... </VirtualHost> I think I can't run suPHP with ISPConfig :-( Any idea?
I think I'll disable suPHP for now, but I'll try to do some changes... are there some docs or can you tell me where to start? Thank you again Till, you're becoming my best friend! Do you plan to come here in Italy for holiday? ;-)
Have a look at the script: /root/ispconfig/scripts/lib/config.lib.php the relevant function is named: make_vhost($server_id) { ...... Thanks, I will send you a pm if i will make hollidays in italy
Ok! This is valid for falko too ;-) On topic, I realized now that there are no problems with suPHP, because php_admin commands are used in virtualhosts by ISPConfig only for setting safe mode (am I right?)... and, after reading some forums out here, suPHP makes safe mode obsolete. Now, the only disadvantage of suPHP are the poor performances, the same of php-cgi (php is called by CLI)... but I prefer to have better security and to avoid problems caused by safe mode (uploaded files permissions, for example) I read something about fastcgi php ( see http://www.t17.ds.pwr.wroc.pl/~misiek/index.php/ApacheModFastcgiPHP ), but it seems quite complex to install, tune and specially mantain (it require to download and compile php source, I like too much debian apt-get and security updates!)... See you
I know this is a late topic but I thought I'd throw in my piece. I've been researching on how to better secure php with ISPconfig installed and been playing around with suphp, suexec and mod_php in safe_mode=on I found you can relax the strict safe_mode of mod_php with file uploads by setting the safe_mode_gid=on then setting the phptmp folder with chmod g+s. This works where apache user (www/nobody/wwwuser/apache/etc) writes to that temp folder and the GID is kept. mod_php can still read that file so it works. The only thing I didn't check or confirmed is that the quota for the user is counted as the user who owns the file is still the httpd servers user and not the user of the account. Now someone can confirm this 100% because this was a week ago and I think that was all I did to make it work. I don't think there was any special other tweaks but you'd need to change your make_vhost($server_id) to change the permissions.
Hi, Are those options by default in ISPC? php_admin_flag safe_mode On php_admin_value open_basedir /var/www/web2/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /var/www/web2/phptmp/ php_admin_value session.save_path /var/www/web2/phptmp I can't see them in Vhosts_ispconfig.conf. Ddelbia are you put them youself? Best regards, MvincM
Ohhh. I see. Thank you for info. But it could be useful to have php_admin_value open_basedir /var/www/web2/ php_admin_value file_uploads 1 php_admin_value upload_tmp_dir /var/www/web2/phptmp/ php_admin_value session.save_path /var/www/web2/phptmp without php_admin_flag safe_mode On First of them increase security level without some "safe_mode" issues. It is possible? MvincM
Probleme with rights When i put a Dotclear Webblog or another CMS.. If i want upload a file via Php.. the file go on the right place but not with the owner of the site.. exemple webx_user. The file owner in the server is wwwrun www (apache).. How can i uploader a file with php and have the right owner ? Thanks a lot..
