Hi everyone Just like to know if apache2-mpm-itk is compatible with ispconfig. Is it an acceptable alternative to suphp, does it work and are there any security issues that need addressing. Its installable for ubuntu as an apt-get install apache2-mpm-itk but Im unsure as to what is any config settings need to be changed to allow it to work properly Infact there really isnt a lot of info about it that I could find. Thanks Steve
I have not tested it with ISPConfig yet but I guess it might work. You will have to add the "AssignUserID" directive with the userid of the administrator of the website and the groupid of the website in the apache directives field manually. Please report if it workd, then we can add this functionality to the ISPConfig php configuration options.
Hi till well not a lot of luck yet but here is what I have done for testing mpm-itk used vmware on xp to install a test server with debian etch perfect setup then apt-get install apache2-mpm-itk. This removed 2 apache files changed some stuff and restarted apache2. then installed ispconfig setup one site placed "AssignUserID web1_steve www-data" into Apache Directives in ispconfig used ftp and uploaded joomla files same old problem joomla cant write so used chown -R -v -f www-data:www-data web/* to allow joomla to install but now I cant use ftp to make any changes. Q. am I using the right user and group id Q. How can I check to determine if mpm-itk is installed and working correctly I have included a copy of my vhost file below Thanks Steve ################################### # # ISPConfig vHost Configuration File # Version 1.0 # ################################### # NameVirtualHost 192.168.1.22:80 <VirtualHost 192.168.1.22:80> ServerName localhost ServerAdmin root@localhost DocumentRoot /var/www/sharedip </VirtualHost> # # ###################################### # Vhost: www.sample.com:80 ###################################### # # <VirtualHost 192.168.1.22:80> AssignUserID web1_steve www-data ServerName www.sample.com:80 ServerAdmin [email protected] DocumentRoot /var/www/web1/web ServerAlias sample.com DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/ AddHandler cgi-script .cgi AddHandler cgi-script .pl ErrorLog /var/www/web1/log/error.log AddType application/x-httpd-php .php .php3 .php4 .php5 <Files *.php> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php3> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php4> SetOutputFilter PHP SetInputFilter PHP </Files> <Files *.php5> SetOutputFilter PHP SetInputFilter PHP </Files> php_admin_flag safe_mode Off AddType text/html .shtml AddOutputFilter INCLUDES .shtml Alias /error/ "/var/www/web1/web/error/" ErrorDocument 400 /error/invalidSyntax.html ErrorDocument 401 /error/authorizationRequired.html ErrorDocument 403 /error/forbidden.html ErrorDocument 404 /error/fileNotFound.html ErrorDocument 405 /error/methodNotAllowed.html ErrorDocument 500 /error/internalServerError.html ErrorDocument 503 /error/overloaded.html AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3 AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3 </VirtualHost>
If you want the Apache user to have read/write privileges, then yes. If you want the site owner to have read/write privileges, you must make him the owner of the files and his group the group of the files. If the files then have 664 privileges (directories 775), and you add www-data to the web group, Apache should be able to read/write as well. Check Apache's error log for errors.
And if you want to have a solution that is tested and supported by ISPConfig, you should use SuPHP instead of mpm-itk.
Another method to allow www-data user to write into webmaster owned directories is to use setfacl/getfacl utilities. This requires your webmasters to login via SSH to change POSIX ACLs on files and/or folders. Also, option 'acl' must be used in /etc/fstab. And also set setguid (chmod g+s my/folder) on the directory where files will be created by apache. If apache creates files or folders in this directory their group fill be inherited from the parent directory and the webmaster will be able to view them.