apache2-mpm-itk

Discussion in 'Installation/Configuration' started by steve1084, May 30, 2007.

  1. steve1084

    steve1084 New Member

    Hi everyone

    Just like to know if apache2-mpm-itk is compatible with ispconfig.

    Is it an acceptable alternative to suphp, does it work and are there any security issues that need addressing.

    Its installable for ubuntu as an apt-get install apache2-mpm-itk but Im unsure as to what is any config settings need to be changed to allow it to work properly

    Infact there really isnt a lot of info about it that I could find.

    Thanks:)
    Steve
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I have not tested it with ISPConfig yet but I guess it might work. You will have to add the "AssignUserID" directive with the userid of the administrator of the website and the groupid of the website in the apache directives field manually. Please report if it workd, then we can add this functionality to the ISPConfig php configuration options.
     
  3. steve1084

    steve1084 New Member

    Hi till

    well not a lot of luck yet but here is what I have done for testing mpm-itk

    used vmware on xp to install a test server with debian etch perfect setup
    then apt-get install apache2-mpm-itk. This removed 2 apache files changed some stuff and restarted apache2.
    then installed ispconfig
    setup one site
    placed "AssignUserID web1_steve www-data" into Apache Directives in ispconfig
    used ftp and uploaded joomla files
    same old problem joomla cant write so used chown -R -v -f www-data:www-data web/* to allow joomla to install but now I cant use ftp to make any changes.

    Q. am I using the right user and group id

    Q. How can I check to determine if mpm-itk is installed and working correctly

    I have included a copy of my vhost file below

    Thanks
    Steve



    ###################################
    #
    # ISPConfig vHost Configuration File
    # Version 1.0
    #
    ###################################
    #
    NameVirtualHost 192.168.1.22:80
    <VirtualHost 192.168.1.22:80>
    ServerName localhost
    ServerAdmin root@localhost
    DocumentRoot /var/www/sharedip
    </VirtualHost>
    #
    #
    ######################################
    # Vhost: www.sample.com:80
    ######################################
    #
    #
    <VirtualHost 192.168.1.22:80>
    AssignUserID web1_steve www-data
    ServerName www.sample.com:80
    ServerAdmin [email protected]
    DocumentRoot /var/www/web1/web
    ServerAlias sample.com
    DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
    ScriptAlias /cgi-bin/ /var/www/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    ErrorLog /var/www/web1/log/error.log
    AddType application/x-httpd-php .php .php3 .php4 .php5
    <Files *.php>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php3>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php4>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    <Files *.php5>
    SetOutputFilter PHP
    SetInputFilter PHP
    </Files>
    php_admin_flag safe_mode Off
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
    Alias /error/ "/var/www/web1/web/error/"
    ErrorDocument 400 /error/invalidSyntax.html
    ErrorDocument 401 /error/authorizationRequired.html
    ErrorDocument 403 /error/forbidden.html
    ErrorDocument 404 /error/fileNotFound.html
    ErrorDocument 405 /error/methodNotAllowed.html
    ErrorDocument 500 /error/internalServerError.html
    ErrorDocument 503 /error/overloaded.html
    AliasMatch ^/~([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web1/user/$1/web/$3
    </VirtualHost>
     
  4. falko

    falko Super Moderator ISPConfig Developer

    If you want the Apache user to have read/write privileges, then yes. If you want the site owner to have read/write privileges, you must make him the owner of the files and his group the group of the files. If the files then have 664 privileges (directories 775), and you add www-data to the web group, Apache should be able to read/write as well.

    Check Apache's error log for errors.
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    And if you want to have a solution that is tested and supported by ISPConfig, you should use SuPHP instead of mpm-itk.
     
  6. tensor

    tensor New Member

    Another method to allow www-data user to write into webmaster owned directories is to use setfacl/getfacl utilities. This requires your webmasters to login via SSH to change POSIX ACLs on files and/or folders. Also, option 'acl' must be used in /etc/fstab. And also set setguid (chmod g+s my/folder) on the directory where files will be created by apache. If apache creates files or folders in this directory their group fill be inherited from the parent directory and the webmaster will be able to view them.
     

Share This Page