Configuration differences between 'admin' website and 'client' website

Discussion in 'Installation/Configuration' started by francoisPE, Feb 24, 2021.

  1. francoisPE

    francoisPE Active Member HowtoForge Supporter

    Hello,
    I am running perfect server 3.2 on ubuntu 20.04
    I install 2 nextcloud websites on 2 different servers :
    - server 1. is related to client0 = admin,
    - server 2. is related to client1
    I had issues with jailkit. So, on that server, installation is 'perfect server without jailkit'

    On both I installed CollaboraOnLine/RichdocumentsCode (it is an addon), but behavior is different. On server 2, it doesn't work : php-fpm is trying to acces a process outside Openbasedir : /proc/number

    I dig on CollaboraOnLine/RichdocumentsCode obviously, on server differences also...
    I want also to dig a little bit on ispconfig side :
    I wonder what are the differences between a website related to client0 and a website related to client1 ?
    My initial thought was differences are very small (naming) but may be there are others ?
     
    Last edited: Feb 24, 2021
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Add /proc/number to the open_basedir restrictions for that site. (Side note: /proc is not mounted inside a jail, so running php-fpm in chroot mode would not work with this.)

    In your case, they are on different servers (so could potentially be very different config you set up), and it sounds like one is using jailkit while the other is not.
     
    ahrasis likes this.
  3. francoisPE

    francoisPE Active Member HowtoForge Supporter

    It tested it. It works well !
    I am still trying to understand from where it is coming.
    Probably, a setup param in CollaboraOnLine/RichdocumentsCode I miss somewhere !
    Thanks a lot :)
     
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    No idea, I'm not familiar with /proc/number and it doesn't seem to exist on a couple systems I checked here. Unless by 'number' you mean a numeric value, not the literal string 'number', in which case it's a handle to the running process id - and will change every time the php process does, so you will have to add the whole /proc directory to open_basedir. At that point you may want to pursue your understanding of why it does that and see about disabling that behavior due to security concerns (ie. of php code being allowed access to /proc).
     
  5. francoisPE

    francoisPE Active Member HowtoForge Supporter

    Sorry, for being confusing /proc/number, is /proc/376895 in my case !
    It's one of php-fpm process running on my server.
    I fully share that opening /proc in openbasedir is slightly dangerous !
    I am trying to understand why sometimes, it request that, why sometimes no...
    if I discover, I'll let you know
    Thanks for your help :)
     

Share This Page