Hello. I am developing a auto-installer(written in php) to install php scripts(like wordpress, joomla etc). This auto-installer downloads package(e.g. wordpress), extracts it in web user document root(say /var/www/clients/clientX/webX/web) and installs the packge. I have added the installer at ispconfig doc_root i.e. at /usr/local/ispconfig/interface/web/. Now the issue is the installer runs as the user ispconfig and the user folder(say /var/www/clients/clientX/webX/web) owner is webX and due to this installer cannot copy or create directories at the user document_root. What I need to do to make the auto-installer run as the user webX?
I think you can look into APS installer code that is already integrated in ISPC. Or may be use the user ftp account to do that? I mean - the user have to log in with his ftp account, choose the required software from the list and then the code will download, extract and install it at the specified folder? And may be, the code should also give them a choice on whether to install on their custom database or auto created database?
This has just been explained on Wednesday here: https://www.howtoforge.com/community/threads/run-module-as-user.76579/
Thanks for the reply . This auto-installer has to run within ispc. Cant use ftp. Thanks for the answer. I have gone through above link. But I can't use root in auto-installer. I am new to ispc and I don't have much knowledge about it. Is there any other method without root? like when a user logs in is it possible to make php run as currently logged in user?
The installer has to run as a server job in ISPConfig to be able to copy data into the website folder and the root user is the only one which has access to all other users folders on a Linux system, that's why root is required. The ispconfig interface can not run as the user of the website as this would be completely insecure and the user would be able to take over your whole server then.
OK, got it. Thank you for the fast reply! I will try to implement server plugin. One last question. Is there any ispc API available which can write files to user directory with remote user privileges?
I am doing it in a different way now. I have placed the installer sources at `/var/installerv1/sources/' and created a .conf at /etc/apache2/conf-enabled/installer.conf like this. Alias /installerv1 /var/installerv1/sources <Directory /var/installerv1/sources> Options +FollowSymLinks DirectoryIndex index.php <IfModule mod_php7.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On </IfModule> AllowOverride All Require all granted </Directory> Now if I run the application at https://server-ip:port/installerv1 I can see the installer run as www-data and it cannot copy files at user directory. Is there any additional things I should do so that it can copy files at user directory?
This can not work as websites do not run as www-data, so running something as www-data makes no sense if you want to copy files. I explained above how you can do it. You need a server plugin.
OK. Now I have these doubts. 1. Suppose I created a server plugin say installerv1_plugin.inc.php at /usr/local/ispconfig/plugins-enabled/ then do I need to make a call to this plugin from installer whenever the installer tries to create directories or copy files at user folders? 2. I can see in apache2_plugin.inc.php there are some registerEvents which the plugin binds to. In my case which event my plugin should bind to in order to copy files to user directory?
No. This is an ISPConfig plugin, it gets executed by ISPConfig only when the event happens that you registered it for, e.g. the website insert event or the website update event and the plugin will do actions based on the data that it receives from the web_domain database table. If you want to install the same files everytime a new website gets added, then you do not have to pass any further data. If you want to do different actions, then you need a field in the web_domain database table where you can set a value that tells your plugin code what it shall do. This depends on what you want to do. But most likely you need the website insert and update events or if installations shall happen only when a new site gets created, then the website insert event alone should be enough.
We want to run our application inside ISPConfig with the following caveats: 1. We want it to run independently for each user 2. We want it to be able to manage files within $HOME and $DOCUMENT_ROOT for each user 3. We want it to be live (not as a server plugin where we have schedule operations and wait for upto a minute) An example of what we are trying to do would be an Advanced File Manager. i.e.: 1. each user sees only the files in his/her $HOME and $DOCUMENT_ROOT directories 2. user can create new directories/files and also edit them 3. user must not have to wait for their operations to be completed (it has to happen instantly) In light of these requirements, what would you suggest that our approach should be? We are reasonably sure about the possibilities of these features because Softaculous already does a lot of it. Please advice.
You can use web based file manager like Net2ftp or Pydio for managing file but for installation of softwares, I don't know, may be add your code / script to it instead?
We want to run our application inside ISPConfig with the following caveats: 1. We want it to run independently for each user 2. We want it to be able to manage files within $HOME and $DOCUMENT_ROOT for each user 3. We want it to be live (not as a server plugin where we have schedule operations and wait for upto a minute) An example of what we are trying to do would be an Advanced File Manager. i.e.: 1. each user sees only the files in his/her $HOME and $DOCUMENT_ROOT directories 2. user can create new directories/files and also edit them 3. user must not have to wait for their operations to be completed (it has to happen instantly) In light of these requirements, what would you suggest that our approach should be? We are reasonably sure about the possibilities of these features because Softaculous already does a lot of it. Please advice.
Use WebFTP. You'll not be able to set this up via file system commands without a lot of security problems.
Yes. I will definitely do that if ISPConfig doesnt work in my case. Thanks. Now I am not able to start service pure-ftpd start. It is giving error: 421 Unable to switch capabilities : Operation not permitted. Do you know any workaround? Note: I am running ISPConfig inside docker container.
