Hello, i am tryting to setup suPhp or mpm-itk. If I use suPhp I get following error Code: [Fri Mar 19 20:26:27 2010] [error] [client 87.250.230.32] SecurityException in Application.cpp:162: Calling user is not webserver user! [Fri Mar 19 20:26:27 2010] [error] [client 87.250.230.32] Premature end of script headers: index.php I setup chmod of web dirrectory recursive to 0755 and check user and group of web directory recursive and all is ok. Them I check apache user (www-data) that corresponds with webserver user in suphp.conf I was founding in google, but no revelant result. mpm-itk - problem with install Code: s0:~# aptitude install apache2-mpm-itk Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Reading task descriptions... Done The following packages are BROKEN: apache2 The following NEW packages will be installed: apache2-mpm-itk The following packages will be REMOVED: apache2-mpm-prefork{a} 0 packages upgraded, 1 newly installed, 1 to remove and 0 not upgraded. Need to get 0B/195kB of archives. After unpacking 102kB will be freed. The following packages have unmet dependencies: apache2: Depends: apache2-mpm-worker (>= 2.2.9-10+lenny6) but it is not installable or apache2-mpm-prefork (>= 2.2.9-10+lenny6) but it is not installable or apache2-mpm-event (>= 2.2.9-10+lenny6) but it is not installable The following actions will resolve these dependencies: Remove the following packages: apache2 Score is 119 Accept this solution? [Y/n/q/?] y The following NEW packages will be installed: apache2-mpm-itk The following packages will be REMOVED: apache2{a} apache2-mpm-prefork{a} 0 packages upgraded, 1 newly installed, 2 to remove and 0 not upgraded. Need to get 0B/195kB of archives. After unpacking 205kB will be freed. Do you want to continue? [Y/n/?] y Writing extended state information... Done (Reading database ... 50992 files and directories currently installed.) Removing apache2 ... dpkg: apache2-mpm-prefork: dependency problems, but removing anyway as you request: libapache2-mod-php5 depends on apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk; however: Package apache2-mpm-prefork is to be removed. Package apache2-mpm-itk is not installed. squirrelmail depends on apache2 | httpd; however: Package apache2 is not installed. Package apache2-mpm-prefork which provides apache2 is to be removed. Package httpd is not installed. Package apache2-mpm-prefork which provides httpd is to be removed. squirrelmail depends on apache2 | httpd; however: Package apache2 is not installed. Package apache2-mpm-prefork which provides apache2 is to be removed. Package httpd is not installed. Package apache2-mpm-prefork which provides httpd is to be removed. Removing apache2-mpm-prefork ... Stopping web server: apache2 ... waiting . Selecting previously deselected package apache2-mpm-itk. (Reading database ... 50983 files and directories currently installed.) Unpacking apache2-mpm-itk (from .../apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb) ... Setting up apache2-mpm-itk (2.2.6-02-1+lenny2+b2) ... Starting web server: apache2. Reading package lists... Done Building dependency tree Reading state information... Done Reading extended state information Initializing package states... Done Writing extended state information... Done Reading task descriptions... Done this remove apache2 can somebody help me with mpm-itk or suphp? thanks P.S. I rather use mpm-itk with mod-php instead suphp
Looks as if the php files are not owned by the correct user. Please post the ouput of: ls -la from inside the web directory.
Code: s0:/var/www/clients/client1/web2# ls -la total 24 drwxr-xr-x 6 root root 4096 2010-03-19 08:53 . drwxr-xr-x 8 root root 4096 2010-03-19 09:04 .. drwxr-x--x 2 web2 client1 4096 2010-03-19 08:53 cgi-bin lrwxrwxrwx 1 web2 client1 36 2010-03-19 08:53 log -> /var/log/ispconfig/httpd/ direct21.sk drwxr-x--x 2 web2 client1 4096 2010-03-19 08:53 ssl drwxrwxrwx 2 web2 client1 4096 2010-03-19 08:53 tmp drwxr-xr-x 9 web2 client1 4096 2010-03-19 09:27 web s0:/var/www/clients/client1/web2# cd web s0:/var/www/clients/client1/web2/web# ls -la total 1068 drwxr-xr-x 9 web2 client1 4096 2010-03-19 09:27 . drwxr-xr-x 6 root root 4096 2010-03-19 08:53 .. -rwxr-xr-x 1 web2 client1 1406 2009-04-03 04:54 favicon.ico -rwxr-xr-x 1 web2 client1 3340 2009-03-15 22:41 functions.php -rwxr-xr-x 1 web2 client1 0 2009-03-15 23:38 google6c3899854a8ee755.html -rwxr-xr-x 1 web2 client1 900 2010-03-08 18:38 .htaccess drwxr-xr-x 2 web2 client1 4096 2009-03-15 16:52 images -rwxr-xr-x 1 web2 client1 1861 2010-03-19 08:53 index.html -rwxr-xr-x 1 web2 client1 5751 2009-10-26 15:49 index.php drwxr-xr-x 2 web2 client1 4096 2009-03-15 22:51 js -rwxr-xr-x 1 web2 client1 2981 2009-03-15 23:00 obr.php drwxr-xr-x 2 web2 client1 4096 2009-03-15 23:20 pages -rwxr-xr-x 1 web2 client1 34 2009-04-03 04:54 robots.txt drwxr-xr-x 2 web2 client1 1019904 2010-03-19 20:56 rss -rwxr-xr-x 1 web2 client1 238 2010-03-19 09:57 sql.php drwxr-xr-x 2 web2 client1 4096 2010-03-02 00:30 stats drwxr-xr-x 2 web2 client1 4096 2009-08-11 17:29 styles drwxr-xr-x 3 web2 client1 4096 2009-05-04 20:57 unembellished s0:/var/www/clients/client1/web2/web#
Looks ok. Please post the output of: ps -aux | grep apache and the content of the vhost file for this vhost which is in /etc/apache2/sites-enabled/
Code: root 4166 0.0 1.3 239072 14224 ? Ss 20:47 0:00 /usr/sbin/apache2 -k start www-data 4375 0.0 0.5 155956 6132 ? S 20:53 0:00 /usr/sbin/apache2 -k start www-data 5018 0.0 1.1 241892 11752 ? S 21:21 0:00 /usr/sbin/apache2 -k start www-data 5027 0.0 0.9 239816 9980 ? S 21:22 0:00 /usr/sbin/apache2 -k start www-data 5032 0.1 1.1 242416 11812 ? S 21:22 0:00 /usr/sbin/apache2 -k start www-data 5041 0.0 0.8 239216 8564 ? S 21:23 0:00 /usr/sbin/apache2 -k start Code: s0:/var/www/clients/client1/web2/web# cat /etc/apache2/sites-available/direct21.sk.vhost <Directory /var/www/direct21.sk> AllowOverride None Order Deny,Allow Deny from all </Directory> <VirtualHost 94.124.147.133:80> DocumentRoot /var/www/clients/client1/web2/web ServerName direct21.sk ServerAlias *.direct21.sk ServerAdmin [email protected] ErrorLog /var/log/ispconfig/httpd/direct21.sk/error.log <Directory /var/www/direct21.sk/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> <Directory /var/www/clients/client1/web2/web> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> # suphp enabled <Directory /var/www/clients/client1/web2/web> suPHP_Engine on # suPHP_UserGroup web2 client1 AddHandler x-httpd-suphp .php .php3 .php4 .php5 suPHP_AddHandler x-httpd-suphp </Directory> RewriteEngine on RewriteCond %{http_host} ^direct21\.sk [nc] RewriteRule ^(.*)$ http://www.direct21.sk$1 [r=301,nc] RewriteCond %{HTTP_HOST} ^www\.([^.]+)\.direct21\.sk [nc] RewriteRule ^(.*)$ http://%1.direct21.sk$1 [r=301,nc] RewriteCond %{REQUEST_URI} !^/sd_ RewriteCond %{HTTP_HOST} !^www\.direct21\.sk [NC] RewriteCond %{HTTP_HOST} ^([^.]+)\.direct21\.sk RewriteRule (.*) /sd_%1/$1 [L] # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web2 client1 </IfModule> </VirtualHost>
when I install apache2-mpm-itk them it uninstall apache2, but apache2-common still remains installed. web server is running, but with blank pages this is in errorlog Code: [Sun Mar 21 21:26:42 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec) [Sun Mar 21 21:26:42 2010] [warn] (itkmpm: pid=4441 uid=0) itk_post_read(): setgid(): Operation not permitted [Sun Mar 21 21:26:42 2010] [warn] Couldn't set uid/gid/priority, closing connection. [Sun Mar 21 21:26:42 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal o$ [Sun Mar 21 21:26:43 2010] [warn] (itkmpm: pid=4446 uid=0) itk_post_read(): setgid(): Operation not permitted [Sun Mar 21 21:26:43 2010] [warn] Couldn't set uid/gid/priority, closing connection. [Sun Mar 21 21:26:43 2010] [warn] (itkmpm: pid=4447 uid=0) itk_post_read(): setgid(): Operation not permitted [Sun Mar 21 21:26:43 2010] [warn] Couldn't set uid/gid/priority, closing connection. [Sun Mar 21 21:26:43 2010] [warn] (itkmpm: pid=4448 uid=0) itk_post_read(): setgid(): Operation not permitted
Thats ok, as mpm-itk replaces apache2. You should search for this in google, there are a lot of threads about that. But I really dont know why you want to use mpm-itk, as normally you use suexec + php-fcgi in websites to run scripts under the user of the website on hosting servers.
SOLVED!!! I had enabled mod_ruid causing problems with suPHP. I decided to use mod_ruid, because it has better performace, but for security reasons I must run apache in chroot. Is it good solution?
The recommended and fastest solution is to use suexec with php-fcgi. This is very fast and runs all php processes and script processes under the website and not apache user.
