Problem with suPHP and mpm-itk

Discussion in 'General' started by tio289, Mar 19, 2010.

  1. tio289

    tio289 Member

    Hello, i am tryting to setup suPhp or mpm-itk.

    If I use suPhp I get following error

    Code:
    [Fri Mar 19 20:26:27 2010] [error] [client 87.250.230.32] SecurityException in Application.cpp:162: Calling user is not webserver user!
    [Fri Mar 19 20:26:27 2010] [error] [client 87.250.230.32] Premature end of script headers: index.php
    
    I setup chmod of web dirrectory recursive to 0755 and check user and group of web directory recursive and all is ok.

    Them I check apache user (www-data) that corresponds with webserver user in suphp.conf

    I was founding in google, but no revelant result.


    mpm-itk - problem with install

    Code:
    s0:~# aptitude install apache2-mpm-itk
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Reading extended state information
    Initializing package states... Done
    Reading task descriptions... Done
    The following packages are BROKEN:
      apache2
    The following NEW packages will be installed:
      apache2-mpm-itk
    The following packages will be REMOVED:
      apache2-mpm-prefork{a}
    0 packages upgraded, 1 newly installed, 1 to remove and 0 not upgraded.
    Need to get 0B/195kB of archives. After unpacking 102kB will be freed.
    The following packages have unmet dependencies:
      apache2: Depends: apache2-mpm-worker (>= 2.2.9-10+lenny6) but it is not installable or
                        apache2-mpm-prefork (>= 2.2.9-10+lenny6) but it is not installable or
                        apache2-mpm-event (>= 2.2.9-10+lenny6) but it is not installable
    The following actions will resolve these dependencies:
    
    Remove the following packages:
    apache2
    
    Score is 119
    
    Accept this solution? [Y/n/q/?] y
    The following NEW packages will be installed:
      apache2-mpm-itk
    The following packages will be REMOVED:
      apache2{a} apache2-mpm-prefork{a}
    0 packages upgraded, 1 newly installed, 2 to remove and 0 not upgraded.
    Need to get 0B/195kB of archives. After unpacking 205kB will be freed.
    Do you want to continue? [Y/n/?] y
    Writing extended state information... Done
    (Reading database ... 50992 files and directories currently installed.)
    Removing apache2 ...
    dpkg: apache2-mpm-prefork: dependency problems, but removing anyway as you request:
     libapache2-mod-php5 depends on apache2-mpm-prefork (>> 2.0.52) | apache2-mpm-itk; however:
      Package apache2-mpm-prefork is to be removed.
      Package apache2-mpm-itk is not installed.
     squirrelmail depends on apache2 | httpd; however:
      Package apache2 is not installed.
      Package apache2-mpm-prefork which provides apache2 is to be removed.
      Package httpd is not installed.
      Package apache2-mpm-prefork which provides httpd is to be removed.
     squirrelmail depends on apache2 | httpd; however:
      Package apache2 is not installed.
      Package apache2-mpm-prefork which provides apache2 is to be removed.
      Package httpd is not installed.
      Package apache2-mpm-prefork which provides httpd is to be removed.
    Removing apache2-mpm-prefork ...
    Stopping web server: apache2 ... waiting .
    Selecting previously deselected package apache2-mpm-itk.
    (Reading database ... 50983 files and directories currently installed.)
    Unpacking apache2-mpm-itk (from .../apache2-mpm-itk_2.2.6-02-1+lenny2+b2_amd64.deb) ...
    Setting up apache2-mpm-itk (2.2.6-02-1+lenny2+b2) ...
    Starting web server: apache2.
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Reading extended state information
    Initializing package states... Done
    Writing extended state information... Done
    Reading task descriptions... Done
    
    this remove apache2 :(

    can somebody help me with mpm-itk or suphp? thanks

    P.S. I rather use mpm-itk with mod-php instead suphp
     
    Last edited: Mar 19, 2010
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Looks as if the php files are not owned by the correct user. Please post the ouput of:

    ls -la

    from inside the web directory.
     
  3. tio289

    tio289 Member

    Code:
    s0:/var/www/clients/client1/web2# ls -la
    total 24
    drwxr-xr-x 6 root root    4096 2010-03-19 08:53 .
    drwxr-xr-x 8 root root    4096 2010-03-19 09:04 ..
    drwxr-x--x 2 web2 client1 4096 2010-03-19 08:53 cgi-bin
    lrwxrwxrwx 1 web2 client1   36 2010-03-19 08:53 log -> /var/log/ispconfig/httpd/                                                                             direct21.sk
    drwxr-x--x 2 web2 client1 4096 2010-03-19 08:53 ssl
    drwxrwxrwx 2 web2 client1 4096 2010-03-19 08:53 tmp
    drwxr-xr-x 9 web2 client1 4096 2010-03-19 09:27 web
    s0:/var/www/clients/client1/web2# cd web
    s0:/var/www/clients/client1/web2/web# ls -la
    total 1068
    drwxr-xr-x 9 web2 client1    4096 2010-03-19 09:27 .
    drwxr-xr-x 6 root root       4096 2010-03-19 08:53 ..
    -rwxr-xr-x 1 web2 client1    1406 2009-04-03 04:54 favicon.ico
    -rwxr-xr-x 1 web2 client1    3340 2009-03-15 22:41 functions.php
    -rwxr-xr-x 1 web2 client1       0 2009-03-15 23:38 google6c3899854a8ee755.html
    -rwxr-xr-x 1 web2 client1     900 2010-03-08 18:38 .htaccess
    drwxr-xr-x 2 web2 client1    4096 2009-03-15 16:52 images
    -rwxr-xr-x 1 web2 client1    1861 2010-03-19 08:53 index.html
    -rwxr-xr-x 1 web2 client1    5751 2009-10-26 15:49 index.php
    drwxr-xr-x 2 web2 client1    4096 2009-03-15 22:51 js
    -rwxr-xr-x 1 web2 client1    2981 2009-03-15 23:00 obr.php
    drwxr-xr-x 2 web2 client1    4096 2009-03-15 23:20 pages
    -rwxr-xr-x 1 web2 client1      34 2009-04-03 04:54 robots.txt
    drwxr-xr-x 2 web2 client1 1019904 2010-03-19 20:56 rss
    -rwxr-xr-x 1 web2 client1     238 2010-03-19 09:57 sql.php
    drwxr-xr-x 2 web2 client1    4096 2010-03-02 00:30 stats
    drwxr-xr-x 2 web2 client1    4096 2009-08-11 17:29 styles
    drwxr-xr-x 3 web2 client1    4096 2009-05-04 20:57 unembellished
    s0:/var/www/clients/client1/web2/web#
    
    
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Looks ok. Please post the output of:

    ps -aux | grep apache

    and the content of the vhost file for this vhost which is in /etc/apache2/sites-enabled/
     
  5. tio289

    tio289 Member

    Code:
    root      4166  0.0  1.3 239072 14224 ?        Ss   20:47   0:00 /usr/sbin/apache2 -k start
    www-data  4375  0.0  0.5 155956  6132 ?        S    20:53   0:00 /usr/sbin/apache2 -k start
    www-data  5018  0.0  1.1 241892 11752 ?        S    21:21   0:00 /usr/sbin/apache2 -k start
    www-data  5027  0.0  0.9 239816  9980 ?        S    21:22   0:00 /usr/sbin/apache2 -k start
    www-data  5032  0.1  1.1 242416 11812 ?        S    21:22   0:00 /usr/sbin/apache2 -k start
    www-data  5041  0.0  0.8 239216  8564 ?        S    21:23   0:00 /usr/sbin/apache2 -k start
    
    Code:
    s0:/var/www/clients/client1/web2/web# cat /etc/apache2/sites-available/direct21.sk.vhost
    <Directory /var/www/direct21.sk>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    <VirtualHost 94.124.147.133:80>
        DocumentRoot /var/www/clients/client1/web2/web
    
        ServerName direct21.sk
        ServerAlias *.direct21.sk
        ServerAdmin [email protected]
    
        ErrorLog /var/log/ispconfig/httpd/direct21.sk/error.log
    
        <Directory /var/www/direct21.sk/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client1/web2/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
        # suphp enabled
        <Directory /var/www/clients/client1/web2/web>
            suPHP_Engine on
            # suPHP_UserGroup web2 client1
            AddHandler x-httpd-suphp .php .php3 .php4 .php5
            suPHP_AddHandler x-httpd-suphp
        </Directory>
            RewriteEngine on
    
            RewriteCond %{http_host} ^direct21\.sk [nc]
            RewriteRule ^(.*)$ http://www.direct21.sk$1 [r=301,nc]
    
            RewriteCond %{HTTP_HOST} ^www\.([^.]+)\.direct21\.sk [nc]
            RewriteRule ^(.*)$ http://%1.direct21.sk$1 [r=301,nc]
    
            RewriteCond %{REQUEST_URI} !^/sd_
            RewriteCond %{HTTP_HOST} !^www\.direct21\.sk [NC]
            RewriteCond %{HTTP_HOST} ^([^.]+)\.direct21\.sk
            RewriteRule (.*) /sd_%1/$1 [L]
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web2 client1
        </IfModule>
    
    
    </VirtualHost>
    
     
  6. tio289

    tio289 Member

    Hello people!

    Can somebody help me?? I preffer MPM-ITK
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Do you have mpm-atk installed now with apt?
     
  8. tio289

    tio289 Member

    when I install apache2-mpm-itk them it uninstall apache2, but apache2-common still remains installed.

    web server is running, but with blank pages

    this is in errorlog

    Code:
    [Sun Mar 21 21:26:42 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
    [Sun Mar 21 21:26:42 2010] [warn] (itkmpm: pid=4441 uid=0) itk_post_read(): setgid(): Operation not permitted
    [Sun Mar 21 21:26:42 2010] [warn] Couldn't set uid/gid/priority, closing connection.
    [Sun Mar 21 21:26:42 2010] [notice] Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny8 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal o$
    [Sun Mar 21 21:26:43 2010] [warn] (itkmpm: pid=4446 uid=0) itk_post_read(): setgid(): Operation not permitted
    [Sun Mar 21 21:26:43 2010] [warn] Couldn't set uid/gid/priority, closing connection.
    [Sun Mar 21 21:26:43 2010] [warn] (itkmpm: pid=4447 uid=0) itk_post_read(): setgid(): Operation not permitted
    [Sun Mar 21 21:26:43 2010] [warn] Couldn't set uid/gid/priority, closing connection.
    [Sun Mar 21 21:26:43 2010] [warn] (itkmpm: pid=4448 uid=0) itk_post_read(): setgid(): Operation not permitted
    
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats ok, as mpm-itk replaces apache2.

    You should search for this in google, there are a lot of threads about that.

    But I really dont know why you want to use mpm-itk, as normally you use suexec + php-fcgi in websites to run scripts under the user of the website on hosting servers.
     
  10. tio289

    tio289 Member

    SOLVED!!!

    I had enabled mod_ruid causing problems with suPHP.

    I decided to use mod_ruid, because it has better performace, but for security reasons I must run apache in chroot.

    Is it good solution?
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    The recommended and fastest solution is to use suexec with php-fcgi. This is very fast and runs all php processes and script processes under the website and not apache user.
     
  12. tio289

    tio289 Member

    Ok, thanks, I finaly use suexec with fast-cgi.
     

Share This Page