Question about suphp

Discussion in 'Installation/Configuration' started by scottrill2, Jun 11, 2010.

  1. scottrill2

    scottrill2 Member

    Hello,

    I followed the tutorial http://www.howtoforge.com/install-s...tions-for-use-with-ispconfig-2.2.20-and-above and have hit a snag.

    First let me state that I saw in a forum post that I wanted version 0.6.3 vs 0.6.2 because of a security glitch. So I followed Falko's excellent tutorial but subbed that version.


    After the first couple steps:

    a2dismod php5
    /etc/init.d/apache2 restart

    I received this error:

    Restarting web server: apache2We failed to correctly shutdown apache, so we're now killing all running apache processes. This is almost certainly suboptimal, so please make sure your system is working as you'd expect now! (warning).... waiting
    .Syntax error on line 71 of /etc/apache2/vhosts/Vhosts_ispconfig.conf:
    Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration
    failed!

    I had read in a forum post to ignore errors until tutorial is complete so I proceeded to next steps:

    apt-get install php5-cgi apache2-prefork-dev

    cd /tmp
    wget http://www.suphp.org/download/suphp-0.6.3.tar.gz
    tar xvfz suphp-0.6.3.tar.gz
    cd suphp-0.6.3
    ./configure --prefix=/usr --sysconfdir=/etc --with-apache-user=www-data --with-setid-mode=paranoid --with-apxs=/usr/bin/apxs2
    make
    make install

    Again I only changed the version of suphp, everything appeared to go ok, no errors or anything.

    Proceeded to next step:

    vi /etc/apache2/httpd.conf and added:

    LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so

    Then I restarted:

    /etc/init.d/apache2 restart

    and received this again:

    server1:~# /etc/init.d/apache2 restart
    Restarting web server: apache2Syntax error on line 71 of /etc/apache2/vhosts/Vhosts_ispconfig.conf:
    Invalid command 'php_admin_flag', perhaps misspelled or defined by a module not included in the server configuration
    failed!

    I read in the forums about changing something like quota etc and Ispconfig would remove any php safe mode entries, so I changed quota and saved.

    At this point it will either:

    A. Give me same error about php_admin_flag

    Or

    B. it will tell me that "/etc/apache2/vhosts/Vhosts_ispconfig.conf" file not found.

    At this point I either:

    A. Edit the Vhosts_ispconfig.conf file and comment out the php admin flag like so:

    #php_admin_flag safe_mode Off

    Or

    B. I rename one of the old Vhosts_ispconfig.conf files and proceed with step A.

    Then I restart apache and now it is free of errors:

    server1:~# /etc/init.d/apache2 restart
    Restarting web server: apache2 ... waiting .
    server1:~#

    Then I edit vi /home/admispconfig/ispconfig/lib/config.inc.php and change the handler to:

    'suphp'

    No errors still at this point but when I try and view site it prompts me to download php instead of viewing.

    I searched the forums and saw some other posts concerning suphp, some talked about bypassing the php wrapper by editing the suphp.conf file etc. But as I am a novice I didn't want to go just start butchering files in random lol

    Can you folks see any step I did incorrectly from the tutorial or is there some trick I need to know since I am using a slightly newer version than Falko used?

    Sorry for the novel lol

    Scott
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Are there any errors in the error logs of your PHP web sites (in the log directory)?
     
  3. scottrill2

    scottrill2 Member

    No, I don't see any errors in error log in web1 folder. Is there a way to tell if suphp is installed correctly?

    Thanks,

    Scott
     
  4. scottrill2

    scottrill2 Member

    w00h00!!

    Alright,

    Here is the situation now. I reinstalled suphp using your tutorial, but this time I used 0.7.1 and followed the tip listed in the comments for newer php versions. it appears to have worked, except for a few things.

    On a few folders or files it tells me:

    [warn] UID of script "/var/www/web1/web/test.php" is smaller than min_uid


    Now I searched the forums and found a few posts talking about "chown" command.

    My question now is can I chown **ALL** folders and files in my entire /var/www/web1/web/ directory?



    From another post in the forum I read to use the "ls -la" command to check ownership. When doing this I found that test.php and also my webmail folder is owned by root too. Is there any reason any folder in web1 needs to be owned by root?

    In another thread Falko asks what the output of "ls -la /root/ispconfig" and that says its owned by root root on everything is this correct?

    And finally, in another thread it was talked about setting minimum uid and gid settings for safety. Where would I set this and what parameters would I set?


    Thanks as always,

    Scott
     
  5. falko

    falko Super Moderator Howtoforge Staff

    Use the -R switch. Take a look at
    Code:
    man chown 


    No.

    Yes, that's correct.
     
  6. scottrill2

    scottrill2 Member

    Sweet

    Hey thank you very much Falko,

    One other semi related question/topic.


    While I was searching various threads here on HowToForge about suPHP info I saw several posts where it was mentioned that file permissions set with "777" are insecure and that 755 or 775 would be much more secure.

    I know for my webmail install I had to set a few folders at 777 through filezilla and what not. Is this risky?


    And with my install of suPHP isnt it going to force the files and folders to ONLY be executed/written by owner or group?

    Should I do a "chmod -R" command like you had me do with the chown -R command?


    Thanks,

    Scott
     

Share This Page