suPHP and suEXEC broken by default in Ubuntu 10.04 Perfect Server

[SOLVED] suPHP and suEXEC broken by default in Ubuntu 10.04 Perfect Server

I followed the Ubuntu 10.04 perfect server guide and installed ISPConfig 3.
I want to install Joomla so I created a website with suEXEC + PHP Fast-CGI and another site with suPHP.

Neither suEXEC + PHP Fast-CGI nor suPHP work correctly by default.
If I upload a file via FTP it will be owned by the correct owner (like web1) but any file created by Joomla will be owned by www-data.

If you try to install Joomla you will see an error at the beginning saying that configuration.php is not writable.
If you change the permissions of /web from the default value of 710 to 777, Joomla can write to configuration.php but the owner will be www-data.
You can now continue installing Joomla but you cannnot install anything from within Joomla since all the files it tries to create are owned by www-data.

The first thing you notice when you connect to your site's account with ssh or FTP is that some of the default permissions are wrong.

in /var/www/clients/client1/web1 all files and directories are owned by web1 (group client1)
/.cache is 755
/cgi-bin is 751
/log is 777
/tmp is 777
/web is 710
.bash_history is 755

in /web the /stats directory has 755 but it is owned by root.
The are other files from /web are owned by web1 client1 but their permissions are 754 not 644

So, there is absolutely no difference between a site with suPHP and another one with suEXEC + Fast-CGI. They both have the same default permissions and any file created by Joomla is owned by www-data.

Any suggestion on how to fix this?
The permissions are OK in Ubuntu 8.04 with ISPConfig 3 and suPHP.

 

Thanks for the quick answer.
I created a new site with suexec and fastcgi.
There are no jobs in the queue.

Code:

<Directory /var/www/test.zz>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/test.zz/web
  
    ServerName test.zz
    ServerAlias www.test.zz
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/test.zz/error.log
	
    <Directory /var/www/test.zz/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web4/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # suexec enabled
    SuexecUserGroup web4 client1
    # php as fast-cgi enabled
    <IfModule mod_fcgid.c>
      # SocketPath /tmp/fcgid_sock/
      IdleTimeout 3600
      ProcessLifeTime 7200
      # MaxProcessCount 1000
      DefaultMinClassProcessCount 3
      DefaultMaxClassProcessCount 100
      IPCConnectTimeout 8
      IPCCommTimeout 360
      BusyTimeout 300
    </IfModule>
    <Directory /var/www/test.zz/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
	<Directory /var/www/clients/client1/web4/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web4/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web4 client1
    </IfModule>


</VirtualHost>

 

What result are you expecting when using suexec?

The default setup via ISPConfig is to restrict use of CGI to the cgi-bin.

To enable cgi in other directories you'll also have to set the options to +ExecCGI for whatever directory.

Suexec enforces the requirements
1/ the script must be owned by the user/group specified by the
SuexecUserGroup directive and have 755 permissions
2/ the containing directory must also be owned by the same user/group.

 

Well, I expect suEXEC + Fast-CGI or suPHP to work correctly.
Because none of them works as expected, any new file Joomla tries to create is owned by www-data.

In Ubuntu 8.04 + ISPConfig 3 + manual installation of suPHP there are no problems with permissions in Joomla.

 

The default settings make it impossible to run a Joomla site.

 

Yes, in the browser. My ispconfig installation is in a VM, on my computer. It's not accessible from the internet.
I added www.test.zz and the hostname and IP address of the VM to my /etc/hosts.

Before posting here, I installed the Ubuntu 10.04 Perfect Server + ISPConfig 3 on 2 different VMs. It's the same problem on both of them.

I attached an .mht with the PHP info. It should open just fine in Firefox or Opera.

 

Any suggestions?

 

Hi!

I've got the same problem. I installed ISPConfig using the "Perfect Server" Howto (BTW: Great Howto!). I started with page 3 because the system is pre-installed (using a JiffyBox - virtual cloudserver on demand - www.jiffybox.de).

OS is Ubuntu 10.04 LTS x64. Kernel 2.6.33.2-x86_64-jb1. The system is, as I wrote above, a virtual server using Xen.

PHP is always running as mod_php, no matter if I select "FastCGI" or "CGI" or anything else. phpinfo() always tells "Apache 2.0 Handler"

The vhost file seems to be ok for me:

Code:

      DocumentRoot /var/www/blog.***.de/web
  
    ServerName blog.***.de
    ServerAdmin webmaster@blog.***.de

    ErrorLog /var/log/ispconfig/httpd/blog.***.de/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html
	
    <Directory /var/www/blog.***.de/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        
        # ssi enabled
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
        Options +Includes
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
        
        # ssi enabled
        AddType text/html .shtml
        AddOutputFilter INCLUDES .shtml
        Options +Includes
    </Directory>

    # cgi enabled
	<Directory /var/www/clients/client1/web1/cgi-bin>
      Order allow,deny
      Allow from all
    </Directory>
    ScriptAlias  /cgi-bin/ /var/www/clients/client1/web1/cgi-bin/
    AddHandler cgi-script .cgi
    AddHandler cgi-script .pl
    # suexec enabled
    SuexecUserGroup web1 client1
    # php as fast-cgi enabled
    <IfModule mod_fcgid.c>
      # SocketPath /tmp/fcgid_sock/
      IdleTimeout 3600
      ProcessLifeTime 7200
      # MaxProcessCount 1000
      DefaultMinClassProcessCount 3
      DefaultMaxClassProcessCount 100
      IPCConnectTimeout 8
      IPCCommTimeout 360
      BusyTimeout 300
    </IfModule>
    <Directory /var/www/blog.***.de/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
	<Directory /var/www/clients/client1/web1/web>
        AddHandler fcgid-script .php .php3 .php4 .php5
        FCGIWrapper /var/www/php-fcgi-scripts/web1/.php-fcgi-starter .php
        Options +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
      AssignUserId web1 client1
    </IfModule>

Can you please help me solving this?

Thank you!
Andreas

 

How do you access your phpinfo(); page? Do you use blog.***.de, an IP address or another address?

 

Hi Falko!

I access the phpinfo() via blog.***.de.

 

Is there an .htaccess file in /var/www/clients/client1/web1/web? If so, what's in it?

 

Hi Falko,

there is a .htaccess, but this is only the default Wordpress SEO RewriteRule.

 

That's my problem also. Even if I create a client and only allow him to select FastCGI for the websites, phpinfo tells that it uses Apache 2.0 Handler.

@falko
an empty .htaccess is created by default in each site. I always deleted it and of course, it makes no difference.
I installed ISPConfig 3.0.2.1 for the third time, same problem.

What files do we need to edit to fix this?

 

Can you try to disable PHP globally, as shown in chapter 17.1 on http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-2-p6 ?

 

Hi Falko,

disabling PHP globally works, thank you!
Now I can switch between the PHP modes in ISPConfig

Maybe you can add this tip to the ISPC3 Howto?

 

Thank you Falko, it worked.

 

globally disabling php does not do it for me for suphp

Hello,
ubuntu 10.04, ispconfig 3 multiserver installation...

I have two other ispconfig servers running on ubuntu 9.10 without problems.
PHP is configured via suPHP, but on the 10.04 it is running with mod_php.

I have tried to disable php globally in mime.types and php5.conf like described in the howto for ispconfig 2, Chapter 17.1.

the vhost config looks like this:

Code:

...
 <Directory /var/www/clients/client3/web31/web>
        suPHP_Engine on
        # suPHP_UserGroup web31 client3
        AddHandler x-httpd-suphp .php .php3 .php4 .php5
        suPHP_AddHandler x-httpd-suphp
</Directory>
...

all I get is an error 500:
SecurityException in Application.cpp:511: Unknown Interpreter: php
Premature end of script headers: index.php

Edit: fastcgi+suexec is working, suPHP is not!

any Idea?
Thanks,
Björn