VHosts + basedir + PHP4 and PHP5 at same time

Discussion in 'HOWTO-Related Questions' started by Sid, Dec 11, 2006.

  1. Sid

    Sid New Member

    Hi everybody,

    i have php5 running as apache mod and php4 as cgi.
    in my apache config i set an open_basedir for each vhost.
    is it possible to set individual basdirs for php4-cgi too?

    I want to forbid users to acccess files of other users. all user dirs have the same uid and guid (FTP setup is pureftpd with virtual hosting)
     
    Sid, Dec 11, 2006
    #1
  2. falko

    falko Super Moderator Howtoforge Staff

    Can you post your vhost configuration here?
     
    falko, Dec 12, 2006
    #2
  3. Sid

    Sid New Member

    In httpd.conf:
    Code:
    ScriptAlias /php4-cgi "/usr/lib/cgi-bin/php4"

AddHandler php-script .php4
Action php-script /php4-cgi
    for .php4 files to be parsed with php4-cgi

    a sample of a vhost config:
    Code:
    <VirtualHost *:80>
        ServerAdmin [email protected]
        ServerAlias domain www.domain
        ServerName domain

        DocumentRoot /home/www/domain/htdocs/
                                                                                
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /home/www/domain/htdocs/>
                Options -Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                php_admin_value open_basedir /home/www/domain
        </Directory>

<Directory "/usr/lib/cgi-bin/php4">
php_admin_value open_basedir /home/www/domain
</Directory>

        ScriptAlias /cgi-bin/ /home/www/domain/cgi-bin/
        <Directory "/home/www/domain/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /home/www/domain/log/error.log
        LogLevel warn
        CustomLog /home/www/domain/log/access.log combined
        ServerSignature On
</VirtualHost>
    The part <Directory "/usr/lib/cgi-bin/php4">
    php_admin_value open_basedir /home/www/domain
    </Directory> was just added for testing but has no effect on php4-cgi...
     
    Sid, Dec 12, 2006
    #3
  4. falko

    falko Super Moderator Howtoforge Staff

    I'm not quite sure if open_basedir, safe mode, etc. work for PHP-CGI because it was developed primarily for mod_php. For the CGI versions you can use suExec and suPHP.
     
    falko, Dec 13, 2006
    #4
  5. Sid

    Sid New Member

    safe_mode is already working because it was defined in php.ini
    I got an idea... maybe it will work with parameters to php4-cgi...
     
    Sid, Dec 13, 2006
    #5
  6. Sid

    Sid New Member

    Now its working fine... the solution if someone is interested:

    create a direktory to store a php4 startscript for each user like /var/www/php4

    then create a bash script named domain or so in this directory containing
    Code:
    #!/bin/sh
unset SERVER_NAME
unset SERVER_SOFTWARE
unset GATEWAY_INTERFACE
unset REQUEST_METHOD 
/usr/lib/cgi-bin/php4 -d open_basedir=/home/www/domain '$*'
    then edit the vhost apache config and add:
    Code:
    ScriptAlias /php4-cgi "/var/www/php4/domain"
AddHandler php-script .php4
Action php-script /php4-cgi
    4 env variables are dropped but safemode with open_basedir is working :)
     
    Sid, Dec 14, 2006
    #6

Share This Page