Re-adding the suphp list to the CC list; please retain this if you could, that way others know what recommendations have been given already (thus not repeating effort), and it also provides a way for others with the same problem to find a solution (searching mailing lists).
On Fri, Aug 24, 2007 at 12:59:06PM -0700, Matthew W Marcus wrote: > Yeah, I know the issue doesn't revolve around the SSL certificate. I just > mentioned that because it's the main problem I'm having in particular. > So I personally didn't install suPHP myself. The provider who hosts my VPS > installed it, and I'm not sure what options they used to configure it. I > understand the reason I'm getting the error messages. I just don't know how > to fix it. You should be discussing the problem with your hosting provider then, or at least be keeping them in the loop. It's their job to fix it, since you didn't configure/install suphp yourself. I don't mean this to dissuade your efforts, but your hosting provider is who's responsible for making sure things work how you need them to work. It's possible you asked for this feature and they spent a total of 5 minutes getting it "up and working" by running ./configure && make install. I don't know. > Would reinstalling suPHP w/ the --with-setid-mode=owner option fix the issue? > If not, what would? Also, is there a way with suPHP to allow a particular > user access to any file regardless of who owns it? It depends on your Apache configuration. I haven't seen it, so I can't say *for sure* that it would fix the problem. The details you've given are good but also somewhat vague; for example, who is uid 32010 and who is uid 32015? Do they both have the ability to read index.php (on the UNIX machine itself, not referring to the web portion of things) via a shared group or something? I need some more details. I have an idea of what the issue is, but I'm not going to guess, because there's 8 or 9 different configuration setups which could cause what you're seeing. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | > Jeremy, > > Thanks for your reply. > > > Thx for your help bro. > > - Matthew > > Jeremy Chadwick <[EMAIL PROTECTED]> wrote: On Fri, Aug 24, 2007 at 10:37:22AM > -0700, Matthew W Marcus wrote: > > I recently installed suPHP onto my VPS. I've had a few issues after doing > > this, one dealing w/ the shared SSL certificate used by my clients. > > > > Before installing suPHP, the user's could access secure pages by visiting a > > URL such as the following: > > > > https://SERVER_NAME/~USERNAME/FILE > > > > However, that is no longer working. This process now generates a 500 - > > Server Configuration Error message. Upon further research, I discovered > > that this is happening because the user ID attempting to access the file is > > not the same as the owner of that file. Messages such as the following are > > being generated in the suPHP.log file: > > > > [DATE] [warn] Mismatch between target UID (32010) and UID (32015) of file > > "/home//public_html/index.php" > > > > So, my question is how can I allow my clients to continue to use a shared > > SSL certificate? Is there a way to allow a particular user full access to > > all files? > > First, this issue doesn't have anything to do with SSL certificates; I'm > not sure why you think that. It may have to do with VirtualHosts, > however. But HTTP vs. HTTPS plays no role. > > The error you're getting means that the index.php file is owned by UID > 32015, but your suphp configuration in Apache believes the only UID > permitted to run PHP scripts is 32010. > > How did you configure suphp? Did you use --with-setid-mode=owner, > force, or paranoid? It sounds as if you configured it using > --with-setid-mode=paranoid. > > It sounds as if you don't want to use paranoid or force. It sounds as > if you want --with-setid-mode=owner, where PHP scripts run as the > uid/gid of the PHP file itself. If you use owner mode, you should > remove all suPHP_UserGroup directives from your Apache configuration, > because they won't be valid. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
