I found this page: http://www.spareknet.org/howtos/suphp.php
Looke at #4. There is a patch on their called suphp-0.6.1-userdir.patch. It does exactly what I need to do. So, I'm wondering if it will work for suphp version 0.6.2. I looked at the patch, but it's a bit beyond my suphp understanding. Can anyone else take a peek and see if it would work for version 0.6.2 on a system using VirtualHosts. Thx in advance. - Matthew [EMAIL PROTECTED] wrote: Hello If you have access to your apache'config files you can disable mod_userdir and perhaps take a look to mod_rewrite to avoid ip access rather than fqdn. I suppose you use virtual hosts in apache (as i do) and i can never access to another website with http://www.user1.site/~another-user ... I can send you some of my config files if it may help. Patrick ----- Original Message ----- From: "Matthew W Marcus" To: "Jeremy Chadwick" Cc: Sent: Friday, August 24, 2007 10:53 PM Subject: Re: [suPHP] suPHP and Shared SSL Certificate > Hey Jeremy, > > Yeah, I've asked my Host Provider several times (including several help tickets) to fix the problem. They are pretty much hopeless. The give me useless answers and then end up saying "It can't be fixed." Argh. Frustrating as hell, but I'm at their mercy. Not only has suPHP caused this issue, but it broke a few of my client's Menalto Gallery setups. Ugh. > > To answer your question, the UIDs pertain to the user accessing the file and the owner of that file. Let's use an example: > > Let's say I have a user on my VPS called "jimmy" with a UID of 34 and his website is http://www.jimmylove.com. Let's say I have another user on my VPS called "sally" with a UID of 69 and her website is http://www.prettysally.com. > > If we go to a browser and type in http://www.jimmylove.com/~sally, then here is what happens: > > suPHP attempts to have the user "jimmy" access and open sally's website index file. This happens because we are using jimmy's website to access sally's website. Sounds strange, but I hope I'm making sense (a little hungover today). > > This would generate an error in the suPHP log of: > > [DATE] [warn] Mismatch between target UID (34) and UID (69) of file "/home/sally/public_html/index.php" > > If we type in http://IP_ADDRESS/~sally, we have the situation of the user "nobody" (UID = 99) attempting to access sally's index file. This is also generating a 500 error and an entry in the suPHP log of: > > [DATE] [warn] Mismatch between target UID (99) and UID (69) of file "/home/sally/public_html/index.php" > > I hope that explains what's happening. As far as each user, they are all a part of their own group with the same name as their username. Using our example above, sally would be in the group "sally" and jimmy would be in the group "jimmy" etc etc > > Cheers! > > - Matthew > > Jeremy Chadwick wrote: Re-adding the suphp list to the CC list; please retain this if you > could, that way others know what recommendations have been given already > (thus not repeating effort), and it also provides a way for others with > the same problem to find a solution (searching mailing lists). > > On Fri, Aug 24, 2007 at 12:59:06PM -0700, Matthew W Marcus wrote: > > Yeah, I know the issue doesn't revolve around the SSL certificate. I just mentioned that because it's the main problem I'm having in particular. > > So I personally didn't install suPHP myself. The provider who hosts my VPS installed it, and I'm not sure what options they used to configure it. I understand the reason I'm getting the error messages. I just don't know how to fix it. > > You should be discussing the problem with your hosting provider then, or > at least be keeping them in the loop. It's their job to fix it, since > you didn't configure/install suphp yourself. I don't mean this to > dissuade your efforts, but your hosting provider is who's responsible > for making sure things work how you need them to work. It's possible > you asked for this feature and they spent a total of 5 minutes getting > it "up and working" by running ./configure && make install. I don't > know. > > > Would reinstalling suPHP w/ the --with-setid-mode=owner option fix the issue? If not, what would? Also, is there a way with suPHP to allow a particular user access to any file regardless of who owns it? > > It depends on your Apache configuration. I haven't seen it, so I can't > say *for sure* that it would fix the problem. The details you've given > are good but also somewhat vague; for example, who is uid 32010 and who > is uid 32015? Do they both have the ability to read index.php (on > the UNIX machine itself, not referring to the web portion of things) > via a shared group or something? > > I need some more details. I have an idea of what the issue is, but I'm > not going to guess, because there's 8 or 9 different configuration > setups which could cause what you're seeing. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > > Jeremy, > > > > Thanks for your reply. > > > > > > Thx for your help bro. > > > > - Matthew > > > > Jeremy Chadwick wrote: On Fri, Aug 24, 2007 at 10:37:22AM -0700, Matthew W Marcus wrote: > > > I recently installed suPHP onto my VPS. I've had a few issues after doing this, one dealing w/ the shared SSL certificate used by my clients. > > > > > > Before installing suPHP, the user's could access secure pages by visiting a URL such as the following: > > > > > > https://SERVER_NAME/~USERNAME/FILE > > > > > > However, that is no longer working. This process now generates a 500 - Server Configuration Error message. Upon further research, I discovered that this is happening because the user ID attempting to access the file is not the same as the owner of that file. Messages such as the following are being generated in the suPHP.log file: > > > > > > [DATE] [warn] Mismatch between target UID (32010) and UID (32015) of file "/home//public_html/index.php" > > > > > > So, my question is how can I allow my clients to continue to use a shared SSL certificate? Is there a way to allow a particular user full access to all files? > > > > First, this issue doesn't have anything to do with SSL certificates; I'm > > not sure why you think that. It may have to do with VirtualHosts, > > however. But HTTP vs. HTTPS plays no role. > > > > The error you're getting means that the index.php file is owned by UID > > 32015, but your suphp configuration in Apache believes the only UID > > permitted to run PHP scripts is 32010. > > > > How did you configure suphp? Did you use --with-setid-mode=owner, > > force, or paranoid? It sounds as if you configured it using > > --with-setid-mode=paranoid. > > > > It sounds as if you don't want to use paranoid or force. It sounds as > > if you want --with-setid-mode=owner, where PHP scripts run as the > > uid/gid of the PHP file itself. If you use owner mode, you should > > remove all suPHP_UserGroup directives from your Apache configuration, > > because they won't be valid. > > > > -- > > | Jeremy Chadwick jdc at parodius.com | > > | Parodius Networking http://www.parodius.com/ | > > | UNIX Systems Administrator Mountain View, CA, USA | > > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > > > ---------------------------------------------------------------------------- ---- > _______________________________________________ > suPHP mailing list > suPHP@lists.marsching.biz > http://lists.marsching.biz/mailman/listinfo/suphp >
_______________________________________________ suPHP mailing list suPHP@lists.marsching.biz http://lists.marsching.biz/mailman/listinfo/suphp
