On Wed, 14 Nov 2007, Gregg Lain wrote: > Hello, > > I have suphp running ok on one server and for the a Xen with SELinux enabled > but permissive. Hope to eventually run enforcing.. > > I cannot get phpmyadmin and squirrelmail working in say /usr/share because of > open_base_dir and safemode, suphp.conf restrictions etc. Moved these > directories to a user (/home/webmail) but that was not working either...
Squirrelmail, everything I do is owned by "webmail", and I leave control of the files up to squirrelmail. Users cannot access their stuff through the filesystem. PHPMyAdmin, I don't see why you wouldn't do the same thing. Create a vhost, and let stuff run as that user. That said, those two scripts are kinda syrupy and your best bet might be to break out into a mod_php on a separate vhost for this (since, presumably, you'd want to ssl-ify your webmail login anyway). > Will anyone share what they have setup so that: > 1. squirrelmail and phpmyadmin are central installs for anyone on the server > to use - is this possible or is it per user? ..every user needing their own squirrelmail install would probably defeat the point. > 2. php.ini and suphp.conf configs that works with this I have it as a standard vhost...my config looks like this: <VirtualHost 65.125.228.134:80 72.9.101.134:80> #SSLDisable ServerAdmin [EMAIL PROTECTED] ServerName webmail.gushi.org ServerAlias weeble.gushi.org DocumentRoot /usr/local/squirrelmail/squirrelmail-1.4.6 #CustomLog /mnt/usr2/logs/apache/vhost.log vhost #CustomLog /home/gushi/logs/access_log common #ErrorLog /mnt/usr2/logs/gushi/error_log Options All #User webmail #Group webmail # above Don't matter, there are no cgis, and my suphp just runs stuff as the owner. <Directory /usr/local/squirrelmail/squirrelmail-1.4.6> Options ExecCGI DirectoryIndex index.php suPHP_AddHandler x-httpd-php #probably don't need this. </Directory> <IfModule mod_suphp.c> suPHP_ConfigPath /home/webmail # just to tweak upload times to allow larger files, etc. Nothing suphp_specific. I could put this anywhere. </IfModule> </VirtualHost> > 3. session stuff - /tmp does not seem so secure.. What is best with suphp? Why is /tmp insecure. As long as your umask is set right and the directory is "sticky", you're fine. That said, squirrelmail maintains its own session directory, I think. > 4. .htaccess entries so that .htm and html are addhandler'd/type'd are set by > the user and not in httpd.conf That would be "AllowOverride All", and is unrelated to suPHP. -Dan -- "If you aren't going to try something, then we might as well just be friends." "We can't have that now, can we?" -SK & Dan Mahoney, December 9, 1998 --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --------------------------- _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
