Hi guys,
normally I'm not one to cry out for help. But I'm having an issue that's
driving me crazy. I've been searching the web and the suPHP list archives
for almost a week with no resolution. Staring at the config and log files
isn't helping either.
Sorry for the lengthy message. But I figure more info means less Q&A and
less of your time. Any help will be greatly appreciated.
A while back I installed a fresh Debian Lenny system with Apache2/PHP5 (CGI)
and suPHP on my EeePC. That system is working perfectly with user-specific
php.ini files. I documented the steps I needed to take to get it working the
way I want it to.
Then I created a new server (virtual with Xen 5) for hosting purposes. I
installed the same Debian Lenny with the same packages and configuration as
far as I'm aware of. suPHP works just fine, I see info messages in it's log
file when I open the test website in my browser. The custom .ini file I
saved to /etc/php5/conf.d/default.ini with general setting for all users is
applied as expected.
The problem is that the php.ini file in the directory specified with
suPHP_ConfigPath is completely ignored... When I check with "ls -alu" the
file access time doesn't change when I open the test website.
I've tried to copy the user-specific php.ini file to /tmp, give it 777
permissions and change suPHP_ConfigPath accordingly. I tried changing
ownership of this php.ini to the user running the PHP script. Also tried to
set suPHP_ConfigPath in different Apache config files. But nothing seems to
matter.
I know /etc/apache2/mods-available/suphp.conf is used since turning off the
suPHP_Engine there results in the browser downloading PHP files as plain
tekst with source code. I know I have the correct VirtualHost, the files are
served from that directory. Changing suPHP_ConfigPath to xxxsuPHP_ConfigPath
will prevent Apache from starting up as expected, so the suPHP_ConfigPath
property *is* recognized by Apache.
The only difference in installation between the two computers is that the
EeePC had libapache2-mod-php5 and php5 installed first, which I removed with
"dpkg --purge" before installing suPHP.
Packages:
apache2-mpm-prefork 2.2.9-10+lenny1
libapache2-mod-suphp 0.6.2-3
php5-common 5.2.6.dfsg.1-0.1~lenny1
php5-cgi 5.2.6.dfsg.1-0.1~lenny1
test.php:
<?php
echo TESTZZZ;
echo exec('cat /etc/passwd');
var_dump(ini_get('upload_tmp_dir'));
?>
Returns:
Notice: Use of undefined constant TESTZZZ - assumed 'TESTZZZ' in
/home/zzz.zzz/web/abc/down.php on line 2
TESTZZZ
Warning: exec() has been disabled for security reasons in
/home/zzz.zzz/web/abc/down.php on line 3
bool(false)
/etc/apache2/mods-available/suphp.conf:
<IfModule mod_suphp.c>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
/etc/apache2/sites-available/zzz.zzz:
<VirtualHost 192.168.3.84>
ServerName zzz.zzz
ServerAlias www.zzz.zzz
DocumentRoot /home/zzz.zzz/web/
TransferLog /home/zzz.zzz/logs/web.log
suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
</VirtualHost>
<VirtualHost 192.168.3.84>
ServerName beta.zzz.zzz
DocumentRoot /home/zzz.zzz/beta/
TransferLog /home/zzz.zzz/logs/beta.log
suPHP_ConfigPath /home/000-suphp/zzz.zzz/beta
</VirtualHost>
/etc/suphp/suphp.conf:
[global]
;Path to logfile
logfile=/var/log/suphp/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=www-data
;Path all scripts have to be in
docroot=/home
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=33
[handlers]
;Handler for php-scripts
application/x-httpd-php=php:/usr/bin/php-cgi
;Handler for CGI-scripts
x-suphp-cgi=execute:!self
/etc/php5/conf.d/default.ini:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Default customized settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Prevent usage of unsecure functions
disable_functions =
dl,set_time_limit,exec,shell_exec,system,passthru,popen,pclose,proc_open,pro
c_close,proc_get_status,proc_terminate,proc_nice,posix_kill,posix_mkfifo,pos
ix_setpgid,posix_setsid,posix_setuid,diskfreespace,disk_free_space,disk_tota
l_space
; Allow users to upload bigger files
upload_max_filesize = 10M
; Don't set old (and deprecated) $HTTP_*_VARS for better performance
register_long_arrays = Off
; Set output buffer for better performance
output_buffering = 4096
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; Don't automatically add slashes to all input data, instead use
addslashes() for data you are saving to a database
magic_quotes_gpc = Off
; Don't hash variables into $_ENV, use getenv() instead
variables_order = "GPCS"
; Log all errors for more stable, predicatable and secure code
error_reporting = E_ALL
; Cleaner code
allow_call_time_pass_reference = Off
; Don't allow <? ?> style tags for better portability
short_open_tag = Off
/home/000-suphp/zzz.zzz/web/php.ini
; Lock users in their own home directory
open_basedir = /home/zzz.zzz/
doc_root = /home/zzz.zzz/web/
; Temporary files
upload_tmp_dir = /home/zzz.zzz/tmp
session.save_path = /home/zzz.zzz/tmp
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; prevent displaying errors in the client browser
display_errors = Off
log_errors = On
error_log = /home/zzz.zzz/logs/php.log
_______________________________________________
suPHP mailing list
suPHP@lists.marsching.biz
http://lists.marsching.com/mailman/listinfo/suphp
