William
2009-01-28 13:19:14 UTC
Hi guys,
normally I'm not one to cry out for help. But I'm having an issue that's
driving me crazy. I've been searching the web and the suPHP list archives
for almost a week with no resolution. Staring at the config and log files
isn't helping either.
Sorry for the lengthy message. But I figure more info means less Q&A and
less of your time. Any help will be greatly appreciated.
A while back I installed a fresh Debian Lenny system with Apache2/PHP5 (CGI)
and suPHP on my EeePC. That system is working perfectly with user-specific
php.ini files. I documented the steps I needed to take to get it working the
way I want it to.
Then I created a new server (virtual with Xen 5) for hosting purposes. I
installed the same Debian Lenny with the same packages and configuration as
far as I'm aware of. suPHP works just fine, I see info messages in it's log
file when I open the test website in my browser. The custom .ini file I
saved to /etc/php5/conf.d/default.ini with general setting for all users is
applied as expected.
The problem is that the php.ini file in the directory specified with
suPHP_ConfigPath is completely ignored... When I check with "ls -alu" the
file access time doesn't change when I open the test website.
I've tried to copy the user-specific php.ini file to /tmp, give it 777
permissions and change suPHP_ConfigPath accordingly. I tried changing
ownership of this php.ini to the user running the PHP script. Also tried to
set suPHP_ConfigPath in different Apache config files. But nothing seems to
matter.
/etc/apache2/mods-available/suphp.conf is used since turning off the
suPHP_Engine there results in the browser downloading PHP files as plain
tekst with source code. I know I have the correct VirtualHost, the files are
served from that directory. Changing suPHP_ConfigPath to xxxsuPHP_ConfigPath
will prevent Apache from starting up as expected, so the suPHP_ConfigPath
property *is* recognized by Apache.
I just don't get why it works on one computer and not the other. Maybe I'm
missing something really small and simple.
I've been looking at phpinfo() output. Both computers have:
Environment
PHPRC /home/000-suphp/zzz.zzz/web
PHP Variables
_SERVER["PHPRC"] /home/000-suphp/zzz.zzz/web
The server that's ignoring the config file shows:
Loaded Configuration File /etc/php5/cgi/php.ini
Whereas the EeePC shows:
Loaded Configuration File /home/000-suphp/zzz.zzz/web/php.ini
When I use PHP-CGI with -c switch from the console I DO see the correct path
on the server:
# php5-cgi -c /home/000-suphp/zzz.zzz/web \
class="v">/home/000-suphp/zzz.zzz/web/php.ini </td></tr>
This also works:
# PHPRC=/home/000-suphp/zzz.zzz/web
# export PHPRC
# php5-cgi -f /home/zzz.zzz/web/phpinfo.php |grep Loaded
<tr><td class="e">Loaded Configuration File </td><td
class="v">/home/000-suphp/zzz.zzz/web/php.ini </td></tr>
So with PHPRC set why won't PHP load the correct configuration file when I
request a script through Apache/suPHP?
Installed packages:
apache2-mpm-prefork 2.2.9-10+lenny2
libapache2-mod-suphp 0.6.2-3
php5-common 5.2.6.dfsg.1-0.1~lenny1
php5-cgi 5.2.6.dfsg.1-0.1~lenny1
test.php:
<?php
echo TESTZZZ;
echo exec('cat /etc/passwd');
var_dump(ini_get('upload_tmp_dir'));
?>
Returns:
Notice: Use of undefined constant TESTZZZ - assumed 'TESTZZZ' in
/home/zzz.zzz/web/abc/down.php on line 2 TESTZZZ
Warning: exec() has been disabled for security reasons in
/home/zzz.zzz/web/abc/down.php on line 3
bool(false)
/etc/apache2/mods-available/suphp.conf:
<IfModule mod_suphp.c>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
/etc/apache2/sites-available/zzz.zzz:
<VirtualHost 192.168.3.84>
ServerName zzz.zzz
ServerAlias www.zzz.zzz
DocumentRoot /home/zzz.zzz/web/
TransferLog /home/zzz.zzz/logs/web.log
suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
</VirtualHost>
<VirtualHost 192.168.3.84>
ServerName beta.zzz.zzz
DocumentRoot /home/zzz.zzz/beta/
TransferLog /home/zzz.zzz/logs/beta.log
suPHP_ConfigPath /home/000-suphp/zzz.zzz/beta
</VirtualHost>
/etc/suphp/suphp.conf:
[global]
;Path to logfile
logfile=/var/log/suphp/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=www-data
;Path all scripts have to be in
docroot=/home
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=33
[handlers]
;Handler for php-scripts
application/x-httpd-php=php:/usr/bin/php-cgi
;Handler for CGI-scripts
x-suphp-cgi=execute:!self
/etc/php5/conf.d/default.ini:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Default customized settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Prevent usage of unsecure functions
disable_functions =
dl,set_time_limit,exec,shell_exec,system,passthru,popen,pclose,proc_open,proc_close,proc_get_status,proc_terminate,proc_nice,posix_kill,posix_mkfifo,pos
ix_setpgid,posix_setsid,posix_setuid,diskfreespace,disk_free_space,disk_total_space
; Allow users to upload bigger files
upload_max_filesize = 10M
; Don't set old (and deprecated) $HTTP_*_VARS for better performance
register_long_arrays = Off
; Set output buffer for better performance
output_buffering = 4096
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; Don't automatically add slashes to all input data, instead use
addslashes() for data you are saving to a database
magic_quotes_gpc = Off
; Don't hash variables into $_ENV, use getenv() instead
variables_order = "GPCS"
; Log all errors for more stable, predicatable and secure code
error_reporting = E_ALL
; Cleaner code
allow_call_time_pass_reference = Off
; Don't allow <? ?> style tags for better portability
short_open_tag = Off
/home/000-suphp/zzz.zzz/web/php.ini
; Lock users in their own home directory
open_basedir = /home/zzz.zzz/
doc_root = /home/zzz.zzz/web/
; Temporary files
upload_tmp_dir = /home/zzz.zzz/tmp
session.save_path = /home/zzz.zzz/tmp
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; prevent displaying errors in the client browser
display_errors = Off
log_errors = On
error_log = /home/zzz.zzz/logs/php.log
normally I'm not one to cry out for help. But I'm having an issue that's
driving me crazy. I've been searching the web and the suPHP list archives
for almost a week with no resolution. Staring at the config and log files
isn't helping either.
Sorry for the lengthy message. But I figure more info means less Q&A and
less of your time. Any help will be greatly appreciated.
A while back I installed a fresh Debian Lenny system with Apache2/PHP5 (CGI)
and suPHP on my EeePC. That system is working perfectly with user-specific
php.ini files. I documented the steps I needed to take to get it working the
way I want it to.
Then I created a new server (virtual with Xen 5) for hosting purposes. I
installed the same Debian Lenny with the same packages and configuration as
far as I'm aware of. suPHP works just fine, I see info messages in it's log
file when I open the test website in my browser. The custom .ini file I
saved to /etc/php5/conf.d/default.ini with general setting for all users is
applied as expected.
The problem is that the php.ini file in the directory specified with
suPHP_ConfigPath is completely ignored... When I check with "ls -alu" the
file access time doesn't change when I open the test website.
I've tried to copy the user-specific php.ini file to /tmp, give it 777
permissions and change suPHP_ConfigPath accordingly. I tried changing
ownership of this php.ini to the user running the PHP script. Also tried to
set suPHP_ConfigPath in different Apache config files. But nothing seems to
matter.
/etc/apache2/mods-available/suphp.conf is used since turning off the
suPHP_Engine there results in the browser downloading PHP files as plain
tekst with source code. I know I have the correct VirtualHost, the files are
served from that directory. Changing suPHP_ConfigPath to xxxsuPHP_ConfigPath
will prevent Apache from starting up as expected, so the suPHP_ConfigPath
property *is* recognized by Apache.
I just don't get why it works on one computer and not the other. Maybe I'm
missing something really small and simple.
I've been looking at phpinfo() output. Both computers have:
Environment
PHPRC /home/000-suphp/zzz.zzz/web
PHP Variables
_SERVER["PHPRC"] /home/000-suphp/zzz.zzz/web
The server that's ignoring the config file shows:
Loaded Configuration File /etc/php5/cgi/php.ini
Whereas the EeePC shows:
Loaded Configuration File /home/000-suphp/zzz.zzz/web/php.ini
When I use PHP-CGI with -c switch from the console I DO see the correct path
on the server:
# php5-cgi -c /home/000-suphp/zzz.zzz/web \
-f /home/zzz.zzz/web/index.php |grep Loaded
<tr><td class="e">Loaded Configuration File </td><tdclass="v">/home/000-suphp/zzz.zzz/web/php.ini </td></tr>
This also works:
# PHPRC=/home/000-suphp/zzz.zzz/web
# export PHPRC
# php5-cgi -f /home/zzz.zzz/web/phpinfo.php |grep Loaded
<tr><td class="e">Loaded Configuration File </td><td
class="v">/home/000-suphp/zzz.zzz/web/php.ini </td></tr>
So with PHPRC set why won't PHP load the correct configuration file when I
request a script through Apache/suPHP?
Installed packages:
apache2-mpm-prefork 2.2.9-10+lenny2
libapache2-mod-suphp 0.6.2-3
php5-common 5.2.6.dfsg.1-0.1~lenny1
php5-cgi 5.2.6.dfsg.1-0.1~lenny1
test.php:
<?php
echo TESTZZZ;
echo exec('cat /etc/passwd');
var_dump(ini_get('upload_tmp_dir'));
?>
Returns:
Notice: Use of undefined constant TESTZZZ - assumed 'TESTZZZ' in
/home/zzz.zzz/web/abc/down.php on line 2 TESTZZZ
Warning: exec() has been disabled for security reasons in
/home/zzz.zzz/web/abc/down.php on line 3
bool(false)
/etc/apache2/mods-available/suphp.conf:
<IfModule mod_suphp.c>
AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
<Directory />
suPHP_Engine on
</Directory>
# By default, disable suPHP for debian packaged web applications as files
# are owned by root and cannot be executed by suPHP because of min_uid.
<Directory /usr/share>
suPHP_Engine off
</Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>
/etc/apache2/sites-available/zzz.zzz:
<VirtualHost 192.168.3.84>
ServerName zzz.zzz
ServerAlias www.zzz.zzz
DocumentRoot /home/zzz.zzz/web/
TransferLog /home/zzz.zzz/logs/web.log
suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
</VirtualHost>
<VirtualHost 192.168.3.84>
ServerName beta.zzz.zzz
DocumentRoot /home/zzz.zzz/beta/
TransferLog /home/zzz.zzz/logs/beta.log
suPHP_ConfigPath /home/000-suphp/zzz.zzz/beta
</VirtualHost>
/etc/suphp/suphp.conf:
[global]
;Path to logfile
logfile=/var/log/suphp/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=www-data
;Path all scripts have to be in
docroot=/home
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=33
[handlers]
;Handler for php-scripts
application/x-httpd-php=php:/usr/bin/php-cgi
;Handler for CGI-scripts
x-suphp-cgi=execute:!self
/etc/php5/conf.d/default.ini:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Default customized settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Prevent usage of unsecure functions
disable_functions =
dl,set_time_limit,exec,shell_exec,system,passthru,popen,pclose,proc_open,proc_close,proc_get_status,proc_terminate,proc_nice,posix_kill,posix_mkfifo,pos
ix_setpgid,posix_setsid,posix_setuid,diskfreespace,disk_free_space,disk_total_space
; Allow users to upload bigger files
upload_max_filesize = 10M
; Don't set old (and deprecated) $HTTP_*_VARS for better performance
register_long_arrays = Off
; Set output buffer for better performance
output_buffering = 4096
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; Don't automatically add slashes to all input data, instead use
addslashes() for data you are saving to a database
magic_quotes_gpc = Off
; Don't hash variables into $_ENV, use getenv() instead
variables_order = "GPCS"
; Log all errors for more stable, predicatable and secure code
error_reporting = E_ALL
; Cleaner code
allow_call_time_pass_reference = Off
; Don't allow <? ?> style tags for better portability
short_open_tag = Off
/home/000-suphp/zzz.zzz/web/php.ini
; Lock users in their own home directory
open_basedir = /home/zzz.zzz/
doc_root = /home/zzz.zzz/web/
; Temporary files
upload_tmp_dir = /home/zzz.zzz/tmp
session.save_path = /home/zzz.zzz/tmp
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; prevent displaying errors in the client browser
display_errors = Off
log_errors = On
error_log = /home/zzz.zzz/logs/php.log