PHP safe mode on virtual hosts

Jack quiet_celt at yahoo.com
Tue Jun 14 11:56:44 CDT 2005 

--- "Kelsay, Brian - Kansas City, MO" wrote:

> Sounds to me like you should draw yourself a diagram
> of what each group
> of files has for permissions, what are all the users
> and groups involved
> and their effective permissions.  Quite possibly you
> may just need to
> add the virtual domain admin users to some group or
> add user apache to
> the virtual domain group so the apache process can
> write.  Do the php
> pages have to write anything to the virtual domain
> directories?  Even if
> it's just a log file, then that user is denied.  Do
> all of the virtual
> domains wrote to the database?  I didn't understand
> that part.  If so,
> then for one I wouldn't do it that way.  They should
> each have their own
> database.  Also, if you have this: rw-r--r--, then
> the group can't write
> only the specific user, but you may need to add the
> user you run the
> database as or the php process in somewhere.  Hell,
> I'm confused now. 
> 
> User      Group
> Apache    apache     web process and /var/www/html 
> Virtual1  virtual1   Domain1
> Virtual2  virtual2   Domain2
> Virtual3  virtual3   Domain3
> Database  database   database files
> 
...
> >
> >
> >Apache is running as apache. The file permissions
> are
> >rw-r--r-- on all the directories accessed by apache
> or
> >php. Each virtual webspace has it's own user and
> the
> >group is the same as the user. So website-1 has
> file
> >ownership of say admin1.admin1 and this is in the 
> >user and group as defined in the chrooted apache
> >httpd.conf. AS I said, I compared two sites and
> have
> >yet to see any configuration difference. In either
> the
> >httpd.conf or it's included files or in the php.ini
> >files.
> >
> >--- Jonathan Hutchins
> wrote:
> >
> >> On Monday 13 June 2005 01:22 pm, Jack wrote:
> >> 
> >> > ... one site
> >> > works if the files in the chrooted
> /var/www/html
> >> > directory are owned by a authorized admin for
> the
> >> > virtual host, the other works only if that
> >> directory
> >> > and the files are owned by root. 
> >> 

Ok, let me restate the problem again, along with an
update. There are 19 virtual websites. Only one of the
sites is using the pear library to access mysql. This
is the only difference. So all I really need to find
out is why would changing the owner of the pear tree
cause a db error? I can of course put debugging code
in this to trace what is going on, but doing so would
disable the website. I know I've got to be missing
something, probably something obvious.

Thanks,
BRian Densmore


		
__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html

More information about the Kclug mailing list