Page 1 of 5 123 ... LastLast
Results 1 to 20 of 83

Thread: HOWTO: PHP 5 CLI to PHP 5 CGI + suPHP

  1. #1
    Join Date
    May 2007
    Posts
    24

    HOWTO: PHP 5 CLI to PHP 5 CGI + suPHP

    I recently decided to switch from using PHP CLI to CGI mode with suPHP. Here are the steps I followed to ensure everything was working. Let me know if you spot any flaws or know of a better way of doing this.

    NOTE: I am continually updating this post. It is safe to assume that all posts which mention improvements/security fixes have been included where relevant if they were posted before the last time this post was edited. (See bottom of this post for timestamp)


    Ok, lets get started..

    suPHP doesn't allow the use of php_flag and php_value in .htaccess files, so find users with these setup and deal with them (or their sites will throw a 500 error)
    Code:
    find /home/*/domains/*/public_html -name ".htaccess" | xargs grep "php_"
    Once you have dealt with those sites, suPHP should be good to go..

    Edit the custombuild options file to use PHP in CGI mode
    Code:
    cd /usr/local/directadmin/custombuild
    ./build update
    ./build clean
    nano options.conf
    and change
    Code:
    php5_cli=yes
    php5_cgi=no
    to
    Code:
    php5_cli=no
    php5_cgi=yes
    If you need a custom config of PHP or suPHP then you can find which config files to change using:
    Code:
    ./build used_configs
    Now we can build PHP
    Code:
    ./build php
    Ensure the new php.ini is correct.. the old one was located at /usr/local/lib/php.ini
    Code:
    nano /usr/local/etc/php5/cgi/php.ini
    It might be worth using custombuild to secure php some more. Using secure_php disables register_globals and adds some potentially vulnerable functions to the disable_functions list in the main php.ini file. These can be overridden on an individual basis per user if need be in their individual php.ini files
    Code:
    ./build secure_php
    We need to reset ownership of files as suPHP won't allow access to ones owned by apache (they way the CLI version of PHP works)
    Code:
    ls -l /home | grep '^d' | awk '{system("chown -R " $3 ":" $4 " /home/" $9 "/domains")}'
    Sessions will also have wrong ownership or now be corrupt so remove those
    Code:
    rm -f /tmp/sess_*
    Sites which have files or directories with global write access will also cause suPHP to throw an error, therefore change all files to 644 and directories to 755
    Code:
    find /home/*/domains/*/public_html -type f -exec chmod 0644 {} \; -print
    find /home/*/domains/*/private_html -type f -exec chmod 0644 {} \; -print
    find /home/*/domains/*/public_html -type d -exec chmod 0755 {} \; -print
    find /home/*/domains/*/private_html -type d -exec chmod 0755 {} \; -print
    perl and cgi scripts need execute permissions though
    Code:
    find /home/*/domains/*/public_html -name "*.pl" -exec chmod 0744 {} \; -print
    find /home/*/domains/*/private_html -name "*.pl" -exec chmod 0744 {} \; -print
    find /home/*/domains/*/public_html -name "*.cgi" -exec chmod 0744 {} \; -print
    find /home/*/domains/*/private_html -name "*.cgi" -exec chmod 0744 {} \; -print
    Make sure webmail and phpMyAdmin work by resetting their ownership and permissions also
    Code:
    chown -R webapps:webapps /var/www/html
    find /var/www/html -type f -exec chmod 0644 {} \; -print
    find /var/www/html -type d -exec chmod 0755 {} \; -print
    find /var/www/html -name "*.pl" -exec chmod 0744 {} \; -print
    find /var/www/html -name "*.cgi" -exec chmod 0744 {} \; -print
    Now lets enable open_basedir per user, and create user's own tmp directories to make the server more secure. (I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain)

    automate creation of per user php.ini for new users (make sure the chown refers to your DirectAdmin user)
    Code:
    touch /usr/local/directadmin/scripts/custom/user_create_post.sh
    chmod 755 /usr/local/directadmin/scripts/custom/user_create_post.sh
    chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_create_post.sh
    nano /usr/local/directadmin/scripts/custom/user_create_post.sh
    use the following shell script:
    Code:
    #!/bin/sh
    
    mkdir /usr/local/directadmin/data/users/$username/php/
    chown $username:$username /usr/local/directadmin/data/users/$username/php/
    touch /usr/local/directadmin/data/users/$username/php/php.ini
    echo "open_basedir = /home/$username/:/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini
    chown root:root /usr/local/directadmin/data/users/$username/php/php.ini
    chattr +i /usr/local/directadmin/data/users/$username/php/
    
    exit 0;
    note that in the above script you may need to alter the open_basedir setting to add allowed paths (e.g. PHP's pear modules /usr/local/php5/lib/php) depending on your server setup

    in order to remove the user completely we need to release the chattr +i on the php.ini config directory first (make sure the chown refers to your DirectAdmin user)
    Code:
    touch /usr/local/directadmin/scripts/custom/user_destroy_pre.sh 
    chmod 755 /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
    chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
    nano /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
    use the following shell script:
    Code:
    #!/bin/sh
    
    chattr -i /usr/local/directadmin/data/users/$username/php/
    
    exit 0;
    create php.ini files for current users
    Code:
    ls -l /home | grep '^d' | awk '{system("username="$3" /usr/local/directadmin/scripts/custom/user_create_post.sh")}'
    copy VirtualHost templates to custom directory so they are not overwritten when DirectAdmin updates
    Code:
    cp /usr/local/directadmin/data/templates/virtual_host2* /usr/local/directadmin/data/templates/custom/
    change VirtualHost containers to look for php.ini override
    Code:
    nano /usr/local/directadmin/data/templates/custom/virtual_host2.conf
    nano /usr/local/directadmin/data/templates/custom/virtual_host2_sub.conf
    nano /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf
    nano /usr/local/directadmin/data/templates/custom/virtual_host2_secure_sub.conf
    add this after the ErrorLog
    Code:
    |*if SUPHP="1"|
            SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/php/
    |*endif|
    rewrite httpd configs for current users
    Code:
    echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
    To make sure webmail and phpMyAdmin work, set open_basedir in the global php.ini which will apply to webapps.
    Code:
    nano /usr/local/etc/php5/cgi/php.ini
    find the open_basedir line and change to:
    Code:
    open_basedir = /var/www/html/:/tmp/
    Then change the httpd.conf file to make sure the php.ini file isn't overridden by user's specific php.ini files:
    Code:
    nano /etc/httpd/conf/httpd.conf
    find the <IfModule mod_suphp.c> section within the <Directory "/var/www/html"> block and change to:
    Code:
       <IfModule mod_suphp.c>
            suPHP_Engine On
            suPHP_UserGroup webapps webapps
            SetEnv PHP_INI_SCAN_DIR
       </IfModule>
    That should be the lot, make sure Apache is restarted.
    Code:
    service httpd restart
    Hopefully everything is working!

    Notes
    -----

    If a customer wants to use cronjobs they need to add the php.ini in the cron command:
    Code:
    /usr/local/bin/php -c /usr/local/directadmin/data/users/accountname/php/php.ini /home/accountname/domains/domainname/public_html/filetocron.php
    ------------------------------------------------------------
    Thanks to smtalk for some troubleshooting at http://www.directadmin.com/forum/showthread.php?t=19221
    Thanks to getUP for securing the php.ini file
    Thanks to Dennis for the suggestion of running ./build secure_php and cron job heads up
    Thanks to scooby2 for suggesting extra openbase_dir paths e.g. php's pear modules
    Thanks to jlasman for spotting a typo
    Last edited by circlesquare; 10-07-2009 at 07:07 AM.

  2. #2
    Join Date
    May 2008
    Posts
    11
    Thank you very much!! This works like a charm.
    Kind regards,

    S.D. Meijer
    Furion, that's powerful hosting.

    Website: http://www.Furion.nl

  3. #3
    Join Date
    Oct 2006
    Location
    ua
    Posts
    55
    Hi,

    how are you going do php.ini per user ?

    Also, please keep in mind that php-cgi much slower than mod_php.
    Next, you should define openbasedir php setting, otherwise users will be able to browse your server (about comparatively their unix permissions).
    Opcode cachers (something like eaccelerator, xcache, apc) can't work in this mode too.

    If you completely switch to php-cgi (suphp) you should comment out "loadmodule ... php5_module" in your httpd.conf (for reduce memory usage per httpd child)
    With best wishes, Sergej Kandyla

  4. #4
    Join Date
    May 2007
    Posts
    24
    Thanks for the comments paix,

    Quote Originally Posted by paix View Post
    how are you going do php.ini per user ?

    Also, please keep in mind that php-cgi much slower than mod_php.
    Next, you should define openbasedir php setting, otherwise users will be able to browse your server (about comparatively their unix permissions).
    http://help.directadmin.com/item.php?id=183

    Quote Originally Posted by paix View Post
    Opcode cachers (something like eaccelerator, xcache, apc) can't work in this mode too.
    Thanks for the heads up on this one, although I happy to live with it as it's only a shared server.

    Quote Originally Posted by paix View Post
    If you completely switch to php-cgi (suphp) you should comment out "loadmodule ... php5_module" in your httpd.conf (for reduce memory usage per httpd child)
    I believe DirectAdmin does this automatically, but it's worth double checking

  5. #5
    Join Date
    May 2007
    Posts
    24
    Ok, I found that http://help.directadmin.com/item.php?id=183 was not really what I wanted to do as it meant using a whole php.ini file per user instead of just changes to the global php.ini. Here's what I have done to enable open_basedir per user which allows override of php.ini values:

    automate creation of php.ini for new users
    Code:
    touch /usr/local/directadmin/scripts/custom/user_create_post.sh
    chmod 755 /usr/local/directadmin/scripts/custom/user_create_post.sh
    nano /usr/local/directadmin/scripts/custom/user_create_post.sh
    use the following shell script:
    Code:
    #!/bin/sh
    
    touch /home/$username/php.ini
    echo "open_basedir = /home/$username/:/tmp/" >> /home/$username/php.ini
    chown root:root /home/$username/php.ini
    
    exit 0;
    create php.ini files for current users
    Code:
    ls -l /home | grep '^d' | awk '{system("username="$3" /usr/local/directadmin/scripts/custom/user_create_post.sh")}'
    change VirtualHost containers to look for php.ini override
    Code:
    nano /usr/local/directadmin/data/templates/virtual_host2.conf
    nano /usr/local/directadmin/data/templates/virtual_host2_sub.conf
    nano /usr/local/directadmin/data/templates/virtual_host2_secure.conf
    nano /usr/local/directadmin/data/templates/virtual_host2_secure_sub.conf
    add this after the ErrorLog
    Code:
    |*if SUPHP="1"|
            SetEnv PHP_INI_SCAN_DIR /home/|USER|/
    |*endif|
    rewrite httpd configs for current users
    Code:
    echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
    I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain.
    Last edited by circlesquare; 01-28-2009 at 09:21 AM.

  6. #6
    Join Date
    Oct 2006
    Location
    ua
    Posts
    55
    Quote Originally Posted by circlesquare View Post
    Ok, I found that http://help.directadmin.com/item.php?id=183 was not really what I wanted to do as it meant using a whole php.ini file per user instead of just changes to the global php.ini. Here's what I have done to enable open_basedir per user which allows override of php.ini values:

    Code:
    |*if SUPHP="1"|
            SetEnv PHP_INI_SCAN_DIR /home/|USER|/
    |*endif|
    I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain.

    Ok, fine. This right direction.
    But I suggest you locate users php.ini in place unavailable for users. For example:
    Code:
    |
            SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/
    otherwise users can be able modify php.ini setting such as open_basedir, disabled_functions, etc...

    I've not tested this with suphp, but this schema works fine for me with mod_fastcgi, so it should work with suphp too.

    PS. another way is setting chflags\chattr on your users php.ini files, but I think this way is more difficult for maintaince.
    With best wishes, Sergej Kandyla

  7. #7
    Join Date
    May 2007
    Posts
    24
    Quote Originally Posted by paix View Post
    otherwise users can be able modify php.ini setting such as open_basedir, disabled_functions, etc...
    It should be ok as the shell script makes root the owner of the php.ini, therefore the user can read the file, but not change it.

    Quote Originally Posted by circlesquare View Post
    use the following shell script:
    Code:
    #!/bin/sh
    
    touch /home/$username/php.ini
    echo "open_basedir = /home/$username/:/tmp/" >> /home/$username/php.ini
    chown root:root /home/$username/php.ini
    
    exit 0;

  8. #8
    Join Date
    Oct 2006
    Location
    ua
    Posts
    55
    Quote Originally Posted by circlesquare View Post
    It should be ok as the shell script makes root the owner of the php.ini, therefore the user can read the file, but not change it.
    Ok, good. Looks like I read your code settings inattentive, sorry.

    Also if you going to do some benchmarks of using suphp it would enough interesting to see them.
    With best wishes, Sergej Kandyla

  9. #9
    Join Date
    Oct 2006
    Posts
    36
    Hello,

    We have about 20 servers and using php cli on them.

    But sometimes we have security problems on php cli.

    We are investigate on upgrading to php cgi.

    But we have some questions.

    What is the differences between php cli vs php cgi?

    I think php cli faster then php cli. But php cgi more secure then php cli.

    I was read about "suPHP doesn't allow the use of php_flag and php_value" and something like that above this link;

    http://www.php-cli.com/php-cli-cgi.shtml

  10. #10
    Join Date
    Dec 2005
    Posts
    11
    I've followed this guide, but php -v still says I'm running the CLI-version and all http processes still run as apache.

    PHP 5.2.8 (cli) (built: Feb 16 2009 14:27:52)
    Copyright (c) 1997-2008 The PHP Group
    Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

    What to do?

  11. #11
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    6,746
    Try:
    Code:
    /usr/local/php5/bin/php-cgi -v
    Instead of just php -v.
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  12. #12
    Join Date
    Dec 2005
    Posts
    11
    Returns:

    PHP 5.2.8 (cgi-fcgi) (built: Feb 16 2009 14:27:24)
    Copyright (c) 1997-2008 The PHP Group
    Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

    But why am I still seeing httpd processes owned by apache and not the local user?

  13. #13
    Join Date
    May 2007
    Posts
    24
    Quote Originally Posted by Yolte View Post
    I was read about "suPHP doesn't allow the use of php_flag and php_value" and something like that above this link;
    Correct, you can't use .htaccess files to specify PHP config options using suPHP. The howto explains how to create custom php.ini files for each user. If they want custom PHP config, you can specify it in their php.ini file (/home/user/php.ini)
    The reason why you must not give the user's themselves access to change this file is because they can then change the open_basedir restriction.

    Quote Originally Posted by xmats View Post
    But why am I still seeing httpd processes owned by apache and not the local user?
    Only PHP runs as the local user.. apache doesn't need to as it's not processing the code, it just creates a PHP process as the local user to execute it.
    If you run top, you'll see a php-cgi processes running as the local user popping up when this happens.

  14. #14
    Join Date
    Mar 2009
    Posts
    5

    No input file specified

    Hi,

    I have done the above steps but now all my website are giving the following error: No input file specified does anyone have a solution for this problem ?

    thanks.

  15. #15
    Join Date
    Jan 2009
    Posts
    22
    Quote Originally Posted by divdesign View Post
    Hi,

    I have done the above steps but now all my website are giving the following error: No input file specified does anyone have a solution for this problem ?

    thanks.
    I had the same problem. You have not entered correctly the open_basedir. You have to set for each user their correct open_basedir or do not set it at all. You'll find instructions above on how to set a php.ini file for each user with only the open_basedir statement in it

  16. #16
    Join Date
    Sep 2008
    Posts
    55
    Hello,

    can anybody show me a custom php.ini? I wonder how is it look like. Do I have to add any special code to it?

    Thanks a lot.

  17. #17
    Join Date
    Apr 2008
    Location
    Poland
    Posts
    139
    Quote Originally Posted by circlesquare View Post
    Sites with files or directories with global write access will also cause suPHP to throw an error, therefore change all files to 644 and directories to 755

    Code:
    find /home/*/domains/*/public_html -type f -exec chmod 0644 {} \; -print
    find /home/*/domains/*/private_html -type f -exec chmod 0644 {} \; -print
    find /home/*/domains/*/public_html -type d -exec chmod 0755 {} \; -print
    find /home/*/domains/*/private_html -type d -exec chmod 0755 {} \; -print
    Then some scripts like Joomla and Silverstripe stop work. I can't modify all folders in my clients. Or maybe I don't understand something.

  18. #18
    Join Date
    Aug 2004
    Location
    Switzerland
    Posts
    220
    I did pretty much the same as you with some differences. I really wanted to have one php.ini file per user per version of PHP.

    I have done a php.ini for php4 and one for php5 (/usr/local/directadmin/data/templates/php4.ini and /usr/local/directadmin/data/templates/php5.ini) as follow :

    [PHP]
    engine = On
    short_open_tag = On
    asp_tags = Off
    precision = 12
    y2k_compliance = On
    output_buffering = 4096
    ;output_handler =
    ;zlib.output_compression = Off
    ;zlib.output_handler =
    implicit_flush = Off
    unserialize_callback_func=
    serialize_precision = 100
    allow_call_time_pass_reference = On
    memory_limit = 20M

    safe_mode = Off
    safe_mode_gid = Off
    safe_mode_include_dir =
    safe_mode_exec_dir =

    safe_mode_allowed_env_vars = PHP_
    safe_mode_protected_env_vars = LD_LIBRARY_PATH
    open_basedir = "/home/%USERNAME%/:/usr/local/php4/lib/php/:/var/www/html:/usr/local/directadmin/data/skins/:/tmp"
    disable_functions = "phpinfo, system, exec, passthru, proc_open, shell_exec, popen, setlimit, mysql_pconnect"
    disable_classes =

    ;highlight.string = #DD0000
    ;highlight.comment = #FF9900
    ;highlight.keyword = #007700
    ;highlight.bg = #FFFFFF
    ;highlight.default = #0000BB
    ;highlight.html = #000000

    expose_php = Off

    error_reporting = E_ALL & ~E_NOTICE
    display_errors = On
    display_startup_errors = Off
    log_errors = On
    log_errors_max_len = 1024
    ignore_repeated_errors = On
    ignore_repeated_source = Off
    report_memleaks = On
    track_errors = Off
    html_errors = Off
    ;docref_root = "/phpmanual"
    ;docref_ext = .html
    ;error_prepend_string = "<font color=ff0000>"
    ;error_append_string = "</font>"
    ;error_log = /home/%USERNAME%/tmp/error_log

    ;arg_separator.output = "&amp;"
    ;arg_separator.input = ";&"
    variables_order = "GPCS"

    register_globals = On
    register_argc_argv = On
    post_max_size = 32M
    gpc_order = "GPC"

    magic_quotes_gpc = On
    magic_quotes_runtime = Off
    magic_quotes_sybase = Off
    auto_prepend_file =
    auto_append_file =

    default_mimetype = "text/html"
    ;default_charset = "iso-8859-1"
    ;always_populate_raw_post_data = On

    include_path = ".:/usr/local/php4/lib/php/"

    doc_root =
    user_dir =
    extension_dir = "./"
    enable_dl = Off

    ;cgi.rfc2616_headers = 0

    file_uploads = On
    upload_tmp_dir = "/home/%USERNAME%/tmp"
    upload_max_filesize = 24M

    allow_url_fopen = Off
    from="%USERNAME%@%DOMAIN%"
    agent="PHP at %DOMAIN%"
    default_socket_timeout = 60

    [Syslog]
    define_syslog_variables = Off

    [mail function]
    SMTP = localhost
    smtp_port = 25
    sendmail_path = /usr/sbin/sendmail -t -i -f %USERNAME%@%DOMAIN%

    [Java]
    ;java.class.path = .\php_java.jar
    ;java.home = c:\jdk
    ;java.library = c:\jdk\jre\bin\hotspot\jvm.dll
    ;java.library.path = .\

    [SQL]
    sql.safe_mode = Off

    [ODBC]
    ;odbc.default_db = Not yet implemented
    ;odbc.default_user = Not yet implemented
    ;odbc.default_pw = Not yet implemented
    odbc.allow_persistent = Off
    odbc.check_persistent = On
    odbc.max_persistent = 0
    odbc.max_links = 3
    odbc.defaultlrl = 4096
    odbc.defaultbinmode = 1

    [MySQL]
    mysql.allow_persistent = Off
    mysql.max_persistent = 0
    mysql.max_links = 4
    mysql.default_port = 3306
    mysql.default_socket = /var/lib/mysql/mysql.sock
    mysql.default_host = localhost
    mysql.default_user =
    mysql.default_password =
    mysql.connect_timeout = 30
    mysql.trace_mode = Off

    [mSQL]
    msql.allow_persistent = Off
    msql.max_persistent = 0
    msql.max_links = 4

    [PostgresSQL]
    pgsql.allow_persistent = Off
    pgsql.auto_reset_persistent = Off
    pgsql.max_persistent = 0
    pgsql.max_links = 4
    pgsql.ignore_notice = 0
    pgsql.log_notice = 0

    [Sybase]
    sybase.allow_persistent = Off
    sybase.max_persistent = 0
    sybase.max_links = 4
    ;sybase.interface_file = "/usr/sybase/interfaces"
    sybase.min_error_severity = 10
    sybase.min_message_severity = 10
    sybase.compatability_mode = Off

    [Sybase-CT]
    sybct.allow_persistent = Off
    sybct.max_persistent = 0
    sybct.max_links = 4
    sybct.min_server_severity = 10
    sybct.min_client_severity = 10

    [dbx]
    dbx.colnames_case = "lowercase"

    [bcmath]
    bcmath.scale = 0

    [browscap]
    ;browscap = extra/browscap.ini

    [Informix]
    ifx.default_host =
    ifx.default_user =
    ifx.default_password =
    ifx.allow_persistent = Off
    ifx.max_persistent = 0
    ifx.max_links = 4
    ifx.textasvarchar = 0
    ifx.byteasvarchar = 0
    ifx.charasvarchar = 0
    ifx.blobinfile = 0
    ifx.nullformat = 0

    [Session]
    session.save_handler = files
    session.save_path = /home/%USERNAME%/tmp/sessions
    session.use_cookies = 1
    session.name = PHPSESSID
    session.auto_start = 0
    session.cookie_lifetime = 0
    session.cookie_path = /
    session.cookie_domain =
    session.serialize_handler = php
    session.gc_probability = 1
    session.gc_divisor = 1000
    session.gc_maxlifetime = 1440
    session.bug_compat_42 = 0
    session.bug_compat_warn = 1
    session.referer_check =
    session.entropy_length = 16
    session.entropy_file = /dev/urandom
    session.cache_limiter = nocache
    session.cache_expire = 180
    session.use_trans_sid = 0

    url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

    [MSSQL]
    mssql.allow_persistent = Off
    mssql.max_persistent = 0
    mssql.max_links = 4
    mssql.min_error_severity = 10
    mssql.min_message_severity = 10
    mssql.compatability_mode = Off
    ;mssql.connect_timeout = 5
    ;mssql.timeout = 60
    ;mssql.textlimit = 4096
    ;mssql.textsize = 4096
    ;mssql.batchsize = 0
    ;mssql.datetimeconvert = On
    mssql.secure_connection = Off
    ;mssql.max_procs = 25

    [Assertion]
    ;assert.active = On
    ;assert.warning = On
    ;assert.bail = Off
    ;assert.callback = 0
    ;assert.quiet_eval = 0

    [Ingres II]
    ingres.allow_persistent = Off
    ingres.max_persistent = 0
    ingres.max_links = 4
    ingres.default_database =
    ingres.default_user =
    ingres.default_password =

    [Verisign Payflow Pro]
    pfpro.defaulthost = "test-payflow.verisign.com"
    pfpro.defaultport = 443
    pfpro.defaulttimeout = 30
    ;pfpro.proxyaddress =
    ;pfpro.proxyport =
    ;pfpro.proxylogon =
    ;pfpro.proxypassword =

    [Sockets]
    sockets.use_system_read = On

    [com]
    ;com.typelib_file =
    ;com.allow_dcom = true
    ;com.autoregister_typelib = true
    ;com.autoregister_casesensitive = false
    ;com.autoregister_verbose = true

    [Printer]
    ;printer.default_printer = ""

    [mbstring]
    ;mbstring.language = Japanese
    ;mbstring.internal_encoding = EUC-JP
    ;mbstring.http_input = auto
    ;mbstring.http_output = SJIS
    ;mbstring.encoding_translation = Off
    ;mbstring.detect_order = auto
    ;mbstring.substitute_character = none;
    ;mbstring.func_overload = 0

    [FrontBase]
    ;fbsql.allow_persistent = Off
    ;fbsql.autocommit = On
    ;fbsql.default_database =
    ;fbsql.default_database_password =
    ;fbsql.default_host =
    ;fbsql.default_password =
    ;fbsql.default_user = "_SYSTEM"
    ;fbsql.generate_warnings = Off
    ;fbsql.max_connections = 128
    ;fbsql.max_links = 3
    ;fbsql.max_persistent = 0
    ;fbsql.max_results = 128
    ;fbsql.batchSize = 1000

    [Crack]

    [exif]
    ;exif.encode_unicode = ISO-8859-15
    ;exif.decode_unicode_motorola = UCS-2BE
    ;exif.decode_unicode_intel = UCS-2LE
    ;exif.encode_jis =
    ;exif.decode_jis_motorola = JIS
    ;exif.decode_jis_intel = JIS
    I have also added the following lines in /usr/local/directadmin/scripts/custom/user_create_post.sh

    #!/bin/sh

    mkdir -p /usr/local/directadmin/data/users/$username/{config/php4,config/php5} ;
    chown -R root:root /home/$username/{config/php4,config/php5,tmp/sessions} ;
    sed "s/%USERNAME%/$username/g" < /usr/local/directadmin/data/templates/php4.ini | sed "s/%DOMAIN%/$domain/g" > /usr/local/directadmin/data/users/$username/config/php4/php.ini ;
    sed "s/%USERNAME%/$username/g" < /usr/local/directadmin/data/templates/php5.ini | sed "s/%DOMAIN%/$domain/g" > /usr/local/directadmin/data/users/$username/con
    fig/php5/php.ini ;

    chown -R root:root /usr/local/directadmin/data/users/$username/php4/php.ini ;
    chown -R root:root /usr/local/directadmin/data/users/$username/php5/php.ini ;

    chmod 755 /usr/local/directadmin/data/users/$username/config/php4 ;
    chmod 755 /usr/local/directadmin/data/users/$username/config/php5 ;

    exit 0;
    and thus, all users start with the same php.ini but if you need to change 1 setting for 1 user, it's 100x easier.

    and finally virtualhost looks like

    |?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|
    <VirtualHost |IP|:80>
    |CUSTOM|
    |?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
    ServerName www.|DOMAIN|
    ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
    ServerAdmin |ADMIN|
    DocumentRoot |DOCROOT|
    |CGI|

    |USECANONICALNAME|

    User |USER|
    Group |GROUP|

    # This part is home-made and is for security
    # one php.ini per user secure the user/server

    <Files *.php>
    SetEnv PHPRC |HOME|/config/php4
    </Files>

    <Files *.php5>
    SetEnv PHPRC |HOME|/config/php5
    </Files>

    CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
    CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
    ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

    <Directory |DOCROOT|>
    Options +Includes -Indexes
    </Directory>
    |HANDLERS|
    |MIMETYPES|

    </VirtualHost>
    Gregory A. | CTO Neocarrier Communications (AS48885)
    Tier-3 Data Centre Tier-1 Powered Connectivity Metro Ethernet
    Intensive Web Hosting VMware Private Cloud DDoS mitigation
    Network Integration Intensive Monitoring Managed Security

  19. #19
    Join Date
    Mar 2009
    Posts
    26
    I have tried to install php cgi but the first problem is that when I do exec("uptime") I get an error because I have to fll in a full path to uptime. So exec function has been solved.

    Now another problem: Every file upload gives a error, no matter the file size:
    Array ( [name] => Creek.jpg [type] => image/jpeg [tmp_name] => /home/henk/tmp/phpqdBN5y [error] => 0 [size] => 264409 )

    tmp_name is the problem. What could be the problem?

  20. #20
    Join Date
    May 2007
    Posts
    24
    Quote Originally Posted by remikk View Post
    Then some scripts like Joomla and Silverstripe stop work. I can't modify all folders in my clients. Or maybe I don't understand something.
    They should still work as you will be running suPHP, so the PHP will be running as the same user which owns the files.. therefore there is no need for global read/write.

Page 1 of 5 123 ... LastLast

Similar Threads

  1. HOWTO: mod_fcgid in CB 2.0, switchable to suphp
    By Jan_E in forum CustomBuild 2.0
    Replies: 8
    Last Post: 02-04-2013, 10:44 AM
  2. HOWTO : SuPHP
    By nebukazar in forum How-To Guides
    Replies: 69
    Last Post: 05-20-2007, 05:19 AM
  3. looking voor howto suPHP for apache 1.3 and PHP5
    By snaaps in forum MySQL / PHP
    Replies: 4
    Last Post: 03-29-2007, 12:39 AM
  4. [HOWTO] SuPHP
    By 12Media in forum DirectAdmin General Discussion
    Replies: 5
    Last Post: 02-02-2004, 10:43 PM
  5. [HOWTO] SuPHP
    By 12Media in forum How-To Guides
    Replies: 5
    Last Post: 02-02-2004, 10:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •