custom httpd configs per user (re: token on custom httpd)

CiscoMike

Verified User
Joined
Dec 2, 2005
Messages
66
Location
Denver, CO
For the life of me I can't get tokens to work "right" (apache is belching about errors in the config). I want to set a custom open_basedir and upload_temp_dir. I know how to do it in the <user>/httpd.conf path but obviously that's not the right way to do it since that file gets overwritten...often. :)

Code:
php_admin_value open_basedir /home/|user|/domains/|domain|:/home/|user|/domains/|domain|/public_html:/home/|user|/domains/|domain|/public_html/tmp:/home/|user|/domains/|domain|/public_html/administrator

php_admin_value upload_tmp_dir /home/|user|/domains/|domain|/public_html/tmp

The above would be the example template I'd want for a particular user type. I know there is a token for open_basedir (not that I am doing it right, more on that in a second) but there isn't a token for upload_tmp_dir. As a result I'm having to set it in the httpd.conf which again, gets overwritten (As expected, I knew that ahead of time) when one adds/removes/modifies a reseller or user. Today I just have a backup of the changes and merge/replace after DA does its thing but golly-gee-whiz it sure would be nice to have it all automated. :)

So I read the DA help article on using custom tokens, at least for the case of the open_basedir. I've read the KB articles on
http://help.directadmin.com/item.php?id=3 and http://help.directadmin.com/item.php?id=2

So I tried
Code:
|?OPEN_BASEDIR=/home/|user|/domains/|domain|:/home/|user|/domains/|domain|/public_html:/home/|user|/domains/|domain|/public_html/tmp:/home/|user|/domains/|domain|/public_html/administrator|
in the DA GUI. Unfortunately that gets placed at the top of the virtual template in question and Apache says I have an invalid config and then fails to start. East to get around, I remove the offending line, restart, all is fine except I don't have my open_basedir set. Grrrrrr.

Meanwhile, the default open_basedir in the VirtualHost is still set to /tmp and /usr/local/lib/php and /home/|user| even after I set the token.

A) what am I doing wrong
B) is there an option for the upload_temp_dir

thanks

edit: I'm using apache 2.2.11 and custombuild (obviously).
 
Last edited:
One point of clarity - I'm not needing the above config for all clients thus I wanted to use the custom HTTP config within the DA GUI. I am aware about copying the .conf files for each user/reseller into the custom directory thus setting variables for all users but I have 4 classes of users thus I will use a "template" within the GUI (really it's just copy/paste).

Just wanted to make that clear since my original post could be read in a way that would be fixed via moving the files into the custom directory.
 
You're not going to change where DirectAdmin puts the custom entries, and the way they get read is part of how apache works.

So I'd suggest figuring out how you can put it into the custom directory and use tokens creatively so they'll work.

Jeff
 
well, that's what I feared. There is no good way to make this work and I'll just have to stick with replacing the DA created user httpd.conf file then. The problem is that there isn't a token for "php_admin_value upload_tmp_dir" which is a shame since this is a good way to keep user files somewhat jailed rather than allowing the use of /tmp or some other shared directory.

The other issue is that the "|?open_basedir|" token, as I had it in my first post, is broken in 1.33.3 and 1.33.6 (both builds I tried it in). Instead of modifying the "php_admin_value open_basedir" value in the <Directory> section of the virtual template, it's placing it immediately after the <VirtualHost ip> section which is what is causing apache to bark at it. Meanwhile the default open_basedir value is still there under the <Directory> section. Here's an example of the default config:

Code:
<VirtualHost 74.86.89.171:80>


	ServerName www.datapathservices.net
	ServerAlias www.datapathservices.net datapathservices.net 
	ServerAdmin [email protected]
	DocumentRoot /home/|user|/domains/datapathservices.net/public_html
	

	UseCanonicalName OFF

	SuexecUserGroup |user| |group|
	CustomLog /var/log/httpd/domains/datapathservices.net.bytes bytes
	CustomLog /var/log/httpd/domains/datapathservices.net.log combined
	ErrorLog /var/log/httpd/domains/datapathservices.net.error.log

	<Directory /home/|user|/domains/datapathservices.net/public_html>
		Options +Includes -Indexes

		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |user|@datapathservices.net'


		[B][COLOR="Red"]php_admin_value open_basedir /home/|user|/:/tmp:/usr/local/lib/php/[/COLOR][/B]


	</Directory>



</VirtualHost>

now if I use the token as defined in the knowledge base and another post on these forums (see, I used search, I get a cookie, lol), I get the following instead:

Code:
<VirtualHost 74.86.89.171:80>
[B][COLOR="Red"]|?OPEN_BASEDIR=/home/|user|/domains/|domain|:/home/|user|/domains/|domain|/public_html:/home/|user|/domains/|domain|/public_html/tmp:/home/|user|/domains/|domain|/public_html/administrator|[/COLOR][/B]

	ServerName www.datapathservices.net
	ServerAlias www.datapathservices.net datapathservices.net 
	ServerAdmin [email protected]
	DocumentRoot /home/|user|/domains/datapathservices.net/public_html
	

	UseCanonicalName OFF

	SuexecUserGroup |user| |group|
	CustomLog /var/log/httpd/domains/datapathservices.net.bytes bytes
	CustomLog /var/log/httpd/domains/datapathservices.net.log combined
	ErrorLog /var/log/httpd/domains/datapathservices.net.error.log

	<Directory /home/|user|/domains/datapathservices.net/public_html>
		Options +Includes -Indexes

		php_admin_flag engine ON
		<IfModule !mod_php6.c>
			php_admin_flag safe_mode OFF
		</IfModule>
		php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |user|@datapathservices.net'


		[B][COLOR="Red"]php_admin_value open_basedir /home/|user|/:/tmp:/usr/local/lib/php/[/COLOR][/B]


	</Directory>



</VirtualHost>

And I'm referring to the page to set custom attributes directly within DA's CP (see screenshot). I haven't tried via SSH yet because I think it will be entirely too complicated since I'll have 4 or 5 user groups under the same reseller (I suppose I can break them up under different resellers but what a hassle...).
 

Attachments

  • da-httpd.JPG
    da-httpd.JPG
    23.5 KB · Views: 129
well, that's what I feared. There is no good way to make this work and I'll just have to stick with replacing the DA created user httpd.conf file then. The problem is that there isn't a token for "php_admin_value upload_tmp_dir" which is a shame since this is a good way to keep user files somewhat jailed rather than allowing the use of /tmp or some other shared directory.

The other issue is that the "|?open_basedir|" token, as I had it in my first post, is broken in 1.33.3 and 1.33.6 (both builds I tried it in). Instead of modifying the "php_admin_value open_basedir" value in the <Directory> section of the virtual template, it's placing it immediately after the <VirtualHost ip> section which is what is causing apache to bark at it.
Have you discussed this issue with DirectAdmin Support?

Jeff
 
For support inquiries, please check the Knowledgebase, Versions system and Forum before emailing us, in case your question has already been answered.

I was doing my homework. :) But that's next on the agenda.
 
Back
Top