Internal Server Error with root

inflock

Verified User
Joined
Apr 2, 2011
Messages
49
Hello;

I have a problem with root account. Any time i do something with root i get 500 internal server error. For example i login to my domain with FTP with admin or ftp account which i created and i upload a simple php file like www.domain.com/version.php it works. But when i login with root to ftp and go the admin/domain/domain.com/public_html and upload that php file and browse the site again it gives Internal server error. I dont understand why. I cant do anything with root. For example i try to install torrentflux i make everyhing correct but it gives also 500 internal server error. And any php file that i upload to var/www/html i get this error same as torrent flux. http:/myserverIP/torrentflux or http:/myserverIP/version.php or any php. I couldnt solve the problem.

My php settings are like this. http://sercan.isgreat.org/myphp.html

Thanks for the assistance.
 
Hello,

First of all you really should not do anything with root privileges.

Secondly, if you create/upload files into user's homedir with root privileges, you should then chown them. suPHP does not allow to run PHP, which belong to superuser (root).

Thirdly, you really should read logs. You might learn much more from logs.
 
Thanks for the answer.

But it not only not allowing the users home dirs its not allowing at all. Its not a problem for user home dirs. But if i want to install something like torrent flux or put a php file in to the /var/www/html what should i do cause its not working. And only way to enter this part with root. Is there any way i let suphp allows root to run php files.

Thanks for the assistance.
 
But it not only not allowing the users home dirs its not allowing at all. Its not a problem for user home dirs.

Sorry, what are you talking about here? Did not get you!

But if i want to install something like torrent flux or put a php file in to the /var/www/html what should i do cause its not working.

Since you're using suPHP, all php files in /var/www/html should be chowned to webapps:webapps.

Is there any way i let suphp allows root to run php files.

That is very insecure, and you should never do this, of course if you care about your server security.


p.s. Again, you should read apache logs to learn details about the 500 error.
 
Your root password should never be sent to your server in the clear, which is what ftp does. You should change your root password using a shell login, and not use root for ftp.

Really.

Jeff
 
But it not only not allowing the users home dirs its not allowing at all. Its not a problem for user home dirs.

zEitEr..

Yes its not understandable. I meant SUPHP it is not allowing root to operate at user home dirs with root ownership. And also SUPHP is preventing root to operate at /var/www/html because this part we reach only through root account.

Since you're using suPHP, all php files in /var/www/html should be chowned to webapps:webapps

So if i chown the files which i upload to /var/www/html with root and chown them as webaps:webaps are the gonna work?

That is very insecure, and you should never do this, of course if you care about your server security.

How can we set SuPHP to give root operate permissions and what is the security danger what can be if i do that?

jlasman...

Your root password should never be sent to your server in the clear, which is what ftp does. You should change your root password using a shell login, and not use root for ftp.

In which way can i access the root part of my files without sending the open password to the server via FTP protocols.

Thanks for the assistance
 
So if i chown the files which i upload to /var/www/html with root and chown them as webaps:webaps are the gonna work?

Yes

How can we set SuPHP to give root operate permissions and what is the security danger what can be if i do that?

You might need to modify /usr/local/suphp/etc/suphp.conf and set something like:

Code:
min_uid=0
min_gid=0

instead

Code:
min_uid=100
min_gid=100

and recompile suPHP with --with-setid-mode=owner

Code:
# cat /usr/local/directadmin/custombuild/custom/suphp/configure.suphp
#!/bin/sh
"./configure" \
"--prefix=/usr/local/suphp" \
"--sysconfdir=/usr/local/suphp/etc/" \
"--with-apache-user=apache" \
"--with-setid-mode=owner" \
"--with-apxs=/usr/sbin/apxs" \
"--disable-checkpath"

NOTE, it might bring to unrecoverable disaster, if your script would be compromised or hijacked, because PHP script would run with superuser privileges.
 
In which way can i access the root part of my files without sending the open password to the server via FTP protocols.
You shouldn't have any files in /var/html/www owed by root; they should all be owned by webapps:webapps.

Any other files which you need to edit should be edited using a serverside editing tool, using ssh to log into the server.

If you must edit locally you should use scp to copy the files up and down.

And you should not even allow ssh login as root, or scp as root.

You should create an otherwise non-privileged user, give it access to ssh, and allow it to su to root. Then you should ssh in as that user and switch to root.

For scp for files you must edit locally rather than on the server you should copy them to your user home diredtory, change their ownership to that user, then scp them as that user. When copying them back you should copy them back to that user, then shell in and copy them back to where they belong making sure you maintain the proper ownership and permissions rather than those you uploaded them under.

If you need to write back to ask me how to do any of the above please read a bit about systems administration first, as the DirectAdmin forums really isn't the place to teach basic systems administration.

Jeff
 
For scp for files you must edit locally rather than on the server you should copy them to your user home diredtory, change their ownership to that user, then scp them as that user. When copying them back you should copy them back to that user, then shell in and copy them back to where they belong making sure you maintain the proper ownership and permissions rather than those you uploaded them under.
Jeff

Thanks for the informative answer and for nice explanation.

SCP 'sound alittle bit confusing to me' at this moment and will check later. I surely disabled root ssh login and gave root privilages to a normal user and changed ssh port and changed direct admin port and did set my brute force black list rules so any one try more than 25 false attemp will be black listed.

Thanks for the assistance.

Regards
 
Yes



You might need to modify /usr/local/suphp/etc/suphp.conf and set something like:

Code:
min_uid=0
min_gid=0

instead

Code:
min_uid=100
min_gid=100

and recompile suPHP with --with-setid-mode=owner

Code:
# cat /usr/local/directadmin/custombuild/custom/suphp/configure.suphp
#!/bin/sh
"./configure" \
"--prefix=/usr/local/suphp" \
"--sysconfdir=/usr/local/suphp/etc/" \
"--with-apache-user=apache" \
"--with-setid-mode=owner" \
"--with-apxs=/usr/sbin/apxs" \
"--disable-checkpath"

NOTE, it might bring to unrecoverable disaster, if your script would be compromised or hijacked, because PHP script would run with superuser privileges.

Thanks for the informative answer i had tried this before and could succeed before with doing this ;

Code:
min_uid=0
min_gid=0

Now I see why i didnt succeed cause i didnt apply such codes

Code:
# cat /usr/local/directadmin/custombuild/custom/suphp/configure.suphp
#!/bin/sh
"./configure" \
"--prefix=/usr/local/suphp" \
"--sysconfdir=/usr/local/suphp/etc/" \
"--with-apache-user=apache" \
"--with-setid-mode=owner" \
"--with-apxs=/usr/sbin/apxs" \
"--disable-checkpath"

Thanks for the assistance.

Regards.
 
Back
Top