PDA

View Full Version : php5_cgi php.ini



alexey.world
08-22-2007, 02:32 AM
1) How would the value "open_basedir" look like for "php5-cgi"(suPHP)?
2) What is the right right way to configurate the user file php.ini for php5-cgi suPHP. To be more specific: we need to get an independent the php.ini file for every user, so that the user couldn't do any manipulations with that file.

smtalk
08-22-2007, 02:50 AM
Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!

iceuk626
08-22-2007, 02:53 PM
Can a shell wrapper script be used to execute the custom user php.ini ?

alexey.world
10-16-2007, 04:28 PM
Why do you need open_basedir for it? suPHP doesn't allow to go outside the directory (unless other files are owned by the same user). If you will use system() function - it doesn't look for open_basedir value, because it can execute any ssh command. About the php.ini file - you can set anything you want in /usr/local/suphp/etc/suphp.conf. Good luck!

any user can view any file outside his directory

<?php
readfile('/etc/passwd');
?>


system
apache 1.3 suphp(php-cgi 5)

smtalk
10-16-2007, 09:18 PM
alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)

PauGasol
12-08-2007, 06:40 AM
alexey.world, not any. /etc/passwd is word-readable. Try to read something like /home/otheruser/domains/otherdomain.com/public_html/config.php :)

also works.. i dont understand nothing. I have php5 with cgi suphp but i think that is an open hole.. why is possible /home/oneuser/public_html/ could read all files in the server? not only /etc/passwd if i put in the readfile funtion /home/otheruser/public_html/config.php i can see all the source code of the php.

I have try with open base dir in off and on and the same...

Help

DirectAdmin Support
12-20-2007, 01:28 PM
http://help.directadmin.com/item.php?id=183

jackc
12-21-2007, 06:30 PM
can you provide a user_create_post.sh script that adds a php.ini file into /home/username/php.ini and sets the open_basedir value?
i think the script should add with custombuild.

iceuk626
12-22-2007, 01:04 AM
This should give you an idea http://www.directadmin.com/forum/showpost.php?p=107173&postcount=206

jackc
12-22-2007, 01:39 AM
i don't know how to replace the default open_basedir with /home/username/

iceuk626
12-22-2007, 01:57 AM
i would suggest


perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' /home/$username/php.ini

try this:

#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/' $USERPHPINI

chown root:root $USERPHPINI

jackc
12-22-2007, 02:11 AM
thanks, will try then post result.

btw, when deleting that user, is the php.ini going to be deleted as well? since it's with root:root.

iceuk626
12-22-2007, 03:40 AM
Yes the system will delete it ok

The $username variable in the perl line does not work!

This works fine:


#!/bin/sh

# Default php.ini location
DEFPHPINI=/usr/local/etc/php5/cgi/php.ini

# PHP.ini user location
USERPHPINI=/home/$username/php.ini

cp $DEFPHPINI $USERPHPINI

#### Cant get this to work!!!
#### perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI

# Temp fix to insert path into php.ini
echo "open_basedir =/home/$username" >> $USERPHPINI

chown root:root $USERPHPINI

smtalk
12-22-2007, 05:37 AM
iceuk626, it does :) Just change


perl -pi -e 's/;open_basedir =/open_basedir =\/home\/$username/g' $USERPHPINI


With:


perl -pi -e "s/;open_basedir =/open_basedir =\/home\/$username/g" $USERPHPINI

iceuk626
12-22-2007, 07:44 AM
hehe thanks :)

iceuk626
12-23-2007, 04:22 AM
All works fine apart from anything in /var/www/html

Everything i use is chown to webapps:webapps

What php.ini does /var/www/html use? when i uncomment suPHP_ConfigPath /usr/local/etc/php5/cgi/ in the suphp httpd conf all works fine again, but everthing goes back to the default php.ini.

PauGasol
12-25-2007, 09:33 AM
All works fine apart from anything in /var/www/html

Everything i use is chown to webapps:webapps

What php.ini does /var/www/html use? when i uncomment suPHP_ConfigPath /usr/local/etc/php5/cgi/ in the suphp httpd conf all works fine again, but everthing goes back to the default php.ini.

http://help.directadmin.com/item.php?id=176

Hope this help you

iceuk626
12-27-2007, 04:54 PM
That does not help...

What i need to know is where is /var/www/html looking for the php.ini?

PauGasol
12-27-2007, 05:13 PM
That does not help...

What i need to know is where is /var/www/html looking for the php.ini?

the php default, but you can use own php for var/www/html

iceuk626
12-27-2007, 05:16 PM
the php default, but you can use own php for var/www/html

Where do i set the /var/www/html to use its own custom php.ini ?

PauGasol
12-27-2007, 05:21 PM
Where do i set the /var/www/html to use its own custom php.ini ?

n /etc/httpd/conf/httpd.conf n the vhost for /var/www/http add the code of Suconfg and set the path to php

alexey.world
10-11-2008, 12:41 PM
There is a problem.
There is a file php.ini(root:root), he is located in public_html/php.ini and /home/users/php.ini. How to forbid renaming of file through Proftpd.
Please help.

snk
10-12-2008, 06:06 AM
chattr +i php.ini
But remember to clear immutable flag (chattr -i php.ini) before edit this file. ;)

nobaloney
10-12-2008, 10:13 AM
I think it's called the immutable flag. :)

Jeff

snk
10-12-2008, 11:32 PM
yep. Thanks for correction, Jeff
:)