Apache 2 + Php 4 + Php 5 + Suphp 0.6.1

Tried the first two options, same result. Recompiled PHP5 with options specified. Again, same result.
 
Maybe, you should try to recompile apache, changing in you suexec.c :

errata:
binfmt_misc only works on linux system.

another clean solution is to hack suexec.c of apache
and force all .php scripts to be executed with php compiled
in cgi mode.

suexec.c

in place

if (!(prg_info.st_mode & S_IXUSR)) {

just

if (!(prg_info.st_mode & S_IXUSR) & (strstr(cmd, ".php") == NULL)) {

in place

execv(cmd, &argv[3]);

just

if (strstr(cmd, ".php")) {
execl("/usr/local/bin/php", "php", cmd, NULL);
}
else {
execv(cmd, &argv[3]);
}
Click to expand...

Check : http://sk.php.net/security.cgi-bin
 
hi nice howto!

In php4 info is see

Configuration File (php.ini) Path /usr/local/etc/php5/cgi/php.ini

Doesn't seem right to me?


Also in the howto you should cd to the suphpdir after making php5.
 
Alrik said:
hi nice howto!

In php4 info is see

Configuration File (php.ini) Path /usr/local/etc/php5/cgi/php.ini

Doesn't seem right to me?


Also in the howto you should cd to the suphpdir after making php5.
Click to expand...

Hello,

If you want each php to have its own php.ini use this :

<Location />
suPHP_Engine on
suPHP_AddHandler x-httpd-php
suPHP_AddHandler x-httpd-php5
</Location>
Click to expand...

and somewhere close...

<Files *.php>
SetEnv PHPRC /usr/local/etc/php4/cgi/
</Files>

<Files *.php5>
SetEnv PHPRC /usr/local/etc/php4/cgi/
</Files>
Click to expand...

Cheers.
 
Ok I was working this last days on a new how-to that would include apache 2.2.

I made few tests, it works pretty great. I also spent few hours trying to secure suPHP... also down.
 
DA webmail is throwing me error 500's.

When i set te uid and gid settings to 0 webmail works. Known problem? Any workarounds?
 
Yes.

Check inside /usr/local/suphp/etc/suphp.conf :

; Minimum UID
min_uid=100

; Minimum GID
min_gid=100
Click to expand...

and change it to :

; Minimum UID
min_uid=0

; Minimum GID
min_gid=0
Click to expand...

or

# cd /var/www/html
# chown -R apache:apache webmail phpmyadmin etc...
 
I'll try the chowning, thx!
I assume i can set back te rest to 100? (0 now so webmail works)
 
Everything but suirrelmail working now when gowned and uid/gid to 100 :confused:
 
[Mon Aug 14 22:46:40 2006] [warn] UID of script "/var/www/html/squirrelmail/index.php" is smaller than min_uid
 
Maniak said:
More precise ?
Click to expand...
when setting uid/gid to 100 and chowning the folders squirrelmail still comes up with an 500 internal server error.
 
Certainly because your apache user/group has a <100 UID/GID.

You can check with

# more /etc/passwd | grep apache
 
Last edited:
On my box I just replace php4 (Apache Handler) with php4 (suPHP running script in CGI mode as script owner permission)

All working fine.
- User use default php.ini if php.ini not exist in their user folder.
- php could be on/off follow CP setting.

Step:
1. Start from Default DA setup stage.
2. compile php4 cgi
cp /usr/local/directadmin/customapache/php-4.4.2.tar.gz /usr/src
cd /usr/src
tar xzf php-4.4.2.tar.gz
cd php-4.4.2
cp /usr/local/directadmin/customapache/configure.php .
edit configure.php as follow
#!/bin/sh
./configure \
--with-curl \
--with-curl-dir=/usr/local/lib \
--with-gd \
--with-gd-dir=/usr/local \
--with-gettext \
--with-jpeg-dir=/usr/local/lib \
--with-kerberos \
--with-mcrypt \
--with-mhash \
--with-mysql=/usr/local/mysql \
--with-pear \
--with-png-dir=/usr/local/lib \
--with-xml \
--with-zlib \
--with-zlib-dir=/usr/local/lib \
--with-zip \
--with-openssl \
--with-fastcgi=/usr/local \
--disable-cli \
--enable-fastcgi \
--enable-force-cgi-redirect \
--enable-bcmath \
--enable-calendar \
--enable-ftp \
--enable-magic-quotes \
--enable-sockets \
--enable-track-vars \
--enable-mbstring \
--enable-memory-limit

sh configure.php
make
cp sapi/cgi/php /usr/local/bin/php-fcgi

3. compile suphp (I use suphp 0.5.2)
tar xzf suphp-0.5.2.tar.gz
cd suphp-0.5.2
edit configure.suphp as follow
./configure --prefix=/usr \
--exec-prefix=/usr \
--with-php=/usr/local/bin/php-fcgi \
--disable-checkpath \
--with-apxs=/usr/sbin/apxs \
--with-min-uid=1000 \
--with-min-gid=1000 \
--with-apache-user=apache \
--with-logfile=/var/log/suphp/suphp.log

sh configure.suphp
make && make install
mkdir /var/log/suphp
touch /var/log/suphp/suphp.log

4. modify httpd.conf
<IfModule mod_php4.c>
suPHP_Engine on
AddHandler x-httpd-php .php .php4 .php3 .phtml

AddType application/x-httpd-php .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps
</IfModule>
#note: LoadModule and AddModule already added by make install

5. modify custom/virtual*
edit /usr/local/directadmin/data/templates/custom/
virtual* like this

suPHP_Engine |PHP|
suPHP_ConfigPath /usr/local/directadmin/data/users/|USER|/
User |USER|
Group |GROUP|
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

<Directory |DOCROOT|>
Options +Includes -Indexes
php_admin_flag engine |PHP|
php_admin_flag safe_mode |SAFE_MODE|
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
</Directory>

6. edit your default php.ini for use as default for all users
add open_basedir = /home/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/
because openbasedir in httpd.conf will not effected

7. create php.ini template
mkdir -f /usr/local/lib/php/ini/rule1
mkdir -f /usr/local/lib/php/ini/rule2
mkdir -f /usr/local/lib/php/ini/rule...
cp /usr/local/lib/php/php.ini /usr/local/lib/php/ini/rule1/php.ini
cp /usr/local/lib/php/php.ini /usr/local/lib/php/ini/rule2/php.ini
cp /usr/local/lib/php/php.ini /usr/local/lib/php/ini/rule.../php.ini

slicely edit each rule as you need eg. rule1 register_global=on, rule2 disable_function=....., rule2 safe_mode=on ...

8. custom php.ini per user
cd /usr/local/directadmin/data/users/username
ln -s /usr/local/lib/php/ini/rule1/php.ini php.ini

if php.ini not found in user dir then default php.ini will be used.


Enjoy.
 
kke said:
On my box I just replace php4 (Apache Handler) with php4 (suPHP running script in CGI mode as script owner permission)

All working fine.
- User use default php.ini if php.ini not exist in their user folder.
- php could be on/off follow CP setting.

Step:
1. Start from Default DA setup stage.
2. compile php4 cgi
cp /usr/local/directadmin/customapache/php-4.4.2.tar.gz /usr/src
cd /usr/src
tar xzf php-4.4.2.tar.gz
cd php-4.4.2
cp /usr/local/directadmin/customapache/configure.php .
edit configure.php as follow
#!/bin/sh
./configure \
--with-curl \
--with-curl-dir=/usr/local/lib \
--with-gd \
--with-gd-dir=/usr/local \
--with-gettext \
--with-jpeg-dir=/usr/local/lib \
--with-kerberos \
--with-mcrypt \
--with-mhash \
--with-mysql=/usr/local/mysql \
--with-pear \
--with-png-dir=/usr/local/lib \
--with-xml \
--with-zlib \
--with-zlib-dir=/usr/local/lib \
--with-zip \
--with-openssl \
--with-fastcgi=/usr/local \
--disable-cli \
--enable-fastcgi \
--enable-force-cgi-redirect \
--enable-bcmath \
--enable-calendar \
--enable-ftp \
--enable-magic-quotes \
--enable-sockets \
--enable-track-vars \
--enable-mbstring \
--enable-memory-limit

sh configure.php
make
cp sapi/cgi/php /usr/local/bin/php-fcgi

3. compile suphp (I use suphp 0.5.2)
tar xzf suphp-0.5.2.tar.gz
cd suphp-0.5.2
edit configure.suphp as follow
./configure --prefix=/usr \
--exec-prefix=/usr \
--with-php=/usr/local/bin/php-fcgi \
--disable-checkpath \
--with-apxs=/usr/sbin/apxs \
--with-min-uid=1000 \
--with-min-gid=1000 \
--with-apache-user=apache \
--with-logfile=/var/log/suphp/suphp.log

sh configure.suphp
make && make install
mkdir /var/log/suphp
touch /var/log/suphp/suphp.log

4. modify httpd.conf
<IfModule mod_php4.c>
suPHP_Engine on
AddHandler x-httpd-php .php .php4 .php3 .phtml

AddType application/x-httpd-php .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps
</IfModule>
#note: LoadModule and AddModule already added by make install

5. modify custom/virtual*
edit /usr/local/directadmin/data/templates/custom/
virtual* like this

suPHP_Engine |PHP|
suPHP_ConfigPath /usr/local/directadmin/data/users/|USER|/
User |USER|
Group |GROUP|
CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

<Directory |DOCROOT|>
Options +Includes -Indexes
php_admin_flag engine |PHP|
php_admin_flag safe_mode |SAFE_MODE|
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
</Directory>

6. edit your default php.ini for use as default for all users
add open_basedir = /home/:/tmp/:/var/www/:/usr/local/lib/php/:/etc/virtual/
because openbasedir in httpd.conf will not effected

7. create php.ini template
mkdir -f /usr/local/lib/php/ini/rule1
mkdir -f /usr/local/lib/php/ini/rule2
mkdir -f /usr/local/lib/php/ini/rule...
cp /usr/local/lib/php/php.ini /usr/local/lib/php/ini/rule1/php.ini
cp /usr/local/lib/php/php.ini /usr/local/lib/php/ini/rule2/php.ini
cp /usr/local/lib/php/php.ini /usr/local/lib/php/ini/rule.../php.ini

slicely edit each rule as you need eg. rule1 register_global=on, rule2 disable_function=....., rule2 safe_mode=on ...

8. custom php.ini per user
cd /usr/local/directadmin/data/users/username
ln -s /usr/local/lib/php/ini/rule1/php.ini php.ini

if php.ini not found in user dir then default php.ini will be used.


Enjoy.
Click to expand...

Hi,

The goal of this howto is to run Apache + suPHP + PHP4 + PHP5.

You gave a solution that allow to run only PHP4, there is nothing in common with the original thread.

Enjoy :D
 
And is there any tutorial for people that do not want suPHP?
Or suPHP is a must if I want php4 and php5 work together?
Thank you in advnace for your responses...
 
eSiK said:
And is there any tutorial for people that do not want suPHP?
Or suPHP is a must if I want php4 and php5 work together?
Thank you in advnace for your responses...
Click to expand...

1° - As you can read this way is only with suPHP.

2° - You can handle one of the version WITH suPHP and the other without as someone did here upper...

3° - You cannot as far as I know to handle both version WITHOUT suPHP. You can find more information about how to do with but with two instances of apache running.

Check this for further information.
 
I'll have to allow all the writeable stuff(set it to true). And set GID/UID to 0 to get everything smooth.

IF GID/UID to 100, squirrelmail wont work.
Writeable to false in the suphp conf file results in error500 pages when people are trying to install scripts.

EDIT: There also seems to be a problem with setting certain php settings like register_globals in .htaccess
 
Last edited:
You must log in or register to reply here.
Back
Top