file rights wp-config changed

[Djunity]

Hi all,

For the past copple of month we have a issue on one of or servers its the newest one we have got running.
It runs apache 2.4x php 5.4x latest release direct admin and mod_ruid2 and config server firewall.

One multiple diffrent accounts cq website the wp-config.php file file rights got changed we know for a fact it had a minimum of 644 but some how it got changed to 600 so the website got offline becouse of a fatal php error that the webserver could not find the wp-config.php file resulting in a white screen in the browser becouse of suppresed error messages in php.

Does any one have a clue on how this could happen is it config server firewall who scans and changes stuff ?? i dont think direct admin does anything like this or is it a bug in wordpress it zelf or apache or mod_ruid2.

I have been looking at this issue for the past 48 hours but im breaking my head and cant seem to figure it out.

 

[ditto]

Setting wp-config.php to be 600 is fine, I do that on my own sites. It should not break anything. Maybe there is installed a WordPress security plugin wich automatically change the file permissions on wp-config.php?

 

[Djunity]

Setting wp-config.php to be 600 is fine, I do that on my own sites. It should not break anything. Maybe there is installed a WordPress security plugin wich automatically change the file permissions on wp-config.php?

t

Apperantly its not enough at 600

PHP Fatal error: require_once(): Failed opening required '/home/user/domains/domain.com/public_html/wp-config.php' (include_path='.:/usr/local/lib/php') in /home/user/domains/domain.com/public_html/wp-load.php on line 29

 

[ditto]

Then there is something else wrong. I am running php 5.4.14 as mod_php with mod_ruid2 myself, and of course I don't have that problem. Because wp-config.php has your database username and password, it is good security practise to set down the file permission to 600 (or lower).

Are you sure the owner/group for the files is set to the user itself? Something is not right about your problem.

 

[Djunity]

I think i have found it and indeed its another issue, have an apointment right now so will continue later today and report then.

 

[Djunity]

And indeed i found the problem and the problem was of a diffrent kind of issue.

All virtual_host2* files in /usr/local/directadmin/data/templates contain the following lines

<IfModule !mod_ruid2.c>
SuexecUserGroup |USER| |GROUP|
</IfModule>
|*if HAVE_RUID2="1"|
<IfModule mod_ruid2.c>
RMode config
RUidGid |USER| |GROUP|
RGroups apache |SECURE_ACCESS_GROUP|
</IfModule>
|*endif|

So when ever all apache gets rewriten or a new domain is added it uses these files apperently the

|*if HAVE_RUID2="1"|[/QUOTE prevented the mod_ruid2 lines to be added to the apache confs so mod_ruid2 was not called when ever there was a web request.

Im not sure why it didn't work it was build true directadmin custom build maybe da support can respond to this issue.

After removing

|*if HAVE_RUID2="1"|

and rewriting off all apache host files it worked.

 

[ditto]

Please see this: http://forum.directadmin.com/showthread.php?t=37467&page=25&p=235715#post235715

Also it should be fixed in the next da version http://www.directadmin.com/features.php?id=1438

 

[Djunity]

I hope da add the mod_ruid2=yes to the options.conf by default if you select mod_ruid2 yes durring initial direct admin install