HOWTO: PHP 5 CLI to PHP 5 CGI + suPHP

circlesquare

Verified User
Joined
May 24, 2007
Messages
24
I recently decided to switch from using PHP CLI to CGI mode with suPHP. Here are the steps I followed to ensure everything was working. Let me know if you spot any flaws or know of a better way of doing this.

NOTE: I am continually updating this post. It is safe to assume that all posts which mention improvements/security fixes have been included where relevant if they were posted before the last time this post was edited. (See bottom of this post for timestamp)


Ok, lets get started..

suPHP doesn't allow the use of php_flag and php_value in .htaccess files, so find users with these setup and deal with them (or their sites will throw a 500 error)
Code:
find /home/*/domains/*/public_html -name ".htaccess" | xargs grep "php_"
Once you have dealt with those sites, suPHP should be good to go..

Edit the custombuild options file to use PHP in CGI mode
Code:
cd /usr/local/directadmin/custombuild
./build update
./build clean
nano options.conf
and change
Code:
php5_cli=yes
php5_cgi=no
to
Code:
php5_cli=no
php5_cgi=yes
If you need a custom config of PHP or suPHP then you can find which config files to change using:
Code:
./build used_configs
Now we can build PHP
Code:
./build php
Ensure the new php.ini is correct.. the old one was located at /usr/local/lib/php.ini
Code:
nano /usr/local/etc/php5/cgi/php.ini
It might be worth using custombuild to secure php some more. Using secure_php disables register_globals and adds some potentially vulnerable functions to the disable_functions list in the main php.ini file. These can be overridden on an individual basis per user if need be in their individual php.ini files
Code:
./build secure_php
We need to reset ownership of files as suPHP won't allow access to ones owned by apache (they way the CLI version of PHP works)
Code:
ls -l /home | grep '^d' | awk '{system("chown -R " $3 ":" $4 " /home/" $9 "/domains")}'
Sessions will also have wrong ownership or now be corrupt so remove those
Code:
rm -f /tmp/sess_*
Sites which have files or directories with global write access will also cause suPHP to throw an error, therefore change all files to 644 and directories to 755
Code:
find /home/*/domains/*/public_html -type f -exec chmod 0644 {} \; -print
find /home/*/domains/*/private_html -type f -exec chmod 0644 {} \; -print
find /home/*/domains/*/public_html -type d -exec chmod 0755 {} \; -print
find /home/*/domains/*/private_html -type d -exec chmod 0755 {} \; -print
perl and cgi scripts need execute permissions though
Code:
find /home/*/domains/*/public_html -name "*.pl" -exec chmod 0744 {} \; -print
find /home/*/domains/*/private_html -name "*.pl" -exec chmod 0744 {} \; -print
find /home/*/domains/*/public_html -name "*.cgi" -exec chmod 0744 {} \; -print
find /home/*/domains/*/private_html -name "*.cgi" -exec chmod 0744 {} \; -print
Make sure webmail and phpMyAdmin work by resetting their ownership and permissions also
Code:
chown -R webapps:webapps /var/www/html
find /var/www/html -type f -exec chmod 0644 {} \; -print
find /var/www/html -type d -exec chmod 0755 {} \; -print
find /var/www/html -name "*.pl" -exec chmod 0744 {} \; -print
find /var/www/html -name "*.cgi" -exec chmod 0744 {} \; -print
Now lets enable open_basedir per user, and create user's own tmp directories to make the server more secure. (I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain)

automate creation of per user php.ini for new users (make sure the chown refers to your DirectAdmin user)
Code:
touch /usr/local/directadmin/scripts/custom/user_create_post.sh
chmod 755 /usr/local/directadmin/scripts/custom/user_create_post.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_create_post.sh
nano /usr/local/directadmin/scripts/custom/user_create_post.sh
use the following shell script:
Code:
#!/bin/sh

mkdir /usr/local/directadmin/data/users/$username/php/
chown $username:$username /usr/local/directadmin/data/users/$username/php/
touch /usr/local/directadmin/data/users/$username/php/php.ini
echo "open_basedir = /home/$username/:/tmp/" >> /usr/local/directadmin/data/users/$username/php/php.ini
chown root:root /usr/local/directadmin/data/users/$username/php/php.ini
chattr +i /usr/local/directadmin/data/users/$username/php/

exit 0;
note that in the above script you may need to alter the open_basedir setting to add allowed paths (e.g. PHP's pear modules /usr/local/php5/lib/php) depending on your server setup

in order to remove the user completely we need to release the chattr +i on the php.ini config directory first (make sure the chown refers to your DirectAdmin user)
Code:
touch /usr/local/directadmin/scripts/custom/user_destroy_pre.sh 
chmod 755 /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
chown diradmin:diradmin /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
nano /usr/local/directadmin/scripts/custom/user_destroy_pre.sh
use the following shell script:
Code:
#!/bin/sh

chattr -i /usr/local/directadmin/data/users/$username/php/

exit 0;
create php.ini files for current users
Code:
ls -l /home | grep '^d' | awk '{system("username="$3" /usr/local/directadmin/scripts/custom/user_create_post.sh")}'
copy VirtualHost templates to custom directory so they are not overwritten when DirectAdmin updates
Code:
cp /usr/local/directadmin/data/templates/virtual_host2* /usr/local/directadmin/data/templates/custom/
change VirtualHost containers to look for php.ini override
Code:
nano /usr/local/directadmin/data/templates/custom/virtual_host2.conf
nano /usr/local/directadmin/data/templates/custom/virtual_host2_sub.conf
nano /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf
nano /usr/local/directadmin/data/templates/custom/virtual_host2_secure_sub.conf
add this after the ErrorLog
Code:
|*if SUPHP="1"|
        SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/php/
|*endif|
rewrite httpd configs for current users
Code:
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
To make sure webmail and phpMyAdmin work, set open_basedir in the global php.ini which will apply to webapps.
Code:
nano /usr/local/etc/php5/cgi/php.ini
find the open_basedir line and change to:
Code:
open_basedir = /var/www/html/:/tmp/
Then change the httpd.conf file to make sure the php.ini file isn't overridden by user's specific php.ini files:
Code:
nano /etc/httpd/conf/httpd.conf
find the <IfModule mod_suphp.c> section within the <Directory "/var/www/html"> block and change to:
Code:
   <IfModule mod_suphp.c>
        suPHP_Engine On
        suPHP_UserGroup webapps webapps
        SetEnv PHP_INI_SCAN_DIR
   </IfModule>
That should be the lot, make sure Apache is restarted.
Code:
service httpd restart
Hopefully everything is working!

Notes
-----

If a customer wants to use cronjobs they need to add the php.ini in the cron command:
Code:
/usr/local/bin/php -c /usr/local/directadmin/data/users/accountname/php/php.ini /home/accountname/domains/domainname/public_html/filetocron.php
------------------------------------------------------------
Thanks to smtalk for some troubleshooting at http://www.directadmin.com/forum/showthread.php?t=19221
Thanks to getUP for securing the php.ini file
Thanks to Dennis for the suggestion of running ./build secure_php and cron job heads up
Thanks to scooby2 for suggesting extra openbase_dir paths e.g. php's pear modules
Thanks to jlasman for spotting a typo
 
Last edited:

paix

Verified User
Joined
Oct 31, 2006
Messages
55
Location
ua
Hi,

how are you going do php.ini per user ?

Also, please keep in mind that php-cgi much slower than mod_php.
Next, you should define openbasedir php setting, otherwise users will be able to browse your server (about comparatively their unix permissions).
Opcode cachers (something like eaccelerator, xcache, apc) can't work in this mode too.

If you completely switch to php-cgi (suphp) you should comment out "loadmodule ... php5_module" in your httpd.conf (for reduce memory usage per httpd child)
 

circlesquare

Verified User
Joined
May 24, 2007
Messages
24
Thanks for the comments paix,

how are you going do php.ini per user ?

Also, please keep in mind that php-cgi much slower than mod_php.
Next, you should define openbasedir php setting, otherwise users will be able to browse your server (about comparatively their unix permissions).
http://help.directadmin.com/item.php?id=183

Opcode cachers (something like eaccelerator, xcache, apc) can't work in this mode too.
Thanks for the heads up on this one, although I happy to live with it as it's only a shared server.

If you completely switch to php-cgi (suphp) you should comment out "loadmodule ... php5_module" in your httpd.conf (for reduce memory usage per httpd child)
I believe DirectAdmin does this automatically, but it's worth double checking
 

circlesquare

Verified User
Joined
May 24, 2007
Messages
24
Ok, I found that http://help.directadmin.com/item.php?id=183 was not really what I wanted to do as it meant using a whole php.ini file per user instead of just changes to the global php.ini. Here's what I have done to enable open_basedir per user which allows override of php.ini values:

automate creation of php.ini for new users
Code:
touch /usr/local/directadmin/scripts/custom/user_create_post.sh
chmod 755 /usr/local/directadmin/scripts/custom/user_create_post.sh
nano /usr/local/directadmin/scripts/custom/user_create_post.sh
use the following shell script:
Code:
#!/bin/sh

touch /home/$username/php.ini
echo "open_basedir = /home/$username/:/tmp/" >> /home/$username/php.ini
chown root:root /home/$username/php.ini

exit 0;
create php.ini files for current users
Code:
ls -l /home | grep '^d' | awk '{system("username="$3" /usr/local/directadmin/scripts/custom/user_create_post.sh")}'
change VirtualHost containers to look for php.ini override
Code:
nano /usr/local/directadmin/data/templates/virtual_host2.conf
nano /usr/local/directadmin/data/templates/virtual_host2_sub.conf
nano /usr/local/directadmin/data/templates/virtual_host2_secure.conf
nano /usr/local/directadmin/data/templates/virtual_host2_secure_sub.conf
add this after the ErrorLog
Code:
|*if SUPHP="1"|
        SetEnv PHP_INI_SCAN_DIR /home/|USER|/
|*endif|
rewrite httpd configs for current users
Code:
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain.
 
Last edited:

paix

Verified User
Joined
Oct 31, 2006
Messages
55
Location
ua
Ok, I found that http://help.directadmin.com/item.php?id=183 was not really what I wanted to do as it meant using a whole php.ini file per user instead of just changes to the global php.ini. Here's what I have done to enable open_basedir per user which allows override of php.ini values:

Code:
|*if SUPHP="1"|
        SetEnv PHP_INI_SCAN_DIR /home/|USER|/
|*endif|
I realize that I have done this on a per user basis rather than per domain, it should be straight forward to change if you do want it per domain.

Ok, fine. This right direction.
But I suggest you locate users php.ini in place unavailable for users. For example:
Code:
|
        SetEnv PHP_INI_SCAN_DIR /usr/local/directadmin/data/users/|USER|/
otherwise users can be able modify php.ini setting such as open_basedir, disabled_functions, etc...

I've not tested this with suphp, but this schema works fine for me with mod_fastcgi, so it should work with suphp too.

PS. another way is setting chflags\chattr on your users php.ini files, but I think this way is more difficult for maintaince.
 

circlesquare

Verified User
Joined
May 24, 2007
Messages
24
otherwise users can be able modify php.ini setting such as open_basedir, disabled_functions, etc...
It should be ok as the shell script makes root the owner of the php.ini, therefore the user can read the file, but not change it.

use the following shell script:
Code:
#!/bin/sh

touch /home/$username/php.ini
echo "open_basedir = /home/$username/:/tmp/" >> /home/$username/php.ini
chown root:root /home/$username/php.ini

exit 0;
 

paix

Verified User
Joined
Oct 31, 2006
Messages
55
Location
ua
It should be ok as the shell script makes root the owner of the php.ini, therefore the user can read the file, but not change it.
Ok, good. Looks like I read your code settings inattentive, sorry.

Also if you going to do some benchmarks of using suphp it would enough interesting to see them.
 

Yolte

Verified User
Joined
Oct 10, 2006
Messages
36
Hello,

We have about 20 servers and using php cli on them.

But sometimes we have security problems on php cli.

We are investigate on upgrading to php cgi.

But we have some questions.

What is the differences between php cli vs php cgi?

I think php cli faster then php cli. But php cgi more secure then php cli.

I was read about "suPHP doesn't allow the use of php_flag and php_value" and something like that above this link;

http://www.php-cli.com/php-cli-cgi.shtml
 

xmats

Verified User
Joined
Dec 24, 2005
Messages
11
I've followed this guide, but php -v still says I'm running the CLI-version and all http processes still run as apache.

PHP 5.2.8 (cli) (built: Feb 16 2009 14:27:52)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

What to do?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,754
Location
LT, EU
Try:
Code:
/usr/local/php5/bin/php-cgi -v
Instead of just php -v.
 

xmats

Verified User
Joined
Dec 24, 2005
Messages
11
Returns:

PHP 5.2.8 (cgi-fcgi) (built: Feb 16 2009 14:27:24)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

But why am I still seeing httpd processes owned by apache and not the local user?
 

circlesquare

Verified User
Joined
May 24, 2007
Messages
24
I was read about "suPHP doesn't allow the use of php_flag and php_value" and something like that above this link;
Correct, you can't use .htaccess files to specify PHP config options using suPHP. The howto explains how to create custom php.ini files for each user. If they want custom PHP config, you can specify it in their php.ini file (/home/user/php.ini)
The reason why you must not give the user's themselves access to change this file is because they can then change the open_basedir restriction.

But why am I still seeing httpd processes owned by apache and not the local user?
Only PHP runs as the local user.. apache doesn't need to as it's not processing the code, it just creates a PHP process as the local user to execute it.
If you run top, you'll see a php-cgi processes running as the local user popping up when this happens.
 

divdesign

Verified User
Joined
Mar 10, 2009
Messages
5
No input file specified

Hi,

I have done the above steps but now all my website are giving the following error: No input file specified does anyone have a solution for this problem ?

thanks.
 

tolisgr

Verified User
Joined
Jan 28, 2009
Messages
22
Hi,

I have done the above steps but now all my website are giving the following error: No input file specified does anyone have a solution for this problem ?

thanks.
I had the same problem. You have not entered correctly the open_basedir. You have to set for each user their correct open_basedir or do not set it at all. You'll find instructions above on how to set a php.ini file for each user with only the open_basedir statement in it
 

WHI

Verified User
Joined
Sep 25, 2008
Messages
59
Hello,

can anybody show me a custom php.ini? I wonder how is it look like. Do I have to add any special code to it?

Thanks a lot.
 

remikk

Verified User
Joined
Apr 30, 2008
Messages
153
Location
Poland
Sites with files or directories with global write access will also cause suPHP to throw an error, therefore change all files to 644 and directories to 755

Code:
find /home/*/domains/*/public_html -type f -exec chmod 0644 {} \; -print
find /home/*/domains/*/private_html -type f -exec chmod 0644 {} \; -print
find /home/*/domains/*/public_html -type d -exec chmod 0755 {} \; -print
find /home/*/domains/*/private_html -type d -exec chmod 0755 {} \; -print
Then some scripts like Joomla and Silverstripe stop work. I can't modify all folders in my clients. Or maybe I don't understand something.
 

Maniak

Verified User
Joined
Aug 25, 2004
Messages
220
Location
Switzerland
I did pretty much the same as you with some differences. I really wanted to have one php.ini file per user per version of PHP.

I have done a php.ini for php4 and one for php5 (/usr/local/directadmin/data/templates/php4.ini and /usr/local/directadmin/data/templates/php5.ini) as follow :

PHP:
engine = On
short_open_tag = On
asp_tags = Off
precision =  12
y2k_compliance = On
output_buffering = 4096
;output_handler =
;zlib.output_compression = Off
;zlib.output_handler =
implicit_flush = Off
unserialize_callback_func=
serialize_precision = 100
allow_call_time_pass_reference = On
memory_limit = 20M

safe_mode = Off
safe_mode_gid = Off
safe_mode_include_dir =						
safe_mode_exec_dir =

safe_mode_allowed_env_vars = PHP_
safe_mode_protected_env_vars = LD_LIBRARY_PATH
open_basedir = "/home/%USERNAME%/:/usr/local/php4/lib/php/:/var/www/html:/usr/local/directadmin/data/skins/:/tmp"
disable_functions = "phpinfo, system, exec, passthru, proc_open, shell_exec, popen, setlimit, mysql_pconnect"
disable_classes =

;highlight.string  = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.bg      = #FFFFFF
;highlight.default = #0000BB
;highlight.html    = #000000

expose_php = Off

error_reporting  =  E_ALL & ~E_NOTICE
display_errors = On
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = On
ignore_repeated_source = Off
report_memleaks = On
track_errors = Off
html_errors = Off
;docref_root = "/phpmanual"
;docref_ext = .html
;error_prepend_string = "<font color=ff0000>"
;error_append_string = "</font>"
;error_log = /home/%USERNAME%/tmp/error_log

;arg_separator.output = "&"
;arg_separator.input = ";&"
variables_order = "GPCS"

register_globals = On
register_argc_argv = On
post_max_size = 32M
gpc_order = "GPC"

magic_quotes_gpc = On
magic_quotes_runtime = Off    
magic_quotes_sybase = Off
auto_prepend_file =
auto_append_file =

default_mimetype = "text/html"
;default_charset = "iso-8859-1"
;always_populate_raw_post_data = On

include_path = ".:/usr/local/php4/lib/php/"

doc_root =
user_dir =
extension_dir = "./"
enable_dl = Off

;cgi.rfc2616_headers = 0 

file_uploads = On
upload_tmp_dir = "/home/%USERNAME%/tmp"
upload_max_filesize = 24M

allow_url_fopen = Off
from="%USERNAME%@%DOMAIN%"
agent="PHP at %DOMAIN%"
default_socket_timeout = 60

[Syslog]
define_syslog_variables  = Off

[mail function]
SMTP = localhost
smtp_port = 25
sendmail_path = /usr/sbin/sendmail -t -i -f %USERNAME%@%DOMAIN%

[Java]
;java.class.path = .\php_java.jar
;java.home = c:\jdk
;java.library = c:\jdk\jre\bin\hotspot\jvm.dll 
;java.library.path = .\

[SQL]
sql.safe_mode = Off

[ODBC]
;odbc.default_db    =  Not yet implemented
;odbc.default_user  =  Not yet implemented
;odbc.default_pw    =  Not yet implemented
odbc.allow_persistent = Off
odbc.check_persistent = On
odbc.max_persistent = 0
odbc.max_links = 3  
odbc.defaultlrl = 4096  
odbc.defaultbinmode = 1  

[MySQL]
mysql.allow_persistent = Off
mysql.max_persistent = 0
mysql.max_links = 4
mysql.default_port = 3306
mysql.default_socket = /var/lib/mysql/mysql.sock
mysql.default_host = localhost
mysql.default_user =
mysql.default_password =
mysql.connect_timeout = 30
mysql.trace_mode = Off

[mSQL]
msql.allow_persistent = Off
msql.max_persistent = 0
msql.max_links = 4

[PostgresSQL]
pgsql.allow_persistent = Off
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = 0
pgsql.max_links = 4
pgsql.ignore_notice = 0
pgsql.log_notice = 0

[Sybase]
sybase.allow_persistent = Off
sybase.max_persistent = 0
sybase.max_links = 4
;sybase.interface_file = "/usr/sybase/interfaces"
sybase.min_error_severity = 10
sybase.min_message_severity = 10
sybase.compatability_mode = Off

[Sybase-CT]
sybct.allow_persistent = Off
sybct.max_persistent = 0
sybct.max_links = 4
sybct.min_server_severity = 10
sybct.min_client_severity = 10

[dbx]
dbx.colnames_case = "lowercase"

[bcmath]
bcmath.scale = 0

[browscap]
;browscap = extra/browscap.ini

[Informix]
ifx.default_host =
ifx.default_user =
ifx.default_password =
ifx.allow_persistent = Off
ifx.max_persistent = 0
ifx.max_links = 4
ifx.textasvarchar = 0
ifx.byteasvarchar = 0
ifx.charasvarchar = 0
ifx.blobinfile = 0
ifx.nullformat = 0

[Session]
session.save_handler = files
session.save_path = /home/%USERNAME%/tmp/sessions
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 16
session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

[MSSQL]
mssql.allow_persistent = Off
mssql.max_persistent = 0
mssql.max_links = 4
mssql.min_error_severity = 10
mssql.min_message_severity = 10
mssql.compatability_mode = Off
;mssql.connect_timeout = 5
;mssql.timeout = 60
;mssql.textlimit = 4096
;mssql.textsize = 4096
;mssql.batchsize = 0
;mssql.datetimeconvert = On
mssql.secure_connection = Off
;mssql.max_procs = 25

[Assertion]
;assert.active = On
;assert.warning = On
;assert.bail = Off
;assert.callback = 0
;assert.quiet_eval = 0

[Ingres II]
ingres.allow_persistent = Off
ingres.max_persistent = 0
ingres.max_links = 4
ingres.default_database =
ingres.default_user =
ingres.default_password =

[Verisign Payflow Pro]
pfpro.defaulthost = "test-payflow.verisign.com"
pfpro.defaultport = 443
pfpro.defaulttimeout = 30
;pfpro.proxyaddress =
;pfpro.proxyport =
;pfpro.proxylogon =
;pfpro.proxypassword =

[Sockets]
sockets.use_system_read = On

[com]
;com.typelib_file = 
;com.allow_dcom = true
;com.autoregister_typelib = true
;com.autoregister_casesensitive = false
;com.autoregister_verbose = true

[Printer]
;printer.default_printer = ""

[mbstring]
;mbstring.language = Japanese
;mbstring.internal_encoding = EUC-JP
;mbstring.http_input = auto
;mbstring.http_output = SJIS
;mbstring.encoding_translation = Off
;mbstring.detect_order = auto
;mbstring.substitute_character = none;
;mbstring.func_overload = 0

[FrontBase]
;fbsql.allow_persistent = Off
;fbsql.autocommit = On
;fbsql.default_database = 
;fbsql.default_database_password =
;fbsql.default_host =
;fbsql.default_password =
;fbsql.default_user = "_SYSTEM"
;fbsql.generate_warnings = Off
;fbsql.max_connections = 128
;fbsql.max_links = 3
;fbsql.max_persistent = 0
;fbsql.max_results = 128
;fbsql.batchSize = 1000

[Crack]

[exif]
;exif.encode_unicode = ISO-8859-15
;exif.decode_unicode_motorola = UCS-2BE
;exif.decode_unicode_intel    = UCS-2LE
;exif.encode_jis = 
;exif.decode_jis_motorola = JIS
;exif.decode_jis_intel    = JIS
[/quote]

I have also added the following lines in /usr/local/directadmin/scripts/custom/user_create_post.sh

[quote]
#!/bin/sh

mkdir -p /usr/local/directadmin/data/users/$username/{config/php4,config/php5} ;
chown -R root:root /home/$username/{config/php4,config/php5,tmp/sessions} ;
sed "s/%USERNAME%/$username/g" < /usr/local/directadmin/data/templates/php4.ini | sed "s/%DOMAIN%/$domain/g" > /usr/local/directadmin/data/users/$username/config/php4/php.ini ;
sed "s/%USERNAME%/$username/g" < /usr/local/directadmin/data/templates/php5.ini | sed "s/%DOMAIN%/$domain/g" > /usr/local/directadmin/data/users/$username/con
fig/php5/php.ini ;

chown -R root:root /usr/local/directadmin/data/users/$username/php4/php.ini ;
chown -R root:root /usr/local/directadmin/data/users/$username/php5/php.ini ;

chmod 755 /usr/local/directadmin/data/users/$username/config/php4 ;
chmod 755 /usr/local/directadmin/data/users/$username/config/php5 ;

exit 0;
[/quote]

and thus, all users start with the same php.ini but if you need to change 1 setting for 1 user, it's 100x easier.

and finally virtualhost looks like

[quote]
|?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|
<VirtualHost |IP|:80>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
        ServerName www.|DOMAIN|
        ServerAlias www.|DOMAIN| |DOMAIN| |SERVER_ALIASES|
        ServerAdmin |ADMIN|
        DocumentRoot |DOCROOT|
        |CGI|

        |USECANONICALNAME|

        User |USER|
        Group |GROUP|

        # This part is home-made and is for security
        # one php.ini per user secure the user/server

        <Files *.php>
                SetEnv PHPRC |HOME|/config/php4
        </Files>

        <Files *.php5>
                SetEnv PHPRC |HOME|/config/php5
        </Files>

        CustomLog /var/log/httpd/domains/|DOMAIN|.bytes bytes
        CustomLog /var/log/httpd/domains/|DOMAIN|.log combined
        ErrorLog /var/log/httpd/domains/|DOMAIN|.error.log

        <Directory |DOCROOT|>
                Options +Includes -Indexes
        </Directory>
|HANDLERS|
|MIMETYPES|

</VirtualHost>
[/quote]
 

fmen

Verified User
Joined
Mar 14, 2009
Messages
26
I have tried to install php cgi but the first problem is that when I do exec("uptime") I get an error because I have to fll in a full path to uptime. So exec function has been solved.

Now another problem: Every file upload gives a error, no matter the file size:
Array ( [name] => Creek.jpg [type] => image/jpeg [tmp_name] => /home/henk/tmp/phpqdBN5y [error] => 0 [size] => 264409 )

tmp_name is the problem. What could be the problem?
 

circlesquare

Verified User
Joined
May 24, 2007
Messages
24
Then some scripts like Joomla and Silverstripe stop work. I can't modify all folders in my clients. Or maybe I don't understand something.
They should still work as you will be running suPHP, so the PHP will be running as the same user which owns the files.. therefore there is no need for global read/write.
 
Top