- Joined
- Feb 27, 2003
- Messages
- 8,500
Hello,
We'll be releasing some changes shortly, but due to their significance, some testing would be a good idea.
If you can confirm things still work, or they break, that would be appreciated.
The changes basically alter 3 settings for scripts that run in /var/www/html, we call them the webapps.
The 3 changes are:
Discussion welcome on the presence of the disable_functions... as we could omit them, which would fall-back to the main php.ini disable_functions.
Reasons for adding: I've seen some systems without any disable_functions, or some with too many, so locking down /var/www/html with a consistent set makes things a bit easier.
In any case, the changes to CB 2.0 basically create 50-webapps.ini in a path specific to your system, some examples:
The main requirement for the changes is the session.save_path for security reasons, which I'll not get into quite yet.
For anyone who is able to help test this, that would be greatly appreciated.
It assumes you're already using CustomBuild 2.0.
To give it a try:
which should create the mentioned 50-webapps.ini, as well as the path new /var/www/tmp path:
but might be chgrp to apache if you're running mod_php and not mod_ruid2 (which isn't recommended, but some people do it).
If it worked, the phpinfo() output should have something like these options:
[TABLE="width: 600"]
[TR]
[TD="class: e, bgcolor: #CCCCFF"]Additional .ini files parsed[/TD]
[TD="class: v, bgcolor: #CCCCCC"]/usr/local/lib/php.conf.d/10-directadmin.ini, /usr/local/lib/php.conf.d/50-webapps.ini[/TD]
[/TR]
[/TABLE]
[TABLE="width: 600"]
[TR]
[TD="class: e, bgcolor: #CCCCFF"]session.save_path[/TD]
[TD="class: v, bgcolor: #CCCCCC"]/var/www/tmp[/TD]
[TD="class: v, bgcolor: #CCCCCC"]no value[/TD]
[/TR]
[/TABLE]
for any phpinfo() call make under /var/www/html.
For phpinfo() calls made from a /home/.../public_html, the 50-webapps.ini will still be there, but the session.save_path should be /tmp or "no value".
-----
There are similar changes coming for 1.2, but they use a different method, and we'll first get CB2.0 going to ensure the concept is correct.
John
We'll be releasing some changes shortly, but due to their significance, some testing would be a good idea.
If you can confirm things still work, or they break, that would be appreciated.
The changes basically alter 3 settings for scripts that run in /var/www/html, we call them the webapps.
The 3 changes are:
Code:
[PATH=/var/www/html]
session.save_path=/var/www/tmp
upload_tmp_dir=/var/www/tmp
disable_functions=exec,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Discussion welcome on the presence of the disable_functions... as we could omit them, which would fall-back to the main php.ini disable_functions.
Reasons for adding: I've seen some systems without any disable_functions, or some with too many, so locking down /var/www/html with a consistent set makes things a bit easier.
In any case, the changes to CB 2.0 basically create 50-webapps.ini in a path specific to your system, some examples:
Code:
/usr/local/php55/lib/php.conf.d/50-webapps.ini
/usr/local/php53/lib/php.conf.d/50-webapps.ini
/usr/local/lib/php.conf.d/50-webapps.ini
For anyone who is able to help test this, that would be greatly appreciated.
It assumes you're already using CustomBuild 2.0.
To give it a try:
Code:
cd /usr/local/directadmin/custombuild
./build update
wget -O build http://files1.directadmin.com/services/custombuild/2.0/custombuild/build
./build rewrite_confs
Code:
drwxrwx--- 2 webapps webapps 4096 Dec 14 01:45 /var/www/tmp
If it worked, the phpinfo() output should have something like these options:
[TABLE="width: 600"]
[TR]
[TD="class: e, bgcolor: #CCCCFF"]Additional .ini files parsed[/TD]
[TD="class: v, bgcolor: #CCCCCC"]/usr/local/lib/php.conf.d/10-directadmin.ini, /usr/local/lib/php.conf.d/50-webapps.ini[/TD]
[/TR]
[/TABLE]
[TABLE="width: 600"]
[TR]
[TD="class: e, bgcolor: #CCCCFF"]session.save_path[/TD]
[TD="class: v, bgcolor: #CCCCCC"]/var/www/tmp[/TD]
[TD="class: v, bgcolor: #CCCCCC"]no value[/TD]
[/TR]
[/TABLE]
for any phpinfo() call make under /var/www/html.
For phpinfo() calls made from a /home/.../public_html, the 50-webapps.ini will still be there, but the session.save_path should be /tmp or "no value".
-----
There are similar changes coming for 1.2, but they use a different method, and we'll first get CB2.0 going to ensure the concept is correct.
John