phpMyAdmin 4.3.0

This new version shows an error, probably due to BFM patch:

Warning in ./libraries/logging.lib.php#50
fopen(/var/www/html/phpMyAdmin//log/auth.log): failed to open stream: Permission denied

Backtrace

./libraries/logging.lib.php#50: fopen(
string '/var/www/html/phpMyAdmin//log/auth.log',
string 'a',
)
./libraries/logging.lib.php#78: log_to_file(
string 'root',
string 'ok',
)
./libraries/common.inc.php#998: PMA_logUser(string 'root')
./index.php#12: require_once(./libraries/common.inc.php)

(Tested w/ CustomBuild 2.0)
 
Last edited:
Hello,

which php and mod_ruid2 type is used?
Code:
./build options
If you can, also confirm the uid/gid that apache is using in the /var/www/html/phpMyAdmin path:
http://help.directadmin.com/item.php?id=532

CustomBuild should be creating the logs directory and setting the permissions, but I'm guessing it's probably a webapps <- vs -> apache write issue.
We should be able to sort it out with the above info.

John
 
Our setup:

Apache: 2.4.10
mod_ruid2: no
ModSecurity: no
htscanner: 1.0.1
Dovecot: 2.2.15
Dovecot configuration: no
AWstats: 7.3
Exim: 4.84
exim.conf update: no
BlockCracking: no
Easy Spam Fighter no
SpamAssassin: 3.4.0
ClamAV: no
MySQL: 5.6.22
MySQL backup: yes
MySQL backup directory: /usr/local/directadmin/custombuild/mysql_backups
PHP (default): 5.5 as fastcgi
phpMyAdmin: 4.3.0-all-languages
ProFTPD: 1.3.5
Pure-FTPd: no
RoundCube webmail: no
Replace "php.ini" with './build all' and './build php_ini': no
Auto updates/notifications: no
Run "clean" every time: yes
Run "clean_old_webapps" every time: yes
Run "clean_old_tarballs" every time: yes
Show texts in bold: yes
SquirrelMail: no
Zend Guard Loader: yes
ionCube loader: 4.7.2
Suhosin: no

--

User ID (system('/usr/bin/id')):
uid=502(uhbr) gid=504(uhbr) groups=504(uhbr)

--

User and group from /var/www/html/phpMyAdmin-4.3.0-all-languages/ and all subfolders:
webapps
 
unihostbrasil, please check if the following solves your problem:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build apache

Please post the output of "User ID" again after that :)
 
Martynas, I updated build script and rebuild apache, but the problem persists.

The uid/gid from apache stills the same (user from domain where users access phpMyAdmin).

Ps. It's suposed to ./build apache overwrite /etc/httpd/conf/extra/httpd-alias.conf?
We use customized alias, and don't remember if this file is overwritten every time.

Tks
 
Last edited:
Are you sure you don't have any customized templates in /usr/local/directadmin/data/templates/custom? Especially user_virtual_host.conf file, because I think you have the following code missing there:
Code:
        |*if HAVE_SUEXEC_PER_DIR="1"|
        <IfModule mod_fcgid.c>
                SuexecUserGroup |USER| |GROUP|
        </IfModule>
        |*endif|
 
And yes, the httpd-alias.conf may need a rewrite.
FastCGI required any /webapps (squirrelmail, pma, rc..) to redirect to a hostname that was not the domain.
I believe Martynas convinced the Apache devs to allow us to use the FastCGI in a per-<Directory> context, so we can now treat /var/www/html differently, no longer requiring the webapps hostname redirect...
but as he mentioned, requires everything be completely up to date (Apache update/recompile and all httpd configs rewritten).

The patch itself is not likely the cause, but something causing php to run as an incorrect User.
It should be running as "webapps" (or "apache" if you're running plain apache+mod_php, without mod_ruid2)

John
 
Martynas / John,

I downgraded PMA to 4.2.13.1, and found that the BFM logging was not working in this version too - but the fopen() warning is just displayed after the version 4.3.

I see that the new httpd-hostname.conf now includes "SuexecUserGroup webapps webapps" under <IfModule mod_fcgid.c>, but for some reason it just starts working after I recompile Apache and PHP too. If anyone else are facing this problem, here's the tested solution:

Code:
cd /usr/local/directadmin/custombuild
./build update

./build apache
./build php n

Thank you Martynas and Johh for your kind assistance.
 
I don't believe the issue is with either PMA nor with the logging patch, but simply that php is not running as a UID that has write access to the log directory.
The newer apache version has a per-directory feature that allows FastCGI to work as "webapps" under /var/www/html. Before that, it would run as the User, hence the issue.
I believe there were other methods we were trying before that, perhaps why it was working before (not sure there), but this final version is how it should be.

Glad to hear it's working.

FYI: phpMyAdmin 4.3.1 was released earlier today.

John
 
Are you sure you don't have any customized templates in /usr/local/directadmin/data/templates/custom? Especially user_virtual_host.conf file, because I think you have the following code missing there:
Code:
        |*if HAVE_SUEXEC_PER_DIR="1"|
        <IfModule mod_fcgid.c>
                SuexecUserGroup |USER| |GROUP|
        </IfModule>
        |*endif|

Sorry, that was 2:16AM here when I wrote that :)) I meant SuexecUserGroup in /etc/httpd/conf/extra/httpd-hostname.conf, which sets webapps user when /var/www/html is accessed. I'm happy to hear that you've found the solution.
 
Sorry, that was 2:16AM here when I wrote that :)) I meant SuexecUserGroup in /etc/httpd/conf/extra/httpd-hostname.conf, which sets webapps user when /var/www/html is accessed. I'm happy to hear that you've found the solution.

Don't worry, you pointed me the right direction to follow. Thank you again for your kind assistance and continuous effort to improve DA and CustomBuild.
 
This new version shows an error, probably due to BFM patch:



(Tested w/ CustomBuild 2.0)

Had the same issue and emailed support about it after trying to solutions above. The commands that fixed it for me were:

Code:
./build update
./build rewrite_confs
 
I don't think I understood the fix for the issue.

Every log rotate ends with:

-rw------- 1 root apache 58 Mar 25 00:00 auth.log

I have to chown the file to make it apache:apache in order to make it work again with no error. The log folder is "apache:apache", the rotated logs like auth.log.0, auth.log.1, etc are apache:apache too.

I am with freeBSD and CB2
 
Which php type is being used? I'm guessing mod_php, without mod_ruid2... such that php runs as "apache".. hence the apache ownership.
For that case, edit the /etc/logrotate.d/webapps, and use:
Code:
su apache apache
John
 
I think I mislead you by saying "logrotate". I don't use the logrotate utility. What I have is the newsyslog.

Here is what I have at the bottom of /etc/newsyslog.conf:

Code:
# logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
...
/var/www/html/phpMyAdmin/log/auth.log           600     4       *       @T00    -

I guess I have to add "apache:apache" prior that 600 permissions... So it should be:

Code:
/var/www/html/phpMyAdmin/log/auth.log     apache:apache         600     4       *       @T00    -

correct?

Here is the full output of newsyslog.conf:

Code:
# logfilename          [owner:group]    mode count size when  flags [/pid_file] [sig_num]
/var/log/all.log                        600  7     *    @T00  J
/var/log/amd.log                        644  7     100  *     J
/var/log/auth.log                       600  7     100  @0101T JC
/var/log/console.log                    600  5     100  *     J
/var/log/cron                           600  3     100  *     JC
/var/log/daily.log                      640  7     *    @T00  JN
/var/log/debug.log                      600  7     100  *     JC
/var/log/kerberos.log                   600  7     100  *     J
/var/log/lpd-errs                       644  7     100  *     JC
/var/log/maillog                        640  7     *    @T00  JC
/var/log/messages                       644  5     100  @0101T JC
/var/log/monthly.log                    640  12    *    $M1D0 JN
/var/log/pflog                          600  3     100  *     JB    /var/run/pflogd.pid
/var/log/ppp.log        root:network    640  3     100  *     JC
/var/log/security                       600  10    100  *     JC
/var/log/sendmail.st                    640  10    *    168   B
/var/log/utx.log                        644  3     *    @01T05 B
/var/log/weekly.log                     640  5     1    $W6D0 JN
/var/log/xferlog                        600  7     100  *     JC
/var/log/chrootshell.log                600     4       *       @T00    -
/var/log/proftpd/auth.log               600     4       *       @T00    -
/var/log/proftpd/xferlog.legacy         600     4       *       @T00    -
/var/log/proftpd/access.log             600     4       *       @T00    -       /var/run/proftpd.pid
/var/log/pureftp.log            600     4       *       @T00    -       /var/run/pure-ftpd.pid
/var/log/httpd/access_log       apache:apache   600     4       *       @T00    -
/var/log/httpd/fpexe_log        apache:apache   600     4       *       @T00    -
/var/log/httpd/suexec_log       apache:apache   600     4       *       @T00    -
/var/log/suphp.log              600     4       *       @T00    -
/var/log/httpd/error_log        apache:apache   600     4       *       @T00    -       /var/run/httpd.pid
/var/log/exim/paniclog  mail:mail       600     4       *       @T00    -
/var/log/exim/exim_paniclog     mail:mail       600     4       *       @T00    -
/var/log/exim/rejectlog mail:mail       600     4       *       @T00    -
/var/log/exim/exim_rejectlog    mail:mail       600     4       *       @T00    -
/var/log/exim/processlog        mail:mail       600     4       *       @T00    -
/var/log/exim/exim_processlog   mail:mail       600     4       *       @T00    -
/var/log/exim/mainlog   mail:mail       600     4       *       @T00    -       /var/run/exim.pid
/var/log/exim/exim_mainlog      mail:mail       600     4       *       @T00    -       /var/run/exim.pid
/var/log/directadmin/error.log  diradmin:diradmin       600     4       *       @T00    -
/var/log/directadmin/errortaskq.log     diradmin:diradmin       600     4       *       @T00    -
/var/log/directadmin/security.log       diradmin:diradmin       600     4       *       @T00    -
/var/log/directadmin/system.log diradmin:diradmin       600     4       *       @T00    -
/usr/local/php53/var/log/php-fpm.log            600     4       *       @T00    -       /var/run/php-fpm53.pid  30
/usr/local/php54/var/log/php-fpm.log            600     4       *       @T00    -       /var/run/php-fpm54.pid  30
/usr/local/php60/var/log/php-fpm.log            600     4       *       @T00    -       /var/run/php-fpm60.pid  30
/var/log/directadmin/login.log  diradmin:diradmin       600     4       *       @T00    -
/var/www/html/roundcube/logs/errors             600     4       *       @T00    -
/var/www/html/squirrelmail/data/squirrelmail_access_log         600     4       *       @T00    -
/var/www/html/phpMyAdmin/log/auth.log              600     4       *       @T00    -

All that do not have user:group added are with owner "root". The squirrelmail access log file does not exist. The RoundCube one is empty.

I think DA added these - I don't remember touching anyting in that file at all. Am I correct?
 
Last edited:
Ah yes, FreeBSD, thanks for the reminder. It is newsyslog, and not logrotate.
I'll have to go over that.

John
 
Added FreeBSD log rotation fix to CustomBuild 2.0.
It re-installing any one of PMA, RC or SM, will trigger CB to ensure the /etc/newsyslog.conf has, and sets the correct values for the 3 logs.
It's on files1, other mirrors should get it within 24 hours.

John
 
Back
Top