Help with Apache + SuPHP problem (ISPCONFIG)

ughh.


ok,

i run a private project of mine which is a server of mine colo'd in nyc. Any ways i have apache 2 and I use Ispconfig. I was setting ispconfig to have custom php.ini's for every main site directory, instead of just one in the apache directory.

So i installed SuPHP to accomplish this. Something somewhere got totally messed up and now when i enable PHP in ispconfig. I get 500 Internal Server Errors. see an example at www.ndblocks.com

This is driving me crazy. another example is at www.multimediaempire.net

i have the logs for it, im going to be debugging this and i will be setting up a production server for use of SVN. (SubVersioN)


Anyone ever have this issue? Help Please!?!

 

[Mon Feb 23 05:32:28 2009] [warn] File "/var/www/web4/web/browse.php" is writeable by group
[Mon Feb 23 05:32:28 2009] [warn] File "/var/www/web4/web/browse.php" is writeable by group
[Mon Feb 23 05:32:28 2009] [warn] File "/var/www/web4/web/browse.php" is writeable by group
[Mon Feb 23 05:32:29 2009] [warn] File "/var/www/web4/web/index.php" is writeable by group
[Mon Feb 23 05:32:30 2009] [warn] File "/var/www/web4/web/browse.php" is writeable by group
[Mon Feb 23 05:32:30 2009] [warn] File "/var/www/web4/web/browse.php" is writeable by group
[Mon Feb 23 05:32:31 2009] [warn] File "/var/www/web4/web/browse.php" is writeable by group
[Mon Feb 23 05:32:34 2009] [warn] File "/var/www/web4/web/index.php" is writeable by group

 

[Mon Feb 23 05:30:08 2009] [notice] caught SIGWINCH, shutting down gracefully
[Mon Feb 23 05:30:18 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache2/suexec)
[Mon Feb 23 05:30:18 2009] [notice] Apache/2.2.8 (Ubuntu) mod_ruby/1.2.6 Ruby/1.8.6(2007-09-24) mod_ssl/2.2.8 OpenSSL/0.9.8g configured -- resuming normal operations

 

To fix the 500 error with suPHP remove the group write permission from all your PHP files or edit suphp.conf and add the following 2 lines or change them from false to true if already present, then restart Apache:

allow_file_group_writeable=true
allow_directory_group_writeable=true

Code (markup):

However if you do change suphp.conf so that it is group writeable then any user in the group can write to the PHP files, which for most people shouldn't be an issue.

 

in what group? lol i am sorry i am still learning this, its a new situation for me. Would it be the users for that web directory? Like i have an Admin for the website i have a Dom username and a Webmaster for example. Would that mean all can write? what exactly does that mean?


Thank you btw, big help.

 

When you create an account on the server it normally create a unix user and a group for that user.

suPHP causes the PHP to run as the accounts unix user and group permissions.

The default is for suPHP to not run PHP files that have the group write bit set on them. What that means is any user that is within the group can write to the file even if they are not the owner of the file, so suPHP defaults to not trusting the PHP file. Only PHP files that can only be written by the owner are trusted.

This is all at the unix user and group permission level irrespective of control panel users.

The change I gave you to suphp.conf changes that behaviour to tell suPHP that it should trust and run PHP files that have the group write bit set. It's that or your remove the group write bit from the files, use chmod at the command line or your FTP client.

 

hmm tried that then got this:

httpd (no pid file) not running


after restarting apache2


then i did :

grep -i pidfile /etc/apache2/apache2.conf


and got:


# PidFile: The file in which the server should record its process
PidFile ${APACHE_PID_FILE}



After that, i restarted Ispconfig. and right back to the 500 error.

 

Changing group write or suphp.conf options should not affect the ability of Apache to restart.

So what have you done, change the options in suphp.conf?

I assume you've tried asking on the Ispconfig help area?

Otherwise the easiest thing is to get a sys admin to sort it out for you, however I can't think of anyone that supports Ispconfig.

 

i know....im in trouble...


i changed the options like you said still did nothing. i might switch from ispconfig to cpanel. IF i can get the switch to work properly...you think that should be a problem?

 

I'm not sure what ispconfig modifies but I'd always install cPanel from a fresh OS install, it's just not worth the potential problems.

So my advice is backup everything and put it somewhere safe off server, format the server, load cPanel. Then recompile Apache as 2.2, PHP 5.2.8 and select suPHP.

suphp.conf is then in /opt/etc/ and can be modified to allow PHP files with group write to run, you do need to restart Apache after changing it. Or you can remove the write permission on the files and folders, both just work.

I've been running suPHP with and without cPanel for years, not had any issues with it.

 

ok.

Thanks for your help this really sucks...i dont want to do this at the moment. but i dont see many other options.

 

Ask about for a server admin rack911 or some of the others might be able to sort you out, you'll have to give them root access and they'll obviously charge for it.