PHP safe mode on virtual hosts

Kelsay, Brian - Kansas City, MO brian.kelsay at kcc.usda.gov
Tue Jun 14 08:11:19 CDT 2005


Sounds to me like you should draw yourself a diagram of what each group
of files has for permissions, what are all the users and groups involved
and their effective permissions.  Quite possibly you may just need to
add the virtual domain admin users to some group or add user apache to
the virtual domain group so the apache process can write.  Do the php
pages have to write anything to the virtual domain directories?  Even if
it's just a log file, then that user is denied.  Do all of the virtual
domains wrote to the database?  I didn't understand that part.  If so,
then for one I wouldn't do it that way.  They should each have their own
database.  Also, if you have this: rw-r--r--, then the group can't write
only the specific user, but you may need to add the user you run the
database as or the php process in somewhere.  Hell, I'm confused now. 

User      Group
Apache    apache     web process and /var/www/html 
Virtual1  virtual1   Domain1
Virtual2  virtual2   Domain2
Virtual3  virtual3   Domain3
Database  database   database files

Hint: Don't refer to them as one domain or another, use more concrete
terms.  You've got so much going on, I'm confuse now.  Back to my nap.
                     

>-----Original Message-----
>From: kclug-bounces at kclug.org [mailto:kclug-bounces at kclug.org] 
>On Behalf Of Jack
>Sent: Monday, June 13, 2005 6:41 PM
>To: Jonathan Hutchins; kclug at kclug.org
>Subject: Re: PHP safe mode on virtual hosts
>
>
>Apache is running as apache. The file permissions are
>rw-r--r-- on all the directories accessed by apache or
>php. Each virtual webspace has it's own user and the
>group is the same as the user. So website-1 has file
>ownership of say admin1.admin1 and this is in the 
>user and group as defined in the chrooted apache
>httpd.conf. AS I said, I compared two sites and have
>yet to see any configuration difference. In either the
>httpd.conf or it's included files or in the php.ini
>files.
>
>--- Jonathan Hutchins <hutchins at tarcanfel.org> wrote:
>
>> On Monday 13 June 2005 01:22 pm, Jack wrote:
>> 
>> > ... one site
>> > works if the files in the chrooted /var/www/html
>> > directory are owned by a authorized admin for the
>> > virtual host, the other works only if that
>> directory
>> > and the files are owned by root. 
>> 
>> Who's apache running as?  What are the file
>> permissions?  User? Group?


More information about the Kclug mailing list