Hi, I finally was able to install suphp and now it works but there'is still a problem with the file permission: All directories have at least to be chmod 701. 700 dowsn't work. Otherwise I get a 403 error. Why have the directories be executable by others? The same for the .htaccess file. It has to be 444. I think thre is no need to make it readable by others? Owner and group is alwys web0. Hope you can help me. Cheers, Markus
Hi, After the most recent update of suPHP in Debian Etch ( 0.6.1.20061108-1 ) it seems that fileuploads of files larger than approx 10 kb. fail. PHP reports false on "is_uploaded_file". Smaller files can still be uploaded. The Apache logs for the VirtualHost show a rather cryptic message: PHP Warning: Only 1031 bytes were written, expected to write 5119 in Unknown on line 0, referer: http://www.somewebsite.com/somefile.php I've tested the *same* script but then make it get executed (still via suPHP) as a normal CGI (with the shebang in the first line) without any problem on larger files. Can anyone verify this problem and perhaps make a patch for it which could then be used in the next release on Etch? Martijn
Could someone suggest n extension to the above fix that would allow suPHP_AddHandler and suPHP_Engine to be used in a .htaccess? The idea now being, that, by default, PHP will be executed by mod_php but for that users who know what they are doing, they can enable suPHP on a per directory basis, without having to annoy the root team to add it to the global Apache conf. Regards, Cian
Doesn't this circumvent possible security concerns? Example: suphp is enabled on a global basis, but is explicitly disabled for a VirtualHost (due to a users' site having insecure PHP, or being compromised in some way). Wouldn't the .htaccess "suPHP_Engine On" effectively re-enable PHP when the administrator explicitly asked for it to be disabled in the VirtualHost? -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | On Thu, Dec 21, 2006 at 03:26:50PM +0000, Cian Davis wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Emmanuel Lacour wrote: > > On Sat, Aug 05, 2006 at 12:58:57AM +0100, Cian Davis wrote: > >> No errors on apache start (unless I specify an suPHP_AddHandler line - > >> gives "suPHP_AddHandler not allowed here"). But when I access a page, > >> it doesn't parse the page, it just offers it to download. > >> > >> Any help would be greatly appreciated. > > > > In upstream sources, this directive cannot be applied in global > > configuration, a patch is applied in the debian package. See: > >(Continue reading)
On Thu, Dec 21, 2006 at 03:26:50PM +0000, Cian Davis wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Emmanuel Lacour wrote: > > On Sat, Aug 05, 2006 at 12:58:57AM +0100, Cian Davis wrote: > >> No errors on apache start (unless I specify an suPHP_AddHandler line - > >> gives "suPHP_AddHandler not allowed here"). But when I access a page, > >> it doesn't parse the page, it just offers it to download. > >> > >> Any help would be greatly appreciated. > > > > In upstream sources, this directive cannot be applied in global > > configuration, a patch is applied in the debian package. See: > > > > http://lists.marsching.biz/pipermail/suphp/2005-June/000876.htm > > Could someone suggest n extension to the above fix that would allow > suPHP_AddHandler and suPHP_Engine to be used in a .htaccess? The idea > now being, that, by default, PHP will be executed by mod_php but for > that users who know what they are doing, they can enable suPHP on a > per directory basis, without having to annoy the root team to add it > to the global Apache conf. > > Regards, > Cian > > Does not sound very good idea... I think users should not be allowed to(Continue reading)
Aki Tuomi wrote: > On Thu, Dec 21, 2006 at 03:26:50PM +0000, Cian Davis wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Emmanuel Lacour wrote: >>> On Sat, Aug 05, 2006 at 12:58:57AM +0100, Cian Davis wrote: >>>> No errors on apache start (unless I specify an suPHP_AddHandler line - >>>> gives "suPHP_AddHandler not allowed here"). But when I access a page, >>>> it doesn't parse the page, it just offers it to download. >>>> >>>> Any help would be greatly appreciated. >>> In upstream sources, this directive cannot be applied in global >>> configuration, a patch is applied in the debian package. See: >>> >>> http://lists.marsching.biz/pipermail/suphp/2005-June/000876.htm >> Could someone suggest n extension to the above fix that would allow >> suPHP_AddHandler and suPHP_Engine to be used in a .htaccess? The idea >> now being, that, by default, PHP will be executed by mod_php but for >> that users who know what they are doing, they can enable suPHP on a >> per directory basis, without having to annoy the root team to add it >> to the global Apache conf. >> >> Regards, >> Cian >> >> > > Does not sound very good idea... I think users should not be allowed to(Continue reading)
_______________________________________________ suPHP mailing list suPHP@... http://lists.marsching.biz/mailman/listinfo/suphp
_______________________________________________
_______________________________________________ suPHP mailing list suPHP@... http://lists.marsching.biz/mailman/listinfo/suphp
suPHP_UserGroup 5028 4901 ? I was reading the Changelog and: --- * Version 0.5.2 (13 July 2004) - Added support for UIDs/GIDs not listed in system configuration when using "force" or "paranoid" mode --- And yes, i compiled suphp with paranoid mode. Hum... any idea? I've been about one year to configure this and no success :( Jorge ----- Original Message ----- From: "Markus Kentgen" <markus_kentgen@...> To: "Jorge Bastos" <mysql.jorge@...> Sent: Sunday, December 24, 2006 1:01 PM Subject: Re: [suPHP] Fw: Help configuring > The owner of the file is 5058 but suphp user is 5028. So you have to > chance suphp user to 5058. > > Markus > > Jorge Bastos schrieb: >> ok now i have it setup, but im having no success executing it. >> My users are non system users like i sayd, i have in my virtualhost this: >> suPHP_Engine on >> suPHP_UserGroup "#5028" "#4901" >> AddHandler x-httpd-php .php .php3 .php4 .php5 >> suPHP_AddHandler x-httpd-php >> I've tried with: >> suPHP_UserGroup "#5028" "#4901" >> suPHP_UserGroup #5028 #4901 >> suPHP_UserGroup "5028" "4901" >> suPHP_UserGroup 5028 4901 >> and with all those four options in suphp log there's: >> [Sun Dec 24 12:51:03 2006] [warn] Mismatch between target UID (5028) and >> UID (5058) of file "/home/alojamento/albergaria.org/uploader.php" >> but, the file has: >> -rwxr-xr-x 1 5058 4901 365 Dec 23 23:58 uploader.php* >> How can give me a hand? i didn't found information about this on the web >> Jorge >> ----- Original Message ----- >> *From:* Jorge Bastos <mailto:mysql.jorge@...> >> *To:* suPHP@... <mailto:suPHP@...> >> *Sent:* Sunday, December 24, 2006 12:27 AM >> *Subject:* [suPHP] Help configuring >> >> Guys, >> Give me some help on this configurion suphp. >> So, the module is loaded, and in the virtualhost i have: >> suPHP_Engine on >> suPHP_UserGroup "#5028" "#4901" >> (this is uid's and gid's from virtual users that doesn't exist in the >> system passwd) >> when i upload a file, and then go check it: >> -rw------- 1 www-data www-data 2283 Dec 24 00:17 65.jpg >> I have no error on apache error log. >> What am i missing? >> Thanks, >> Jorge >> >> ------------------------------------------------------------------------ >> _______________________________________________ >> suPHP mailing list >> suPHP@... >> http://lists.marsching.biz/mailman/listinfo/suphp >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> suPHP mailing list >> suPHP@... >> http://lists.marsching.biz/mailman/listinfo/suphp >> > >
Hum But the file is owner by that user (UID) Mismatch between target UID (5028) and UID (5058) of file "/home/alojamento/albergaria.org/uploader.php" -rwxr-xr-x 1 5058 4901 365 Dec 23 23:58 /home/alojamento/albergaria.org/uploader.php* I'm getting crazy!! they are the same... Now what? Jorge ----- Original Message ----- From: "Markus Kentgen" <markus_kentgen@...> To: "Jorge Bastos" <mysql.jorge@...> Sent: Sunday, December 24, 2006 1:28 PM Subject: Re: [suPHP] Fw: Fw: Help configuring > Yes, but suphp User has to be the owner of the file otherwise it won't > work so if the owner of the files is 5058 the suphp User has to be 5058, > too. > > Jorge Bastos schrieb: >> suPHP_UserGroup 5028 4901 ? >> >> I was reading the Changelog and: >> >> --- >> * Version 0.5.2 (13 July 2004) >> - Added support for UIDs/GIDs not listed in system configuration when >> using >> "force" or "paranoid" mode >> --- >> >> And yes, i compiled suphp with paranoid mode. >> Hum... any idea? >> I've been about one year to configure this and no success :( >> >> Jorge >> >> >> ----- Original Message ----- >> From: "Markus Kentgen" <markus_kentgen@...> >> To: "Jorge Bastos" <mysql.jorge@...> >> Sent: Sunday, December 24, 2006 1:01 PM >> Subject: Re: [suPHP] Fw: Help configuring >> >> >> >>> The owner of the file is 5058 but suphp user is 5028. So you have to >>> chance suphp user to 5058. >>> >>> Markus >>> >>> Jorge Bastos schrieb: >>> >>>> ok now i have it setup, but im having no success executing it. >>>> My users are non system users like i sayd, i have in my virtualhost >>>> this: >>>> suPHP_Engine on >>>> suPHP_UserGroup "#5028" "#4901" >>>> AddHandler x-httpd-php .php .php3 .php4 .php5 >>>> suPHP_AddHandler x-httpd-php >>>> I've tried with: >>>> suPHP_UserGroup "#5028" "#4901" >>>> suPHP_UserGroup #5028 #4901 >>>> suPHP_UserGroup "5028" "4901" >>>> suPHP_UserGroup 5028 4901 >>>> and with all those four options in suphp log there's: >>>> [Sun Dec 24 12:51:03 2006] [warn] Mismatch between target UID (5028) >>>> and UID (5058) of file "/home/alojamento/albergaria.org/uploader.php" >>>> but, the file has: >>>> -rwxr-xr-x 1 5058 4901 365 Dec 23 23:58 uploader.php* >>>> How can give me a hand? i didn't found information about this on the >>>> web >>>> Jorge >>>> ----- Original Message ----- >>>> *From:* Jorge Bastos <mailto:mysql.jorge@...> >>>> *To:* suPHP@... <mailto:suPHP@...> >>>> *Sent:* Sunday, December 24, 2006 12:27 AM >>>> *Subject:* [suPHP] Help configuring >>>> >>>> Guys, >>>> Give me some help on this configurion suphp. >>>> So, the module is loaded, and in the virtualhost i have: >>>> suPHP_Engine on >>>> suPHP_UserGroup "#5028" "#4901" >>>> (this is uid's and gid's from virtual users that doesn't exist in the >>>> system passwd) >>>> when i upload a file, and then go check it: >>>> -rw------- 1 www-data www-data 2283 Dec 24 00:17 65.jpg >>>> I have no error on apache error log. >>>> What am i missing? >>>> Thanks, >>>> Jorge >>>> >>>> ------------------------------------------------------------------------ >>>> _______________________________________________ >>>> suPHP mailing list >>>> suPHP@... >>>> http://lists.marsching.biz/mailman/listinfo/suphp >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> suPHP mailing list >>>> suPHP@... >>>> http://lists.marsching.biz/mailman/listinfo/suphp >>>> >>>> >>> >> >> >> _______________________________________________ >> suPHP mailing list >> suPHP@... >> http://lists.marsching.biz/mailman/listinfo/suphp >> >> > >
RSS Feed1 | |
|---|---|
1 | |
1 | |
2 | |
1 | |
3 | |
2 | |
2 | |
10 | |
7 | |
19 | |
8 | |
3 | |
9 | |
4 | |
3 | |
1 | |
11 | |
3 | |
10 | |
2 | |
5 | |
12 | |
20 | |
5 | |
16 | |
3 | |
11 | |
8 | |
9 | |
7 | |
7 | |
40 | |
13 | |
4 | |
22 | |
20 | |
35 | |
16 | |
5 | |
10 | |
9 | |
35 | |
6 | |
14 | |
2 | |
24 | |
21 | |
9 | |
11 | |
21 | |
9 | |
21 | |
43 | |
63 | |
128 | |
25 | |
31 | |
30 | |
21 | |
22 | |
4 | |
25 | |
26 | |
19 | |
30 | |
10 | |
12 | |
22 | |
23 | |
34 | |
17 | |
5 |
