15 posts / 0 new
Last post
#1 Tue, 12/15/2009 - 09:02
coreymanshack

Jeez

So I was trying to install suphp following this tutorial.. http://www.howtoforge.com/install-suphp-on-various-linux-distributions-f... The make was having errors, and I couldn't start apache back up, so decided to remove what it told me to install.

sudo apt-get autoremove apache2-prefork-dev

started removing all of my services, mysql, clamav... everything... what the hell...

So I reinstall apache2-prefork-dev... and none of those services are reinstalled.... this is pissing me off.

Here are some that were uninstalled, putty doesn't go back far enough to see everything i don't guess...

apache2-doc apache2-prefork-dev awstats bind9 clamav clamav-base clamav-daemon clamav-docs clamav-freshclam clamav-testfiles comerr-dev db4.6-util dovecot-common dovecot-imapd dovecot-pop3d irb irb1.8 libapache2-mod-fcgid libapache2-svn libapr1-dev libaprutil1-dev libarchive-tar-perl libclamav5 libdb4.5 libdb4.6-dev libdbd-mysql-perl libdbd-pg-perl libdbi-perl libdigest-hmac-perl libdigest-sha1-perl liberror-perl libexpat1-dev libgeoip1 libgmp3c2 libio-zlib-perl libkadm55 libkrb5-dev libldap2-dev libmail-spf-perl libneon27 libnet-daemon-perl libnet-dns-perl libnet-ip-perl libnetaddr-ip-perl libpcre3-dev libpcrecpp0 libpg-perl libplrpc-perl libpq-dev libreadline-ruby1.8 libsasl2 libsocket6-perl libsqlite3-dev libssl-dev libsvn1 libsys-hostname-long-perl libversion-perl mailman mysql-client mysql-client-5.0 mysql-server mysql-server-5.0 php-pear php5-cgi postgresql postgresql-8.3 postgresql-client-8.3 postgresql-client-common postgresql-common procmail procmail-wrapper proftpd pwgen rdoc rdoc1.8 ri ri1.8 sasl2-bin scponly sharutils spamassassin spamc subversion usermin-virtual-server-theme uuid-dev virtualmin-base webalizer webmin-security-updates webmin-virtual-server-theme webmin-virtualmin-awstats webmin-virtualmin-dav webmin-virtualmin-htpasswd webmin-virtualmin-mailman webmin-virtualmin-svn zlib1g-dev

Tue, 12/15/2009 - 09:36
andreychek

Well, that's certainly no good at all :-)

All I can offer is that you may want to try reinstalling what was removed, and hope for the best -- and hope that your config files and stuff weren't removed at the same time the apps were.

You can probably get a full list of what was removed in /var/log/dpkg.log.

-Eric

Tue, 12/15/2009 - 09:41 (Reply to #2)
coreymanshack

I'm doing that now, /cross fingers

Tue, 12/15/2009 - 09:48
coreymanshack

why does virtualmin look like this??

http://img525.imageshack.us/img525/1977/wtfzem.jpg

am i missing a package?

the login says "login to webmin" and its all blue... and crappy looking

Tue, 12/15/2009 - 09:50
coreymanshack

I can't check my mail now either!

An error occurred listing mail in this folder : Failed to connect to localhost:143 : Connection refused

Tue, 12/15/2009 - 09:52
andreychek

Sounds like some packages may still be missing; I'd go through the dpkg.log file and make sure you have all of them, or you'll be dealing with weird problems for quite awhile :-)

Make sure you have both dovecot and webmin-virtual-server-theme installed... their absence could cause the above issues you're describing.

-Eric

Tue, 12/15/2009 - 11:31
coreymanshack

Everything from a-z is right there, it's everything that was uninstalled. I have dovecot, and I have webmin-virtual-server-theme installed.

Tue, 12/15/2009 - 11:40 (Reply to #7)
coreymanshack

I had to click "update selected operating system" and now virtualmin is back to normail w000t.... postfix was down, i started it up in the control panel, and it said it failed to start... but its running and i can receive mail now!

I think suphp is the way to have hardened php... am I wrong? Can you point me to a good tutorial for suphp on virtualmin?

Sun, 01/03/2010 - 13:41 (Reply to #8)
jo

suphp is doing what suexec+fcgid is doing, just restricted to PHP while suexec+fcgid covers all CGI scripting languages. That's why I have been advocating suexec+mod_fcgid even before I learned that Virtualmin happens to use the same solution.

Note that Virtualmin will be using suexec+mod_fcgid anyway in the standard installation as far as I know (it did for me anyway). I'd even avoid running suphp and suexec+modfcgid on the same machine: the functional overlap makes unwanted interactions (a.k.a. bugs) more likely. Also, since the combination is rarely used, it is less well tested.

So, my advice is short and easy: drop suphp :)

Tue, 12/15/2009 - 11:41
andreychek

We actually recommend using FCGI and suexec for PHP, rather than suphp.

There's a forum post that describes how to set it up here:

http://www.virtualmin.com/node/8462

Tue, 12/15/2009 - 12:16
coreymanshack

Add to httpd.conf in the public_html Directory section within the relevant VirtualServer section:

AddHandler fcgid-script .php5 FCGIWrapper /home/example/fcgi-bin/php5.fcgi .php

Create the wrapper in /home/domainname/fcgi-bin/php5.fcgi:

!/bin/bash

PHPRC=$PWD/../etc/php5 export PHPRC umask 022 SCRIPT_FILENAME=$PATH_TRANSLATED export SCRIPT_FILENAME exec /usr/bin/php-cgi

The application files, and the fcgi wrapper must be owned by the user, and must not be world or group writable (suexec will not execute them, if they are).

You also need to copy php.ini into the etc/php5 directory within the users home.

Tue, 12/15/2009 - 12:16 (Reply to #11)
coreymanshack

is that all i need to do?

Mon, 01/04/2010 - 10:25 (Reply to #12)
jo

I think you can configure Virtualmin for suexec+fcgid, and it will do all that's necessary for you.

UPDATE: This seems to be available for Virtualmin Pro only. I didn't find the option in Virtualmin GPL.
The newest relevant post on the topic seems to be on http://www.virtualmin.com/node/8462#comment-35141 .
Notes:
1. A umask of 027 is necessary instead of the more usual 022 if there are mutually untrusted parties on the same machine.
2. I'm not sure that that's possible, but it would certainly be good to have the php5.fcgi file somewhere where it's copied into every server that's being setup.

Mon, 01/04/2010 - 10:40 (Reply to #13)
ronald
ronald's picture

you can use /etc/skel for that purpose and enable that in the server template. Files and directories under /etc/skel will be copied to every new server.

Mon, 01/04/2010 - 18:40
jo

Files and directories under /etc/skel will be copied to every new server.

Actually once per Unix user, not once per server (you'd need to configure Virtualmin for a per-server skeleton directory). The difference doesn't matter in this case because Joe's configuration is designed to work if installed once per Unix user, but it will matter in those cases where you really need a separate set of files for each domain.

[UPDATE: This should have gone as a reply to ronald's post. Sorry for the mixup.]

Topic locked