Adding apache user to users group not working??

9 posts / 0 new
Last post
#1 Tue, 06/13/2006 - 21:36
sciallo

Adding apache user to users group not working??

I'm really confused and frustrated with this, it makes no sense:

I have the "Add Apache user to Unix group for new servers?" in the template set to "yes" and the right username (www-data it's an install of the GPL on Debian) in the box. The permissions on the website subdirectory are set to 750, if I look in the user/group module, www-data is in everyone's group, and everything else checks out. It has worked fine for the first few domains I set up and now it doesn't work on newly set domains. Everything looks the same though, www-data is in users group and permissions are the same as others, though if I even try to shell to the server as the www-data user and try to ls the public_html of one of the new users I get permission denied (same with trying to bring the site up in a browser of course).

Where should I start troubleshooting this?

TIA

Thu, 09/03/2009 - 05:40
Bertik

The original post is about three!!! years old...., but I have a similar problem. I have been searching for a several hour now for a solution, but no go.

My set up Virtualmin 3.73 Ubuntu 8.04.3 Installed on fresh install.

No php script is able to write to folder with permission 750 if running as a apache.

How can I fix this please?

Thu, 09/03/2009 - 07:49
Bertik

I am completely lost here. this is otput of suexec -V when I run this
/usr/lib/apache2/suexec -V

-D AP_DOC_ROOT="/home"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

It looks like all is set up just right....
Any word on it please?

Thu, 09/03/2009 - 09:01 (Reply to #3)
andreychek

And just to clarify, your suexec setup looks perfect.

All that's missing is the configuration to have Apache utilize it when executing PHP and other CGI goodies. You should be able to get that from the FCGID+suexec forum post mentioned earlier.

Have a good one!

-Eric

Thu, 09/03/2009 - 07:43
andreychek

Howdy,

That's correct, no PHP script would be able to write to a folder with 750 access, if the script is running as the Apache user, and the Apache user isn't listed as the owner or group for that directory.

That's where some scripts tell you to use 777 permissions, but I certainly don't recommend that :-)

By default, the Pro version of Virtualmin sets up PHP to use FCGID (or CGI) alongside suexec, which solves that particular problem by running all code as the Virtual Server owner.

The GPL version doesn't have that setup by default, but you can certainly still do it.

A forum post detailing how to go about that is here:

https://www.virtualmin.com/node/8462

Let us know if that does the trick for you!

-Eric

Thu, 09/03/2009 - 07:48
Bertik

OK, thank you Eric, I will check it out and will post here how it goes.

Thu, 09/03/2009 - 15:12
Bertik

It Is Working Just Fine Now!

Thank you!

Just one more question.
It is working for older sites too? Sites I have added before this modification? It seems like it is not, because when I add

Options -Indexes IncludesNOEXEC FollowSymLinks ExecCGI
AddHandler fcgid-script .php
FCGIWrapper ${HOME}/fcgi-bin/php5.fcgi .php

to site directives manually and restart apache I am getting an error.

How to modify an existing site please?

Is it enough to FTP the folder fcgi-bin and its content to the root of the home dir of the site (copy it from some site where it is working (new site after modification)) and add the necessary directives?
I am asking explicitly about FTPing... Do you think it's going to work?

Thanks A LOT again
Robert

Thu, 09/03/2009 - 15:25
andreychek

Right, that would only work for new sites.

You'd have to manually add those lines to the Apache config for existing sites.

If that doesn't work, we'd need to see the full VirtualHost line, as well as see the error you're getting.

-Eric

Fri, 09/04/2009 - 02:35
Bertik

Thank you Eric...., after careful study of this thread https://www.virtualmin.com/node/8462 you mentioned above, I have managed to make it work for existing sites too..!

Thanks again for your time. Robert

Topic locked