Results 1 to 13 of 13
  1. #1
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    93
    Points
    5,314
    Level
    31

    Auto user-specific php.ini for suPHP

    Before changing over to suPHP I was using a custom vhost-base.conf file to automatically generate the PHP value for open_basedir per virtual host upon new siteworx account creation, like this:

    php_admin_value open_basedir "<<WEBROOT>>:/tmp"

    Now with suPHP I have to create the /home/user/etc/ folder and php.ini file in there and set the appropriate permissions manually.

    Are there any plans to allow auto generation of the per-user php.ini files with some custom default values?

  2. The Following User Says Thank You to Lightfoot For This Useful Post:


  3. #2
    Join Date
    Nov 2005
    Location
    Lincolnshire, UK
    Posts
    475
    Points
    7,012
    Level
    35
    Second this!
    Ledger Technologies Group Ltd - UK based dynamic group of companies that utilises existing and emerging technologies to provide data solutions for clients globally.
    EverythingWeb.Net Ltd - UK Based Website Hosting, Design & Maintenance.

    The views expressed in the above messsage are purely my own and are in no way official or representative of the companies I represent.

  4. #3
    Join Date
    Jul 2011
    Location
    Sweden
    Posts
    150
    Points
    5,248
    Level
    30
    Third!
    there aer several php properties that i would like the user to be able to turn off.
    Like: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen and set open_basedir (or default it to their home folder so their CMS systems don't bug them about it).

  5. #4
    Join Date
    Nov 2007
    Posts
    1
    Points
    1,992
    Level
    18
    forth vote here.

  6. #5
    Join Date
    Aug 2011
    Posts
    31
    Points
    897
    Level
    11
    Another vote.

  7. #6
    Join Date
    Aug 2010
    Location
    Pittsburgh, PA
    Posts
    166
    Points
    2,220
    Level
    19
    Hello Ladies and Gents,

    Not sure how we haven't seen this yet, but I have taken the request and added it to our request tracker. Definitely sounds like a good idea!
    Daniel Motles
    Technical Support
    InterWorx-CP | http://interworx.com/

  8. #7
    Join Date
    Aug 2011
    Posts
    31
    Points
    897
    Level
    11
    Dan that would be nice! Right now it's possible to overwrite all PHP setting (such as memory_limit) with PHP's ini_set command. It would make our staff so happy :-)
    My suggestions to set the following parameters per site and default:

    • register_globals
    • allow_url_fopen
    • allow_url_include
    • magic_quotes_gpc
    • register_long_arrays
    • memory_limit
    • upload_max_filesize
    • post_max_size
    • max_execution_time
    • max_input_time

  9. #8
    Join Date
    Aug 2011
    Posts
    31
    Points
    897
    Level
    11

    Exclamation

    Hi Guys,

    We made a little-temp-fix for the suPHP problem which:

    1. creates a /home/<user>/etc directorie in the siteworx user directory and copies /etc/php.ini to this IF not already existst.
    2. changes owner of php.ini to root:root (we do not allow our customers to make changes to php.ini themselves).
    3. fixes the session directory in the php.ini (sessions will be placed in /home/<user>/tmp directorie of the the siteworx user)

    We run this script every 5 minutes. As said before it's a work-around script so don't expect rocket science. If it makes you happy,I am happy :-)


    Code:
    #! /bin/bash
    
    function get-dir-list()
    {
        local -a info
    
        while read -a info; do
            echo "/home/${info[1]}"
        done < <( nodeworx -u -n -c Siteworx -a listAccounts )
    }
    
    while read dir; do
        if etc="$dir/etc"; [[ ! -d "$etc" ]]; then
            mkdir "$etc"
            # Do not change ownership to owner,
            # or an owner could remove php.ini
            # and replace it with its own... :P
            chown root:root "$etc"
        fi
    
        if tmp="$dir/tmp"; [[ ! -d "$tmp" ]]; then
            mkdir "$tmp"
            chown --reference="$dir" "$tmp"
            chmod 01755 "$tmp"
        fi
    
        if ini="$etc/php.ini"; [[ ! -f "$ini" ]]; then
            cp /etc/php.ini "$ini"
            chown root:root "$ini"
            chmod 0444 "$ini"
        fi
    
        read s < <( sed -nr 's/^ *session[.]save_path *= *(.*)$/\1/p' "$ini" )
        if [[ "$s" != "$tmp" ]]; then
            sed -ri 's#^( *session[.]save_path *= *).*$#\1'"$tmp"'#' "$ini"
        fi
    done < <( get-dir-list )
    Last edited by gerwin; 02-15-2012 at 07:06 AM.
    Greetz,

    Gerwin Krist

  10. #9
    Join Date
    Jun 2011
    Location
    Pittsburgh, PA
    Posts
    18
    Points
    2,171
    Level
    19

    Event Hooks Plugin Script

    Based on gerwin's excellent cron script above, the following can be integrated with our Event Hooks plugin to automate the creation of the necessary files and directories:

    Code:
    #!/bin/bash
    #
    # INSTALLATION:
    #
    # First, ensure the InterWorx CLI is installed via 'yum install interworx-cli'
    # 
    # Install this script at /usr/local/bin/enable_session_save_path.sh
    # 
    # Enable the Event Hooks plugin in NodeWorx.
    # Add the following line to your InterWorx Event Hook Configuration:
    # 
    #     Ctrl_Nodeworx_Siteworx add /usr/local/bin/enable_session_save_path.sh
    # 
    # Ensure that both this file *and* the Event Hook config are both readable
    # and executable by the iworx user:
    # 
    #     chmod 0770 /usr/local/bin/enable_session_save_path.sh
    #     chown iworx /usr/local/bin/enable_session_save_path.sh
    # 
    # In order for this script to run successfully, the iworx user
    # must be added to the sudoers file. This can be done as follows:
    # 
    # Run 'visudo'
    # Append these lines: 
    #
    #     %iworx ALL=(ALL) NOPASSWD:SETENV: /bin/bash -p /usr/local/bin/enable_session_save_path.sh
    #     Defaults:%iworx !requiretty
    #
    # Save and exit visudo
    
    if [[ "$iw_uniqname" == "" ]]; then
      exit 1
    fi
    
    if [[ "$(id -u)" != "0" ]]; then
      self="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/$(basename $0)"
      sudo -E bash -p $self
      exit 0
    fi
    
    dir="/home/$iw_uniqname"
    
    if etc="$dir/etc"; [[ ! -d "$etc" ]]; then
            mkdir "$etc"
            # Do not change ownership to owner,
            # or an owner could remove php.ini
            # and replace it with its own
            chown root:root "$etc"
    fi
    
    if tmp="$dir/tmp"; [[ ! -d "$tmp" ]]; then
            mkdir "$tmp"
            chown --reference="$dir" "$tmp"
            chmod 01755 "$tmp"
    fi
    
    if ini="$etc/php.ini"; [[ ! -f "$ini" ]]; then
            cp /etc/php.ini "$ini"
            chown root:root "$ini"
            chmod 0444 "$ini"
    fi
    
    read s < <( sed -nr 's/^ *session[.]save_path *= *(.*)$/\1/p' "$ini" )
    if [[ "$s" != "$tmp" ]]; then
            sed -ri 's#^( *session[.]save_path *= *).*$#\1'"$tmp"'#' "$ini"
    fi

  11. The Following User Says Thank You to IWorx-Matt For This Useful Post:


  12. #10
    Join Date
    Jul 2011
    Location
    Sweden
    Posts
    150
    Points
    5,248
    Level
    30
    Ah, nice ... can easily change it to use another php.ini. Thats good.

  13. #11
    Join Date
    Jul 2013
    Posts
    3
    Points
    4
    Level
    1
    Matt,

    I tried your script there with the Event Hooks on Interworx 5 beta 6 release, running on Cloud Linux.
    The script never run at all, can you help?
    Here is the message from iworx.log
    Code:
    2013-07-27 09:25:26.47455 [ts9omg-wcn5-ktnu-WEB] [INFO]  : hook prog not executable by iworx: /usr/local/bin/enable_session_save_path.sh : /xhr.php 
    2013-07-27 09:25:26.69654 [ts9omg-fvt4-rk7m-PHP] [INFO]  :  139.228.32.134 routing: Ctrl_Nodeworx_Siteworx -> searchCommit : /xhr.php
    How can I use your script to make the php.ini available to each SiteWorx account, and also provide a place for the php sessions?

    Thank you,
    Reza

  14. #12
    Join Date
    May 2013
    Posts
    62
    Points
    301
    Level
    6
    I hope you get positive results for that...i tried it but failed..so best of luck with that.

  15. #13
    Join Date
    Sep 2013
    Posts
    6
    Points
    67
    Level
    1
    reza: what is fixed?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •