Auto user-specific php.ini for suPHP

Before changing over to suPHP I was using a custom vhost-base.conf file to automatically generate the PHP value for open_basedir per virtual host upon new siteworx account creation, like this:

php_admin_value open_basedir “<<WEBROOT>>:/tmp”

Now with suPHP I have to create the /home/user/etc/ folder and php.ini file in there and set the appropriate permissions manually.

Are there any plans to allow auto generation of the per-user php.ini files with some custom default values?

Second this! :slight_smile:

Third!
there aer several php properties that i would like the user to be able to turn off.
Like: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen and set open_basedir (or default it to their home folder so their CMS systems don’t bug them about it).

forth vote here.

Another vote.

Hello Ladies and Gents,

Not sure how we haven’t seen this yet, but I have taken the request and added it to our request tracker. Definitely sounds like a good idea!

Dan that would be nice! Right now it’s possible to overwrite all PHP setting (such as memory_limit) with PHP’s ini_set command. It would make our staff so happy :slight_smile:
My suggestions to set the following parameters per site and default:

  • register_globals
  • allow_url_fopen
  • allow_url_include
  • magic_quotes_gpc
  • register_long_arrays
  • memory_limit
  • upload_max_filesize
  • post_max_size
  • max_execution_time
  • max_input_time

Hi Guys,

We made a little-temp-fix for the suPHP problem which:

[LIST=1]

  • creates a /home/<user>/etc directorie in the siteworx user directory and copies /etc/php.ini to this IF not already existst.
  • changes owner of php.ini to root:root (we do not allow our customers to make changes to php.ini themselves).
  • fixes the session directory in the php.ini (sessions will be placed in /home/<user>/tmp directorie of the the siteworx user) [/LIST] We run this script every 5 minutes. As said before it's a work-around script so don't expect rocket science. If it makes you happy,I am happy :-)
    
    #! /bin/bash
    
    function get-dir-list()
    {
        local -a info
    
        while read -a info; do
            echo "/home/${info[1]}"
        done < <( nodeworx -u -n -c Siteworx -a listAccounts )
    }
    
    while read dir; do
        if etc="$dir/etc"; [[ ! -d "$etc" ]]; then
            mkdir "$etc"
            # Do not change ownership to owner,
            # or an owner could remove php.ini
            # and replace it with its own... :P
            chown root:root "$etc"
        fi
    
        if tmp="$dir/tmp"; [[ ! -d "$tmp" ]]; then
            mkdir "$tmp"
            chown --reference="$dir" "$tmp"
            chmod 01755 "$tmp"
        fi
    
        if ini="$etc/php.ini"; [[ ! -f "$ini" ]]; then
            cp /etc/php.ini "$ini"
            chown root:root "$ini"
            chmod 0444 "$ini"
        fi
    
        read s < <( sed -nr 's/^ *session[.]save_path *= *(.*)$/\1/p' "$ini" )
        if [[ "$s" != "$tmp" ]]; then
            sed -ri 's#^( *session[.]save_path *= *).*$#\1'"$tmp"'#' "$ini"
        fi
    done < <( get-dir-list )
    
    
    
  • Event Hooks Plugin Script

    Based on gerwin’s excellent cron script above, the following can be integrated with our Event Hooks plugin to automate the creation of the necessary files and directories:

    
    #!/bin/bash
    #
    # INSTALLATION:
    #
    # First, ensure the InterWorx CLI is installed via 'yum install interworx-cli'
    # 
    # Install this script at /usr/local/bin/enable_session_save_path.sh
    # 
    # Enable the Event Hooks plugin in NodeWorx.
    # Add the following line to your InterWorx Event Hook Configuration:
    # 
    #     Ctrl_Nodeworx_Siteworx add /usr/local/bin/enable_session_save_path.sh
    # 
    # Ensure that both this file *and* the Event Hook config are both readable
    # and executable by the iworx user:
    # 
    #     chmod 0770 /usr/local/bin/enable_session_save_path.sh
    #     chown iworx /usr/local/bin/enable_session_save_path.sh
    # 
    # In order for this script to run successfully, the iworx user
    # must be added to the sudoers file. This can be done as follows:
    # 
    # Run 'visudo'
    # Append these lines: 
    #
    #     %iworx ALL=(ALL) NOPASSWD:SETENV: /bin/bash -p /usr/local/bin/enable_session_save_path.sh
    #     Defaults:%iworx !requiretty
    #
    # Save and exit visudo
    
    if [[ "$iw_uniqname" == "" ]]; then
      exit 1
    fi
    
    if [[ "$(id -u)" != "0" ]]; then
      self="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/$(basename $0)"
      sudo -E bash -p $self
      exit 0
    fi
    
    dir="/home/$iw_uniqname"
    
    if etc="$dir/etc"; [[ ! -d "$etc" ]]; then
            mkdir "$etc"
            # Do not change ownership to owner,
            # or an owner could remove php.ini
            # and replace it with its own
            chown root:root "$etc"
    fi
    
    if tmp="$dir/tmp"; [[ ! -d "$tmp" ]]; then
            mkdir "$tmp"
            chown --reference="$dir" "$tmp"
            chmod 01755 "$tmp"
    fi
    
    if ini="$etc/php.ini"; [[ ! -f "$ini" ]]; then
            cp /etc/php.ini "$ini"
            chown root:root "$ini"
            chmod 0444 "$ini"
    fi
    
    read s < <( sed -nr 's/^ *session[.]save_path *= *(.*)$/\1/p' "$ini" )
    if [[ "$s" != "$tmp" ]]; then
            sed -ri 's#^( *session[.]save_path *= *).*$#\1'"$tmp"'#' "$ini"
    fi
    
    

    Ah, nice … can easily change it to use another php.ini. Thats good.

    Matt,

    I tried your script there with the Event Hooks on Interworx 5 beta 6 release, running on Cloud Linux.
    The script never run at all, can you help?
    Here is the message from iworx.log

    2013-07-27 09:25:26.47455 [ts9omg-wcn5-ktnu-WEB] [INFO]  : hook prog not executable by iworx: /usr/local/bin/enable_session_save_path.sh : /xhr.php 
    2013-07-27 09:25:26.69654 [ts9omg-fvt4-rk7m-PHP] [INFO]  :  139.228.32.134 routing: Ctrl_Nodeworx_Siteworx -> searchCommit : /xhr.php 
    

    How can I use your script to make the php.ini available to each SiteWorx account, and also provide a place for the php sessions?

    Thank you,
    Reza

    reza: what is fixed?