Announcement

Collapse
No announcement yet.

Auto user-specific php.ini for suPHP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Auto user-specific php.ini for suPHP

    Before changing over to suPHP I was using a custom vhost-base.conf file to automatically generate the PHP value for open_basedir per virtual host upon new siteworx account creation, like this:

    php_admin_value open_basedir "<<WEBROOT>>:/tmp"

    Now with suPHP I have to create the /home/user/etc/ folder and php.ini file in there and set the appropriate permissions manually.

    Are there any plans to allow auto generation of the per-user php.ini files with some custom default values?

  • #2
    Second this! :)
    Ledger Technologies Group Ltd - UK based dynamic group of companies that utilises existing and emerging technologies to provide data solutions for clients globally.
    EverythingWeb.Net Ltd - UK Based Website Hosting, Design & Maintenance.

    The views expressed in the above messsage are purely my own and are in no way official or representative of the companies I represent.

    Comment


    • #3
      Third!
      there aer several php properties that i would like the user to be able to turn off.
      Like: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen and set open_basedir (or default it to their home folder so their CMS systems don't bug them about it).

      Comment


      • #4
        forth vote here.

        Comment


        • #5
          Another vote.
          Greetz,

          Gerwin Krist

          Comment


          • #6
            Hello Ladies and Gents,

            Not sure how we haven't seen this yet, but I have taken the request and added it to our request tracker. Definitely sounds like a good idea!
            Daniel Motles
            Technical Support
            InterWorx-CP | http://interworx.com/

            Comment


            • #7
              Dan that would be nice! Right now it's possible to overwrite all PHP setting (such as memory_limit) with PHP's ini_set command. It would make our staff so happy :-)
              My suggestions to set the following parameters per site and default:
              • register_globals
              • allow_url_fopen
              • allow_url_include
              • magic_quotes_gpc
              • register_long_arrays
              • memory_limit
              • upload_max_filesize
              • post_max_size
              • max_execution_time
              • max_input_time
              Greetz,

              Gerwin Krist

              Comment


              • #8
                Hi Guys,

                We made a little-temp-fix for the suPHP problem which:
                1. creates a /home/<user>/etc directorie in the siteworx user directory and copies /etc/php.ini to this IF not already existst.
                2. changes owner of php.ini to root:root (we do not allow our customers to make changes to php.ini themselves).
                3. fixes the session directory in the php.ini (sessions will be placed in /home/<user>/tmp directorie of the the siteworx user)

                We run this script every 5 minutes. As said before it's a work-around script so don't expect rocket science. If it makes you happy,I am happy :-)


                Code:
                #! /bin/bash
                
                function get-dir-list()
                {
                    local -a info
                
                    while read -a info; do
                        echo "/home/${info[1]}"
                    done < <( nodeworx -u -n -c Siteworx -a listAccounts )
                }
                
                while read dir; do
                    if etc="$dir/etc"; [[ ! -d "$etc" ]]; then
                        mkdir "$etc"
                        # Do not change ownership to owner,
                        # or an owner could remove php.ini
                        # and replace it with its own... :P
                        chown root:root "$etc"
                    fi
                
                    if tmp="$dir/tmp"; [[ ! -d "$tmp" ]]; then
                        mkdir "$tmp"
                        chown --reference="$dir" "$tmp"
                        chmod 01755 "$tmp"
                    fi
                
                    if ini="$etc/php.ini"; [[ ! -f "$ini" ]]; then
                        cp /etc/php.ini "$ini"
                        chown root:root "$ini"
                        chmod 0444 "$ini"
                    fi
                
                    read s < <( sed -nr 's/^ *session[.]save_path *= *(.*)$/\1/p' "$ini" )
                    if [[ "$s" != "$tmp" ]]; then
                        sed -ri 's#^( *session[.]save_path *= *).*$#\1'"$tmp"'#' "$ini"
                    fi
                done < <( get-dir-list )
                Last edited by gerwin; 02-15-2012, 07:06 AM.
                Greetz,

                Gerwin Krist

                Comment


                • #9
                  Event Hooks Plugin Script

                  Based on gerwin's excellent cron script above, the following can be integrated with our Event Hooks plugin to automate the creation of the necessary files and directories:

                  Code:
                  #!/bin/bash
                  #
                  # INSTALLATION:
                  #
                  # First, ensure the InterWorx CLI is installed via 'yum install interworx-cli'
                  # 
                  # Install this script at /usr/local/bin/enable_session_save_path.sh
                  # 
                  # Enable the Event Hooks plugin in NodeWorx.
                  # Add the following line to your InterWorx Event Hook Configuration:
                  # 
                  #     Ctrl_Nodeworx_Siteworx add /usr/local/bin/enable_session_save_path.sh
                  # 
                  # Ensure that both this file *and* the Event Hook config are both readable
                  # and executable by the iworx user:
                  # 
                  #     chmod 0770 /usr/local/bin/enable_session_save_path.sh
                  #     chown iworx /usr/local/bin/enable_session_save_path.sh
                  # 
                  # In order for this script to run successfully, the iworx user
                  # must be added to the sudoers file. This can be done as follows:
                  # 
                  # Run 'visudo'
                  # Append these lines: 
                  #
                  #     %iworx ALL=(ALL) NOPASSWD:SETENV: /bin/bash -p /usr/local/bin/enable_session_save_path.sh
                  #     Defaults:%iworx !requiretty
                  #
                  # Save and exit visudo
                  
                  if [[ "$iw_uniqname" == "" ]]; then
                    exit 1
                  fi
                  
                  if [[ "$(id -u)" != "0" ]]; then
                    self="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/$(basename $0)"
                    sudo -E bash -p $self
                    exit 0
                  fi
                  
                  dir="/home/$iw_uniqname"
                  
                  if etc="$dir/etc"; [[ ! -d "$etc" ]]; then
                          mkdir "$etc"
                          # Do not change ownership to owner,
                          # or an owner could remove php.ini
                          # and replace it with its own
                          chown root:root "$etc"
                  fi
                  
                  if tmp="$dir/tmp"; [[ ! -d "$tmp" ]]; then
                          mkdir "$tmp"
                          chown --reference="$dir" "$tmp"
                          chmod 01755 "$tmp"
                  fi
                  
                  if ini="$etc/php.ini"; [[ ! -f "$ini" ]]; then
                          cp /etc/php.ini "$ini"
                          chown root:root "$ini"
                          chmod 0444 "$ini"
                  fi
                  
                  read s < <( sed -nr 's/^ *session[.]save_path *= *(.*)$/\1/p' "$ini" )
                  if [[ "$s" != "$tmp" ]]; then
                          sed -ri 's#^( *session[.]save_path *= *).*$#\1'"$tmp"'#' "$ini"
                  fi
                  Matt Parmelee
                  Interworx Developer
                  http://www.interworx.com/

                  Comment


                  • #10
                    Ah, nice ... can easily change it to use another php.ini. Thats good.

                    Comment


                    • #11
                      Matt,

                      I tried your script there with the Event Hooks on Interworx 5 beta 6 release, running on Cloud Linux.
                      The script never run at all, can you help?
                      Here is the message from iworx.log
                      Code:
                      2013-07-27 09:25:26.47455 [ts9omg-wcn5-ktnu-WEB] [INFO]  : hook prog not executable by iworx: /usr/local/bin/enable_session_save_path.sh : /xhr.php 
                      2013-07-27 09:25:26.69654 [ts9omg-fvt4-rk7m-PHP] [INFO]  :  139.228.32.134 routing: Ctrl_Nodeworx_Siteworx -> searchCommit : /xhr.php
                      How can I use your script to make the php.ini available to each SiteWorx account, and also provide a place for the php sessions?

                      Thank you,
                      Reza

                      Comment


                      • #12
                        I hope you get positive results for that...i tried it but failed..so best of luck with that.

                        Comment


                        • #13
                          reza: what is fixed?

                          Comment

                          Working...
                          X