[suPHP] Best configuration for virtual users

Jeremy Chadwick suphp at jdc.parodius.com
Thu May 1 16:31:23 CEST 2008 

Jorge, a couple things.

Wouter's patch works fine on Linux and FreeBSD.  The semantics of the
change will work on both operating systems.

Secondly, and more importantly, what proof do you have that the problem
is with non-system users?  All I see you doing is constantly stating
that the errors you get from suPHP are being caused by the user of
'#uid' and '#gid' syntax in your suPHP_UserGroup lines, but the log
entries in suphp.log don't indicate there's necessarily anything wrong
with those.

There has been no confirmation that you've actually tried using a local
system user and seen it work.

Personally I think the problem is elsewhere.

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |

On Thu, May 01, 2008 at 01:45:11PM +0100, Jorge Bastos wrote:
> Thanks a lot Wouter,
> 
> Sebastian, can you do something about non-system users on linux?
> 
> Jorge
> 
> 
> > -----Original Message-----
> > From: Wouter de Jong [mailto:wouter at widexs.nl]
> > Sent: quinta-feira, 1 de Maio de 2008 12:39
> > To: Jorge Bastos
> > Cc: suphp at lists.marsching.biz
> > Subject: Re: [suPHP] Best configuration for virtual users
> > 
> > On Thu, May 01, 2008 at 12:14:31PM +0100, Jorge Bastos wrote:
> > 
> > Jorge,
> > 
> > The patch is in suPHP since version 0.5.2, as I mentioned in me
> > previous
> > reply to you. So I can't send it again :)
> > 
> > > I searched for for mailling list and found this:
> > >
> > > http://lists.marsching.com/pipermail/suphp/2004-February/000288.html
> > 
> > Very old ;)
> > 
> > > but the fact is that I compiled suphp with:
> > >
> > > sh configure --with-apxs=/usr/bin/apxs2 --with-min-uid=5000
> > > --with-min-gid=4901 --with-apache-user=www-data
> > > --with-logfile=/var/log/suphp/suphp.log CPPFLAGS=-I/usr/include/apr-0
> > > --sysconfdir=/etc/suphp --disable-checkuid --disable-checkgid
> > > --with-setid-mode=paranoid --disable-checkpath
> > >
> > > so checkuid and checkguid is there, unless the "suPHP_UserGroup" has
> > to be
> > > inside a ifmodule tag?
> > 
> > checkuid and checkgid are no longer used.
> > Sebastian : --disable-check{uid,gid} are still mentioned in
> > doc/INSTALL,
> > but no longer used since version 0.6 ... you might want to remove it.
> > 
> > 
> > So as I told you before ... the feature should work since it's
> > built-in. However, my setup runs on FreeBSD and not on Linux.
> > Since I see an API.cpp and API_Linux.cpp, there is a very tiny
> > possibility it's broken on Linux but I couldn't find any reason for it
> > in a glance when looking at the 0.6.3 sources.
> > 
> > I'm not able to test it on Linux right now either (packing for a tiny
> > vacation),
> > so maybe someone else on this list could do this to see if it's
> > something
> > wrong on Jorge's box or it's really broken on Linux ?
> > 
> > It's as simple as specifying an unused uid in httpd.conf for
> > suPHP_UserGroup, like :
> > 
> > suPHP_UserGroup #12345 users
> > 
> > (You can ofcourse, also specify an (unused) gid)
> > 
> > And then ofcourse set correct permissions + uid-owner on the dir's +
> > script.
> > 
> > Regards,
> > 
> > --
> > WideXS                          http://www.widexs.nl
> > Wouter de Jong                  Jr. Hosting Architect
> > Tel +31 (0)20 7570700           Fax +31 (0)20 7570799
> > Zekeringstraat 43,		1014 BV Amsterdam, NL
> 
> 
> _______________________________________________
> suPHP mailing list
> suPHP at lists.marsching.biz
> http://lists.marsching.com/mailman/listinfo/suphp

More information about the suPHP mailing list