[suPHP] Best configuration for virtual users

Jorge Bastos mysql.jorge at decimal.pt
Thu May 1 18:41:43 CEST 2008 

No problem,
I just wanted this to work :(




> -----Original Message-----
> From: Jeremy Chadwick [mailto:suphp at jdc.parodius.com]
> Sent: quinta-feira, 1 de Maio de 2008 17:14
> To: Jorge Bastos
> Subject: Re: [suPHP] Best configuration for virtual users
> 
> My apologies then.  Yes, I did miss that mail.
> 
> --
> | Jeremy Chadwick                                jdc at parodius.com |
> | Parodius Networking                       http://www.parodius.com/ |
> | UNIX Systems Administrator                  Mountain View, CA, USA |
> | Making life hard for others since 1977.              PGP: 4BD6C0CB |
> 
> On Thu, May 01, 2008 at 04:44:29PM +0100, Jorge Bastos wrote:
> > Hey Jeremy,
> > But I already confirmed a few emails back that with a system users it
> works!
> > So I believe you missed that email.
> >
> >
> >
> > > -----Original Message-----
> > > From: Jeremy Chadwick [mailto:suphp at jdc.parodius.com]
> > > Sent: quinta-feira, 1 de Maio de 2008 15:31
> > > To: Jorge Bastos
> > > Cc: 'Wouter de Jong'; 'Sebastian Marsching';
> suphp at lists.marsching.biz
> > > Subject: Re: [suPHP] Best configuration for virtual users
> > >
> > > Jorge, a couple things.
> > >
> > > Wouter's patch works fine on Linux and FreeBSD.  The semantics of
> the
> > > change will work on both operating systems.
> > >
> > > Secondly, and more importantly, what proof do you have that the
> problem
> > > is with non-system users?  All I see you doing is constantly
> stating
> > > that the errors you get from suPHP are being caused by the user of
> > > '#uid' and '#gid' syntax in your suPHP_UserGroup lines, but the log
> > > entries in suphp.log don't indicate there's necessarily anything
> wrong
> > > with those.
> > >
> > > There has been no confirmation that you've actually tried using a
> local
> > > system user and seen it work.
> > >
> > > Personally I think the problem is elsewhere.
> > >
> > > --
> > > | Jeremy Chadwick                                jdc at
> parodius.com |
> > > | Parodius Networking
> http://www.parodius.com/ |
> > > | UNIX Systems Administrator                  Mountain View, CA,
> USA |
> > > | Making life hard for others since 1977.              PGP:
> 4BD6C0CB |
> > >
> > > On Thu, May 01, 2008 at 01:45:11PM +0100, Jorge Bastos wrote:
> > > > Thanks a lot Wouter,
> > > >
> > > > Sebastian, can you do something about non-system users on linux?
> > > >
> > > > Jorge
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Wouter de Jong [mailto:wouter at widexs.nl]
> > > > > Sent: quinta-feira, 1 de Maio de 2008 12:39
> > > > > To: Jorge Bastos
> > > > > Cc: suphp at lists.marsching.biz
> > > > > Subject: Re: [suPHP] Best configuration for virtual users
> > > > >
> > > > > On Thu, May 01, 2008 at 12:14:31PM +0100, Jorge Bastos wrote:
> > > > >
> > > > > Jorge,
> > > > >
> > > > > The patch is in suPHP since version 0.5.2, as I mentioned in me
> > > > > previous
> > > > > reply to you. So I can't send it again :)
> > > > >
> > > > > > I searched for for mailling list and found this:
> > > > > >
> > > > > > http://lists.marsching.com/pipermail/suphp/2004-
> > > February/000288.html
> > > > >
> > > > > Very old ;)
> > > > >
> > > > > > but the fact is that I compiled suphp with:
> > > > > >
> > > > > > sh configure --with-apxs=/usr/bin/apxs2 --with-min-uid=5000
> > > > > > --with-min-gid=4901 --with-apache-user=www-data
> > > > > > --with-logfile=/var/log/suphp/suphp.log CPPFLAGS=-
> > > I/usr/include/apr-0
> > > > > > --sysconfdir=/etc/suphp --disable-checkuid --disable-checkgid
> > > > > > --with-setid-mode=paranoid --disable-checkpath
> > > > > >
> > > > > > so checkuid and checkguid is there, unless the
> "suPHP_UserGroup"
> > > has
> > > > > to be
> > > > > > inside a ifmodule tag?
> > > > >
> > > > > checkuid and checkgid are no longer used.
> > > > > Sebastian : --disable-check{uid,gid} are still mentioned in
> > > > > doc/INSTALL,
> > > > > but no longer used since version 0.6 ... you might want to
> remove
> > > it.
> > > > >
> > > > >
> > > > > So as I told you before ... the feature should work since it's
> > > > > built-in. However, my setup runs on FreeBSD and not on Linux.
> > > > > Since I see an API.cpp and API_Linux.cpp, there is a very tiny
> > > > > possibility it's broken on Linux but I couldn't find any reason
> for
> > > it
> > > > > in a glance when looking at the 0.6.3 sources.
> > > > >
> > > > > I'm not able to test it on Linux right now either (packing for
> a
> > > tiny
> > > > > vacation),
> > > > > so maybe someone else on this list could do this to see if it's
> > > > > something
> > > > > wrong on Jorge's box or it's really broken on Linux ?
> > > > >
> > > > > It's as simple as specifying an unused uid in httpd.conf for
> > > > > suPHP_UserGroup, like :
> > > > >
> > > > > suPHP_UserGroup #12345 users
> > > > >
> > > > > (You can ofcourse, also specify an (unused) gid)
> > > > >
> > > > > And then ofcourse set correct permissions + uid-owner on the
> dir's
> > > +
> > > > > script.
> > > > >
> > > > > Regards,
> > > > >
> > > > > --
> > > > > WideXS                          http://www.widexs.nl
> > > > > Wouter de Jong                  Jr. Hosting Architect
> > > > > Tel +31 (0)20 7570700           Fax +31 (0)20 7570799
> > > > > Zekeringstraat 43,		1014 BV Amsterdam, NL
> > > >
> > > >
> > > > _______________________________________________
> > > > suPHP mailing list
> > > > suPHP at lists.marsching.biz
> > > > http://lists.marsching.com/mailman/listinfo/suphp

More information about the suPHP mailing list