The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exclude sites from phpSuExec

Discussion in 'General Discussion' started by westhost-neil, Oct 6, 2006.

  1. westhost-neil

    westhost-neil Well-Known Member

    Joined:
    Jun 3, 2005
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    I'm developing some PHP software that will use a master account to hold a master set of scripts. I will then create indivdual slave accounts that will need access to these scripts.

    I've disabled open_basedir for these users and setup a symlink to the folder on the master account, trouble is, when accessing the folder I get a 500 Internal Server Error.

    I'm almost certain that this is a phpSuExec problem as the slaves can view HTML documents in the master account but fail when trying to run any php script.

    In the suexec log I see error: target uid/gid (32079/32081) mismatch with directory (32076/32078) or program (0/0) or trusted user (0/10) which says it all.

    So to get this working I hope all I need is to exclude the slave accounts from suexec rules.

    Any advice would be greatly apprecited.

    Neil Westlake
     
  2. rsaylor

    rsaylor Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    160
    Likes Received:
    1
    Trophy Points:
    18
    Hi, the only way to do this is to have 2 copies of apache running on different ports and have two builds of php. What makes it suexec is how php is compiled as a cgi vs a module.
     
  3. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    You already have the effect of a master account in that scripts can be included from /usr/local/lib/php without a path. This inclusion trick should be enough to get you going. That is, a line like this would pull in antispam.php from /usr/local/lib/php if it existed there:
    PHP:
    include 'antispam.php';
    You'll want to check phpinfo() output to make sure that /usr/local/lib/php is included in the preset include path; it is in there by default.

    If that isn't enough, research a little more; I'm pretty confident there's a way to do it.
     
  4. westhost-neil

    westhost-neil Well-Known Member

    Joined:
    Jun 3, 2005
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    Thanks for the replys.

    The include php lib idea is a good which I already use for another project but is not going to be viable for this problem. I don't want to include files I need to have a single batch of scripts that are run by multiple users from a single location.

    Basically each user has there own database and configuration files but all of the required scripts are run from the master location. Currently symlinking on my development server works perfect but is a problem on the live server because of phpSuExec.

    It's looking like I'll have to get a dedicated server to run this app. :(
     
  5. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    There will be a way to work around this, you may need some support from the host though so if you can't get it, a VPS or dedicated server might be the way to go.
     
  6. westhost-neil

    westhost-neil Well-Known Member

    Joined:
    Jun 3, 2005
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    Thanks for the reply,

    You misunderstood me, we are the host :) When I referred to getting a dedicated server I meant for this application.

    I've been searching the net and I still can't find anything to point me in the right direction. This is a live server so I can't just go making big changes.

    Thanks anyway.
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,384
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    You could set the accounts up as addon domains. Have one parent account, and then several addon domains that act as children to the parent account.

    This may not be what you are wanting, but its just a thought. With addon domains, each domain woudl be owned by the parent account. I guess the downside to this is that all of the children would also have access to the other children accounts as well.

    Just a thought.
     
  8. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    I'm almost certain I've seen a way to modify suexec's behaviour. By the way, I'm fairly sure this is an suexec problem rather than a phpsuexec problem, if you check in the audit log you get the details you are quoting.
     
  9. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
  10. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    turn safe mode off, for each account you wish to access master files.
     
Loading...

Share This Page