web site stops working inside a disabled shell.

I'm still learning WHM and its security measures etc.
I've tried to put one of my accounts under a disabled shell, but as soon as i do this, the site stops working.
I did ask a week or so ago, but don't think i got a reply.

The site in question is a cubecart which uses PHP files.
Is there any reason why it stops working, ?
I'm, seeing 404 errors, so i'm assuming that the files have moved ??

- - - Updated - - -

Code:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@xxx.co.uk and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at www.xxx.co.uk Port 80

 

This is me changing the site back to disabled shell, then trying to open the site.

Code:

[Tue Dec 09 19:52:54 2014] [notice] Graceful restart requested, doing restart
[Tue Dec 09 19:52:55 2014] [notice] mod_ruid2/0.9.8 enabled
[Tue Dec 09 19:52:55 2014] [notice] Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 configured -- resuming normal operations
[Tue Dec 09 19:52:58 2014] [error] [client my.ip.address] SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
[Tue Dec 09 19:52:58 2014] [error] [client my.ip.address] Premature end of script headers: index.php
[Tue Dec 09 19:52:58 2014] [error] [client my.ip.address] File does not exist: /home/account/public_html/500.shtml

 

Michael.
After you mentioned apache, i figured i'd play with apache/php config.
I changed the PHP 5 Handler from SUPHP to DSO, restarted Apache and it seems that the site is now working in a shell.
Although, I'd have to fully test this.

Whats the difference between SUPHP and DSO and are there any implications ?

Also could you explain how i check the ownership ?

 

I put it back to SUphp, removed it from the shell then added it back in. (just in case)
This is what I found.

Code:

root@servername [~]# ls -al /home/user/public_html
total 76532
drwxr-x--- 20 user nobody     4096 Dec  9 20:03 ./
drwx--x--x 15 user user       4096 Dec  9 09:11 ../
-rw-r--r--  1 user user   48081909 Nov 21 08:46 171114.zip
-rw-r--r--  1 user user      11262 Nov 21 08:45 404.htm
drwxr-xr-x 18 user user       4096 Nov 21 08:46 admin/
-rw-r--r--  1 user user      10648 Nov 21 08:45 AT146.pdf
-rw-r--r--  1 user user   23690574 Nov 21 08:46 atnumscrews.zip
drwxr-xr-x  4 user user       4096 Nov 21 08:52 userimages/
-rw-r--r--  1 user user     571372 Nov 21 08:50 user-sitemap.xml
-rw-r--r--  1 user user    1428298 Nov 21 08:46 Body\ Clip\ A4\ 2.pdf
-rw-r--r--  1 user user       4294 Nov 21 08:50 cart.php
drwxr-xr-x  2 user user       4096 Nov 21 20:41 cgi-bin/
-rw-r--r--  1 user user      26671 Nov 21 08:50 challenge.jpg
drwxr-xr-x  3 user user       4096 Nov 21 08:47 classes/
-rw-r--r--  1 user user       2905 Nov 21 08:50 confirmed.php
drwxr-xr-x  3 user user       4096 Nov 21 08:47 contact/
drwxr-xr-x  2 user user       4096 Nov 21 08:48 coshh/
drwxr-xr-x  2 user user       4096 Nov 21 08:48 docs/
-rw-r--r--  1 user user       3693 Nov 21 08:50 download.php
-rw-r--r--  1 user user          0 Nov 21 08:46 error_log
drwxr-xr-x  2 user user       4096 Nov 21 08:48 extra/
-rw-r--r--  1 user user       1150 Nov 21 08:46 favicon.ico
-rw-r--r--  1 user user       1003 Nov 21 08:50 .htaccess
-rw-r--r--  1 user user       1115 Nov 21 08:45 .htaccess-copy
drwxr-x---  2 user nobody     4096 Nov 21 13:54 .htpasswds/
drwxr-xr-x  9 user user       4096 Nov 21 08:55 images/
drwxr-xr-x  7 user user       4096 Nov 21 08:48 includes/
-rw-r--r--  1 user user       6725 Nov 21 08:50 index.php
-rw-r--r--  1 user user       6717 Nov 21 08:46 index.php-notellafreind
-rw-r--r--  1 user user       6717 Nov 21 08:50 index.php-orig
-rw-r--r--  1 user user        573 Nov 21 08:46 info.php
drwxr-xr-x  2 user user       4096 Nov 21 08:48 js/
drwxr-xr-x 12 user user       4096 Nov 21 08:48 language/
-rw-r--r--  1 user user      76404 Nov 21 08:50 latex.jpg
-rw-r--r--  1 user user      45892 Nov 21 08:50 logo.jpg
drwxr-xr-x  5 user user       4096 Nov 21 08:48 modules/
-rw-r--r--  1 user user      16362 Nov 21 08:50 new-blue.jpg
-rw-r--r--  1 user user      13276 Nov 21 08:50 new-grey.jpg
-rw-r--r--  1 user user      64000 Nov 21 08:50 of.doc
-rw-r--r--  1 user user        684 Nov 21 08:50 offLine.php
-rw-r--r--  1 user user      64000 Nov 21 08:50 oform.doc
-rw-r--r--  1 user user     322983 Nov 21 08:50 of.pdf
drwxr-xr-x  7 user user       4096 Nov 21 08:49 pear/
drwxr-xr-x  2 user user       4096 Nov 21 08:49 psusite/
-rw-r--r--  1 user user      13870 Nov 21 08:50 README.txt
-rw-r--r--  1 user user       1444 Nov 21 08:50 recommend.php
-rw-r--r--  1 user user       1437 Nov 21 08:46 recommend.php-old
-rw-r--r--  1 user user       1440 Nov 21 08:46 recommend.php-old2
-rw-r--r--  1 user user        576 Nov 21 08:50 robots.txt
drwxr-xr-x  2 user user       4096 Nov 21 08:49 root\ backup/
-rw-r--r--  1 user user    3006331 Nov 21 08:46 rubberwheel2.zip
-rw-r--r--  1 user user         99 Nov 21 08:50 shop
-rw-r--r--  1 user user       1390 Nov 21 08:50 shop.php
drwxr-xr-x  4 user user       4096 Nov 21 08:52 skins/
-rw-r--r--  1 user user       2448 Nov 21 08:50 spiders.txt
-rw-r--r--  1 user user       2787 Nov 21 08:50 switch.php
-rw-r--r--  1 user user       2186 Nov 21 08:46 test.htm
-rw-r--r--  1 user user        471 Nov 21 08:46 thankyou.htm
-rw-r--r--  1 user user      28453 Nov 21 08:46 title.gif

Prior to this, I also tried making changing the ownership of the account from root to user.
But it still failed with shell disabled

 

Hi Michael.

I am still seeing the same issue.
There is something on the cubecart forums about the ereg() functions being deprecated and PHP will throw back a lot of warnings in PHP 5.
The cubecart i'm using was written when PHP4 was in fashion.

Do you think this could have anything to do with it ?

It does seem to be running OK in a disabled shell when PHP is configured for DSO, and runs OK when PHP is configured for SUphp when in a normal shell.

There will only be me running this server, i will not be reselling it, but I will have a number of domains (belonging to myself) on there.
I'm happy to leave it at DSO if there are no security implications.

 

Sorry InfoPr, i'm not sure what you're trying to say.?
I'm not asking for Cubecart help, I'm trying to understand what's causing the site not to work inside a shell.
The cubecart we are using is heavily modified and won't upgrade without losing the mods, some of which are vital to the job.
And i only discovered yesterday that PHP5 may cause issues.

I guess my next thing will be to try and downgrade PHP to 5.2.3, and see if this helps

 

I knew nothing about WHM until about two weeks ago, so I'm undergoing a massive self learning curve.

Earlier in the week, the site was owned by root.
I naively assumed that as i'm the only person using this and the password is very secure, that it would be OK to run all my domains under a single login/user (root)
However, I've since learned that this is maybe not such a good thing, so I made the account a reseller.

I'm under pressure to move the site from it's current host, but at the same time keep it working, only then could i even consider trying to upgrade it.
Given the custom mods applied, i know from the start that it's not going to work and will be a long arduous trek.

 

Maybe my issue has been account related.
Again, not really knowing whether i'm doing this right or wrong.
I'll have a look at creating a new basic account and try from there.

I'm more than willing to learn

 

ahhhh "Package"
Let me tinker a little more and come back tomorrow.


As regards being under pressure. The site is currently on a shared host, where the mail server keeps getting blacklisted because of spammers and/or hackers.
I figured that we might be better off going it alone.

I want to be sure that I'm happy with standing on my own two feet (so to speak) before jumping in and going live.
The boss doesn't really understand that.

 

I just found something in an earlier thread about Ruid2 and SUphp not working together.
I can see in my PHP config that Ruid2 is enabled, but i see no way to disbable this.

 

I'll take a look, and report back.

Thanks