Do i need suexec?

Virtualmin
1

Hi,

i gave virtualmin a shot because i wanted to get away from isp-config, since isp-config relies on suexec, which gives me a hard time by installing a specific kind of software. I have all the times bunches of problems with rights and permissions; and on a different server, where i run apache without suexec don’t see them anymore. Furthermore, i am using a perl software solution which heavily relies on symlinks, which won’t work too, with suexec.

Any chance running virtualmin without suexec and without installing everything manually?

I went through manual install (because the other server already had webmin installed and i chose to use the deb package for the ubuntu 10.04LTS i am using for all servers.

Interestingly, i found some caveats by using the install script:

  1. If you do not specify your hostname with the -host option, it will install virtualmin Pro
  2. If you change the naming scheme in your template for the mail/ftp user to “name@domain”, you will have to restart postfix afterwards, otherwise it won’t find the correct saslauthd flag (-r) which will be set automatically in /etc/default.
  3. if you bring in your own ssl certs/keys, you can either upload them using server configuration->Manage SSL Certificates or upload them in your filesystem overwriting, or even better, renaming the existing ones.
  4. You might need a CA certificate, which you will install in the CA certificate Tab. Since you can only upload one of them, i’d suggest using an intermediate Class 1 or Class 2 certificate, your trusted certification authority will provide for you.
  5. I was searching in various folders and .conf files, to add them to postfix/dovecot, just to find out, that, if you have just copied your server certificate and private key in your home folder, like me, they show up in server configuration-> Manage SSL Certificates, and then are availble to copy them over to webmin/usermin/postfix/dovecot etc.
  6. If you use SSL certificates in postfix/dovecot; you will have to setup your outlook like this:
    Imap SSL Port 993
    SMTP SSL Port465
    SPA on
    Use same credentials for SMTP authorisation

Best

2

Any chance running virtualmin without suexec and without installing everything manually?

Well, although Virtualmin does install and configure suexec, and uses it by default – you certainly don’t need to use it.

You can disable suexec, and for PHP apps, you can use mod_php instead of executing apps via CGI/FCGID.

In System Settings -> Server Templates -> Default -> Apache Website, you can uncheck “Automatically add appropriate SuExec directive”.

Also, towards the bottom of that screen, you can edit “Default PHP execution mode”, and set that to mod_php.

-Eric

3

this is a lifesaver; bedause i spent tons of hours, getting the software to work under suexec, which didn’t work out at all, so this helps a lot.

Thank you very much for your fast reply.

Btw: When i install virtualmin manually, it looks like it doesn’t have saslauthd installed, that seems to be the reason why i had so much problems with emails.

Best

4

I can only use one virtual ftp server per IP, right? But i can create ftp accounts for a virtual server w/o problems, but the setting in System Settings -> Limits & validation -> ftp directory restrictions only works for virtual servers, if i have proftpd active in features/plugins and in the according virtual server.

Now i am wondering, whether there is a workaround to restrict the ftp users of the virtual server to stay in their home or in the homedirectory of the virtual server, without having to enable FTP for a virtual server.

Thanks for help