Jeez

So I was trying to install suphp following this tutorial…
http://www.howtoforge.com/install-suphp-on-various-linux-distributions-for-use-with-ispconfig-2.2.20-and-above
The make was having errors, and I couldn’t start apache back up, so decided to remove what it told me to install.

sudo apt-get autoremove apache2-prefork-dev

started removing all of my services, mysql, clamav… everything… what the hell…

So I reinstall apache2-prefork-dev… and none of those services are reinstalled… this is pissing me off.

Here are some that were uninstalled, putty doesn’t go back far enough to see everything i don’t guess…

apache2-doc apache2-prefork-dev awstats bind9 clamav clamav-base
clamav-daemon clamav-docs clamav-freshclam clamav-testfiles comerr-dev
db4.6-util dovecot-common dovecot-imapd dovecot-pop3d irb irb1.8
libapache2-mod-fcgid libapache2-svn libapr1-dev libaprutil1-dev
libarchive-tar-perl libclamav5 libdb4.5 libdb4.6-dev libdbd-mysql-perl
libdbd-pg-perl libdbi-perl libdigest-hmac-perl libdigest-sha1-perl
liberror-perl libexpat1-dev libgeoip1 libgmp3c2 libio-zlib-perl libkadm55
libkrb5-dev libldap2-dev libmail-spf-perl libneon27 libnet-daemon-perl
libnet-dns-perl libnet-ip-perl libnetaddr-ip-perl libpcre3-dev libpcrecpp0
libpg-perl libplrpc-perl libpq-dev libreadline-ruby1.8 libsasl2
libsocket6-perl libsqlite3-dev libssl-dev libsvn1 libsys-hostname-long-perl
libversion-perl mailman mysql-client mysql-client-5.0 mysql-server
mysql-server-5.0 php-pear php5-cgi postgresql postgresql-8.3
postgresql-client-8.3 postgresql-client-common postgresql-common procmail
procmail-wrapper proftpd pwgen rdoc rdoc1.8 ri ri1.8 sasl2-bin scponly
sharutils spamassassin spamc subversion usermin-virtual-server-theme
uuid-dev virtualmin-base webalizer webmin-security-updates
webmin-virtual-server-theme webmin-virtualmin-awstats webmin-virtualmin-dav
webmin-virtualmin-htpasswd webmin-virtualmin-mailman webmin-virtualmin-svn
zlib1g-dev

Well, that’s certainly no good at all :slight_smile:

All I can offer is that you may want to try reinstalling what was removed, and hope for the best – and hope that your config files and stuff weren’t removed at the same time the apps were.

You can probably get a full list of what was removed in /var/log/dpkg.log.

-Eric

I’m doing that now, /cross fingers

why does virtualmin look like this??

http://img525.imageshack.us/img525/1977/wtfzem.jpg

am i missing a package?

the login says “login to webmin” and its all blue… and crappy looking

I can’t check my mail now either!

An error occurred listing mail in this folder : Failed to connect to localhost:143 : Connection refused

Sounds like some packages may still be missing; I’d go through the dpkg.log file and make sure you have all of them, or you’ll be dealing with weird problems for quite awhile :slight_smile:

Make sure you have both dovecot and webmin-virtual-server-theme installed… their absence could cause the above issues you’re describing.

-Eric

Everything from a-z is right there, it’s everything that was uninstalled.
I have dovecot, and I have webmin-virtual-server-theme installed.

I had to click “update selected operating system” and now virtualmin is back to normail w000t… postfix was down, i started it up in the control panel, and it said it failed to start… but its running and i can receive mail now!

I think suphp is the way to have hardened php… am I wrong? Can you point me to a good tutorial for suphp on virtualmin?

We actually recommend using FCGI and suexec for PHP, rather than suphp.

There’s a forum post that describes how to set it up here:

http://www.virtualmin.com/node/8462

Add to httpd.conf in the public_html Directory section within the relevant VirtualServer section:

AddHandler fcgid-script .php5
FCGIWrapper /home/example/fcgi-bin/php5.fcgi .php

Create the wrapper in /home/domainname/fcgi-bin/php5.fcgi:

#!/bin/bash
PHPRC=$PWD/…/etc/php5
export PHPRC
umask 022
SCRIPT_FILENAME=$PATH_TRANSLATED
export SCRIPT_FILENAME
exec /usr/bin/php-cgi

The application files, and the fcgi wrapper must be owned by the user, and must not be world or group writable (suexec will not execute them, if they are).

You also need to copy php.ini into the etc/php5 directory within the users home.

is that all i need to do?

suphp is doing what suexec+fcgid is doing, just restricted to PHP while suexec+fcgid covers all CGI scripting languages.
That’s why I have been advocating suexec+mod_fcgid even before I learned that Virtualmin happens to use the same solution.

Note that Virtualmin will be using suexec+mod_fcgid anyway in the standard installation as far as I know (it did for me anyway).
I’d even avoid running suphp and suexec+modfcgid on the same machine: the functional overlap makes unwanted interactions (a.k.a. bugs) more likely. Also, since the combination is rarely used, it is less well tested.

So, my advice is short and easy: drop suphp :slight_smile:

I think you can configure Virtualmin for suexec+fcgid, and it will do all that’s necessary for you.

UPDATE: This seems to be available for Virtualmin Pro only. I didn’t find the option in Virtualmin GPL.
The newest relevant post on the topic seems to be on http://www.virtualmin.com/node/8462#comment-35141 .
Notes:

  1. A umask of 027 is necessary instead of the more usual 022 if there are mutually untrusted parties on the same machine.
  2. I’m not sure that that’s possible, but it would certainly be good to have the php5.fcgi file somewhere where it’s copied into every server that’s being setup.

you can use /etc/skel for that purpose and enable that in the server template. Files and directories under /etc/skel will be copied to every new server.

Files and directories under /etc/skel will be copied to every new server.

Actually once per Unix user, not once per server (you’d need to configure Virtualmin for a per-server skeleton directory).
The difference doesn’t matter in this case because Joe’s configuration is designed to work if installed once per Unix user, but it will matter in those cases where you really need a separate set of files for each domain.

[UPDATE: This should have gone as a reply to ronald’s post. Sorry for the mixup.]