I rent a dedicated server running ubuntu 10.4 on which I have installed virtualmin-gpl, which I use to host my website and some stuff for family and friends. Since I have root access I can always do whatever I need/want and override anything that doesn’t suit me. For my users however this is more difficult.
The biggest problem is this: When my users use a CMS (e.g. joomla) their files need to be owned by www-data. All files created by the CMS will also be owned by www-data. Whenever my users want or need to modify these files, they can’t because they don’t have ownership.
One solution would be to add them to the www-data group and give them permission through that, but that would allow them to access anyones www-data files.
Is there some way to keep everything secure, so that the webser and all users can’t access anything more than they should, while allowing the users to modifyl all files within their home directory? I know there must be a way, but what is it?
With Virtualmin, by default, it uses CGI or FCGID mode through suexec – meaning that all scripts are being run as the Virtual Server owner, rather than www-data.
So in theory, all files created through your CMS should be owned by the user in question.
The only reason that shouldn’t be the case is if you were to go into Server Configuration -> Website Settings, and change the PHP Execution Mode to mod_php.
If you’re using CGI or FCGID, and files are still being created as www-data, you may be running into an issue with Ubuntu 10.04 that causes all PHP to be executed by mod_php… you can correct that by editing /etc/apache2/mods-enabled/php.conf, and comment out the “SetHandler” lines in there, then restart Apache. That fix will allow CGI and FCGID to work properly.
Would that do what you’re after?
Thank you for your response, but I am unable to find the mod_php setting in my virtual servers. Where exactly should I look for that? In the PHP section I can only find the following four settings, all of them completely empty:
PHP Admin Configuration Values
PHP Configuration Values
PHP Admin Configuration Flags
PHP Configuration Flags
Also, the php5.conf does not contain much (I’m assuming you meant this rather than just php.conf):
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
No SetHandler line or anything like it.
What can I do to make dead-certain that php is run properly and not as mod_php?
After logging into Virtualmin, and clicking Server Configuration -> Website Settings, do you see an option called “PHP Execution Mode”? If so, what’s that set to?
Also, you may want to create a script called test.php, and in it, put this code:
<?php phpinfo(); ?>
Then call that from your browser… the section “Server API” near the top should say “CGI/FastCGI”. If it says something about “Apache” handler, that’s mod_php.
Thanks a lot, I was in the “configure website” options under “services” and couldn’t find the php execution setting there. Now I found it and changed it to FastCGI.
I’m assuming FastCGI is a preferable setting to “CGI Wrapper”?
Well, it all depends on your needs, and what works best for you
Some folks have had trouble with FastCGI (FCGID), and those problems go away under CGI mode. Others have no problem with FastCGI, and prefer it for it’s performance boost.
ok, as long as I experience no problems I’ll stick to fastCGI then.
Thanks a lot again. Your help is very much appreciated.