Virtualmin, apache2 group/user problem

I moved virtualmin installation from one system disk to another but left in use old hard disk mounted on /home. After setting up virtualmin backup, user/group permissions was incorrect for almost all domains, for example, domain aaa.com had group/user bbb.com. I chowned all files manually and websites worked fine until I enabled/disabled some apache2 modules.

When I make/edit files with php scripts, these files made by php have user/group www-data not aaa.com and I can not edit them later. I can only if I add chmod(“777”); in this script which is editing files. How can I make that files edited by PHP don’t have www-data user/group but user’s real group? Thank You!<br><br>Post edited by: malinens, at: 2009/04/11 01:02

And I have some strange things with apt-get (Ubuntu):

[code:1]The following packages were automatically installed and are no longer required:
libnet-daemon-perl bind9 sasl2-bin libnet-ip-perl libio-zlib-perl
nvidia-kernel-common irb1.8 libsasl2 libnet-dns-perl db4.6-util clamav
mysql-server dovecot-common php5 awstats libdbi-perl
webmin-security-updates rdoc ri clamav-base libclamav3 libversion-perl
procmail spamc libapache2-mod-fcgid libgmp3c2 procmail-wrapper scponly
libpg-perl dovecot-imapd webmin-virtualmin-awstats irb clamav-docs
libdbd-mysql-perl libapache2-svn webmin-virtualmin-htpasswd
usermin-virtual-server-theme rdoc1.8 mysql-client libplrpc-perl
webmin-virtualmin-dav libsocket6-perl libdbd-pg-perl clamav-freshclam
proftpd apache2-doc dovecot-pop3d libnetaddr-ip-perl
webmin-virtualmin-mailman webmin-virtual-server-theme libmail-spf-perl
libreadline-ruby1.8 clamav-daemon libsys-hostname-long-perl
mysql-server-5.0 libdigest-hmac-perl webmin-virtualmin-svn
libarchive-tar-perl ri1.8 mysql-client-5.0 spamassassin clamav-testfiles[/code:1]

Some of these packages I think is important…

I moved virtualmin installation from one system disk to another but left in use old hard disk mounted on /home.

Are you sure that’s all you did? The UID/GID wouldn’t change just because you copied some files (assuming you used the right flags to preserve ownership and permissions).

After setting up virtualmin backup, user/group permissions was incorrect for almost all domains, for example, domain aaa.com had group/user bbb.com.

Ah…so, you didn’t just move disks. You’ve gone to a different OS installation and didn’t do a normal backup/restore in Virtualmin. You’ve just got the /home directory sitting around, while the new system has a bunch of new UID/GIDs. That’s not really the way I’d recommend moving things around. Just copying to a new disk would work fine. Or, doing a Virtualmin backup from the old running system and then restore on the new running system, that would also work fine. But, trying to do a half-backup half-old disk kind of thing is just asking for trouble.

The following packages were automatically installed and are no longer required

I suspect you uninstalled virtualmin-base somewhere along the way. Uninstalling virtualmin-base is mostly harmless.

Uninstalling these packages, on the other hand, would cause massive breakage. Your server would pretty much stop working altogether. No web, no mail, many Virtualmin modules and the theme gone, no web stats, no POP/IMAP service, no FTP, and more. Yep, that’d be a real bad day. You’d have no choice but to start over and restore from backups.

My sistem worked fine for a while after I manually wrote chown -R aa:aa aa, chown -R bb:bb bb. But once I enabled/disabled some apache2/php modules and now I php scripts make files with www-data user/group and it is NOT because I had problems with migrating to another system disk. This is the only bug I have seen (email, DNS works perfectly).

these are my apache2 modules:

[code:1] geoip Enabled
headers Disabled
ident Disabled
imagemap Disabled
include Disabled
info Disabled
ldap Disabled
log_forensic Disabled
mem_cache Enabled
mime Enabled
mime_magic Disabled
mod_mono Disabled
mod_mono_auto Disabled
mod_python Enabled
negotiation Enabled
perl Enabled
php5 Enabled
proxy Enabled
proxy_ajp Disabled
proxy_balancer Disabled
proxy_connect Disabled
proxy_ftp Disabled
proxy_http Disabled
rewrite Enabled
ruby Enabled
setenvif Enabled
speling Disabled
ssl Enabled
status Enabled
substitute Disabled
suexec Enabled
suphp Enabled
unique_id Disabled
userdir Disabled
usertrack Disabled
version Disabled
vhost_alias Disabled
actions Enabled
alias Enabled
asis Disabled
auth_basic Enabled
auth_digest Enabled
authn_alias Disabled
authn_anon Disabled
authn_dbd Disabled
authn_dbm Disabled
authn_default Disabled
authn_file Enabled
authnz_ldap Disabled
authz_dbm Disabled
authz_default Enabled
authz_groupfile Enabled
authz_host Enabled
authz_owner Disabled
authz_user Enabled
autoindex Enabled
cache Enabled
cern_meta Disabled
cgi Enabled
cgid Disabled
charset_lite Disabled
dav Enabled
dav_fs Enabled
dav_lock Disabled
dav_svn Enabled
dbd Disabled
deflate Enabled
dir Enabled
disk_cache Disabled
dump_io Disabled
env Enabled
expires Disabled
ext_filter Disabled
fcgid Enabled
file_cache Disabled
filter Disabled[/code:1]

I enabled/disabled some apache2/php modules and now I php scripts make files with www-data user/group

If you want it to run as the user, you need to switch to one of the suexec modes of execution for PHP scripts (instead of mod_php). mod_fcgid or CGI. You can find this in Server Configuration->Website Options for the virtual server you want to change.

Hi Joe!

Server Configuration->Website Options - I don’t have Website options but I have Configure Website under the “Services” menu. I can’t find where I can change from mod_php to fcgid.

Some PHP/apache2 info:

[code:1]PHP Version 5.2.4-2ubuntu5.5

System Linux ubuntu 2.6.24-23-server #1 SMP Wed Apr 1 22:14:30 UTC 2009 x86_64
Build Date Feb 11 2009 19:53:12
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php5/apache2
Loaded Configuration File /usr/local/Zend/etc/php.ini
Scan this dir for additional .ini files /etc/php5/apache2/conf.d
additional .ini files parsed /etc/php5/apache2/conf.d/curl.ini, /etc/php5/apache2/conf.d/ffmpeg.ini, /etc/php5/apache2/conf.d/gd.ini, /etc/php5/apache2/conf.d/imagick.ini, /etc/php5/apache2/conf.d/memcache.ini, /etc/php5/apache2/conf.d/mhash.ini, /etc/php5/apache2/conf.d/mysql.ini, /etc/php5/apache2/conf.d/mysqli.ini, /etc/php5/apache2/conf.d/pdo.ini, /etc/php5/apache2/conf.d/pdo_mysql.ini, /etc/php5/apache2/conf.d/pdo_pgsql.ini, /etc/php5/apache2/conf.d/pdo_sqlite.ini, /etc/php5/apache2/conf.d/pgsql.ini, /etc/php5/apache2/conf.d/sqlite.ini, /etc/php5/apache2/conf.d/xcache.ini
PHP API 20041225
PHP Extension 20060613
Zend Extension 220060519
Debug Build no
Thread Safety disabled
Zend Memory Manager enabled
IPv6 Support enabled
Registered PHP Streams zip, php, file, data, http, ftp, compress.bzip2, compress.zlib, https, ftps
Registered Stream Socket Transports tcp, udp, unix, udg, ssl, sslv3, sslv2, tls
Registered Stream Filters string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, convert.iconv., bzip2., zlib.

Suhosin logo This server is protected with the Suhosin Patch 0.9.6.2
Copyright © 2006 Hardened-PHP Project

Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v2.2.0, Copyright © 1998-2007 Zend Technologies
with eAccelerator v0.9.5.3, Copyright © 2004-2006 eAccelerator, by eAccelerator
with the ionCube PHP Loader v3.1.34, Copyright © 2002-2009, by ionCube Ltd.

Configuration
PHP Core
Directive Local Value Master Value
allow_call_time_pass_reference On On
allow_url_fopen On On
allow_url_include Off Off
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags On On
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors Off Off
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl Off Off
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 0 6135
expose_php On On
extension_dir /usr/lib/php5/20060613 /usr/lib/php5/20060613
file_uploads On On
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/share/php:/usr/share/pear .:/usr/share/php:/usr/share/pear
log_errors Off Off
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 300 300
max_input_nesting_level 64 64
max_input_time 600 600
memory_limit 256M 256M
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 256M 256M
precision 12 12
realpath_cache_size 16K 16K
realpath_cache_ttl 120 120
register_argc_argv On On
register_globals Off On
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
suhosin.log.phpscript 0 0
suhosin.log.phpscript.is_safe Off Off
suhosin.log.phpscript.name no value no value
suhosin.log.sapi no value no value
suhosin.log.script no value no value
suhosin.log.script.name no value no value
suhosin.log.syslog no value no value
suhosin.log.syslog.facility no value no value
suhosin.log.syslog.priority no value no value
suhosin.log.use-x-forwarded-for Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 512M 512M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On
zend.ze1_compatibility_mode Off Off

apache2handler
Apache Version Apache/2.2.8
Apache API Version 20051115
Server Administrator [no address given]
Hostname:«»Port wapsity.ru:0
User/Group www-data(33)/33
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 300 - Keep-Alive: 15
Virtual Server Yes
Server Root /etc/apache2
Loaded Modules core mod_log_config mod_logio prefork http_core mod_so mod_actions mod_alias mod_auth_basic mod_auth_digest mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cache mod_cgi mod_dav mod_dav_fs mod_dav_svn mod_authz_svn mod_deflate mod_dir mod_env mod_fcgid mod_geoip mod_mem_cache mod_mime mod_python mod_negotiation mod_perl mod_php5 mod_proxy mod_rewrite mod_ruby mod_setenvif mod_ssl mod_status mod_suexec mod_suphp

Directive Local Value Master Value
engine 1 1
last_modified 0 0
xbithack 0 0

Apache Environment
Variable Value
GEOIP_COUNTRY_CODE LV
GEOIP_COUNTRY_NAME Latvia
SCRIPT_URL /administrator/index2.php
SCRIPT_URI http://wapsity.ru/administrator/index2.php
HTTP_HOST wapsity.ru
HTTP_USER_AGENT Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
HTTP_ACCEPT text/html, application/xhtml+xml, application/xml;q=0.9,/;q=0.8
HTTP_ACCEPT_LANGUAGE en-us, en;q=0.5
HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_ACCEPT_CHARSET ISO-8859-1, utf-8;q=0.7,*;q=0.7
HTTP_KEEP_ALIVE 300
HTTP_CONNECTION keep-alive
HTTP_REFERER http://wapsity.ru/administrator/index2.php
PATH /usr/local/bin:/usr/bin:/bin
SERVER_SIGNATURE no value
SERVER_SOFTWARE Apache/2.2.8
SERVER_NAME wapsity.ru
SERVER_ADDR 193.46.236.141
SERVER_PORT 80
REMOTE_ADDR 77.93.13.41
DOCUMENT_ROOT /home/wapsity/public_html
SERVER_ADMIN [no address given]
SCRIPT_FILENAME /home/wapsity/public_html/administrator/index2.php
REMOTE_PORT 3714
GATEWAY_INTERFACE CGI/1.1
SERVER_PROTOCOL HTTP/1.1
REQUEST_METHOD GET
QUERY_STRING option=com_admin&task=sysinfo
REQUEST_URI /administrator/index2.php?option=com_admin&task=sysinfo
SCRIPT_NAME /administrator/index2.php

HTTP Headers Information
HTTP Request Headers
HTTP Request GET /administrator/index2.php?option=com_admin&task=sysinfo HTTP/1.1
Host wapsity.ru
User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8
Accept text/html, application/xhtml+xml, application/xml;q=0.9,/;q=0.8
Accept-Language en-us, en;q=0.5
Accept-Encoding gzip, deflate
Accept-Charset ISO-8859-1, utf-8;q=0.7,*;q=0.7
Keep-Alive 300
Connection keep-alive
Referer http://wapsity.ru/administrator/index2.php
HTTP Response Headers
X-Powered-By PHP/5.2.4-2ubuntu5.5
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma no-cache[/code:1]

Hrm, “Website Options” doesn’t appear to be available in the GPL version of Virtualmin.

I’m not sure whether that’s an oversight, or whether there’s a different way to do all that on the GPL version. I’ll ask Joe/Jamie to chime in :slight_smile:
-Eric

the gpl version doesn’t have this.
It is a Pro feature.
You can however do it manually and that is described in this forum a few times.

you can change www-data to apache though if you prefer this.
"If you wish httpd to run as a different user or group, you must run
httpd as root initially and it will switch."

ronald’s right.

The PHP execution mode handling code is part of the Install Scripts feature. This is sort of historical, and will probably eventually be changed to become part of the core (and thus in Virtualmin GPL).

But, right now, you have to tweak a few things to run things under mod_fcgid. I have documented this several times on the forum…it’s not very difficult. I’m pretty sure I’ve even stickied one of the threads about it.

I just assumed because of the way you phrased it "I enabled/disabled some apache2/php modules and now I php scripts make files with www-data user/group", that you had previously seen different behavior…which made me think you were running Pro. But, GPL would have never offered other behavior.