[suPHP] suPHP_ConfigPath/PHPRC ignored

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi guys,


normally I'm not one to cry out for help. But I'm having an issue that's
driving me crazy. I've been searching the web and the suPHP list archives
for almost a week with no resolution. Staring at the config and log files
isn't helping either.
Sorry for the lengthy message. But I figure more info means less Q&A and
less of your time. Any help will be greatly appreciated.

A while back I installed a fresh Debian Lenny system with Apache2/PHP5 (CGI)
and suPHP on my EeePC. That system is working perfectly with user-specific
php.ini files. I documented the steps I needed to take to get it working the
way I want it to.

Then I created a new server (virtual with Xen 5) for hosting purposes. I
installed the same Debian Lenny with the same packages and configuration as
far as I'm aware of. suPHP works just fine, I see info messages in it's log
file when I open the test website in my browser. The custom .ini file I
saved to /etc/php5/conf.d/default.ini with general setting for all users is
applied as expected.
The problem is that the php.ini file in the directory specified with
suPHP_ConfigPath is completely ignored... When I check with "ls -alu" the
file access time doesn't change when I open the test website.

I've tried to copy the user-specific php.ini file to /tmp, give it 777
permissions and change suPHP_ConfigPath accordingly. I tried changing
ownership of this php.ini to the user running the PHP script. Also tried to
set suPHP_ConfigPath in different Apache config files. But nothing seems to
matter.

/etc/apache2/mods-available/suphp.conf is used since turning off the
suPHP_Engine there results in the browser downloading PHP files as plain
tekst with source code. I know I have the correct VirtualHost, the files are
served from that directory. Changing suPHP_ConfigPath to xxxsuPHP_ConfigPath
will prevent Apache from starting up as expected, so the suPHP_ConfigPath
property *is* recognized by Apache.

I just don't get why it works on one computer and not the other. Maybe I'm
missing something really small and simple.


I've been looking at phpinfo() output. Both computers have:

Environment
PHPRC  /home/000-suphp/zzz.zzz/web

PHP Variables
_SERVER["PHPRC"] /home/000-suphp/zzz.zzz/web


The server that's ignoring the config file shows:
Loaded Configuration File  /etc/php5/cgi/php.ini

Whereas the EeePC shows:
Loaded Configuration File  /home/000-suphp/zzz.zzz/web/php.ini


When I use PHP-CGI with -c switch from the console I DO see the correct path
on the server:

# php5-cgi -c /home/000-suphp/zzz.zzz/web \
> -f /home/zzz.zzz/web/index.php |grep Loaded
<tr><td class="e">Loaded Configuration File </td><td 
class="v">/home/000-suphp/zzz.zzz/web/php.ini </td></tr>

This also works:

# PHPRC=/home/000-suphp/zzz.zzz/web
# export PHPRC
# php5-cgi -f /home/zzz.zzz/web/phpinfo.php |grep Loaded
<tr><td class="e">Loaded Configuration File </td><td 
class="v">/home/000-suphp/zzz.zzz/web/php.ini </td></tr>


So with PHPRC set why won't PHP load the correct configuration file when I
request a script through Apache/suPHP?



Installed packages:
apache2-mpm-prefork   2.2.9-10+lenny2
libapache2-mod-suphp  0.6.2-3
php5-common           5.2.6.dfsg.1-0.1~lenny1
php5-cgi              5.2.6.dfsg.1-0.1~lenny1



test.php:

<?php
   echo TESTZZZ;
   echo exec('cat /etc/passwd');
   var_dump(ini_get('upload_tmp_dir'));
?>

Returns:

Notice: Use of undefined constant TESTZZZ - assumed 'TESTZZZ' in 
/home/zzz.zzz/web/abc/down.php on line 2 TESTZZZ
Warning: exec() has been disabled for security reasons in 
/home/zzz.zzz/web/abc/down.php on line 3
bool(false)



/etc/apache2/mods-available/suphp.conf:

<IfModule mod_suphp.c>
   AddType application/x-httpd-php .php .php3 .php4 .php5 .phtml
   suPHP_AddHandler application/x-httpd-php
   <Directory />
      suPHP_Engine on
   </Directory>
   # By default, disable suPHP for debian packaged web applications as files
   # are owned by root and cannot be executed by suPHP because of min_uid.
   <Directory /usr/share>
      suPHP_Engine off
   </Directory>
# # Use a specific php config file (a dir which contains a php.ini file)
   suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
#   suPHP_RemoveHandler <mime-type>
</IfModule>



/etc/apache2/sites-available/zzz.zzz:

<VirtualHost 192.168.3.84>
   ServerName zzz.zzz
   ServerAlias www.zzz.zzz
   DocumentRoot /home/zzz.zzz/web/
   TransferLog /home/zzz.zzz/logs/web.log
   suPHP_ConfigPath /home/000-suphp/zzz.zzz/web
</VirtualHost>
<VirtualHost 192.168.3.84>
   ServerName beta.zzz.zzz
   DocumentRoot /home/zzz.zzz/beta/
   TransferLog /home/zzz.zzz/logs/beta.log
   suPHP_ConfigPath /home/000-suphp/zzz.zzz/beta
</VirtualHost>



/etc/suphp/suphp.conf:

[global]
;Path to logfile
logfile=/var/log/suphp/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=www-data
;Path all scripts have to be in
docroot=/home
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=33
[handlers]
;Handler for php-scripts
application/x-httpd-php=php:/usr/bin/php-cgi
;Handler for CGI-scripts
x-suphp-cgi=execute:!self



/etc/php5/conf.d/default.ini:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Default customized settings ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Prevent usage of unsecure functions
disable_functions = 
dl,set_time_limit,exec,shell_exec,system,passthru,popen,pclose,proc_open,proc_close,proc_get_status,proc_terminate,proc_nice,posix_kill,posix_mkfifo,pos 
ix_setpgid,posix_setsid,posix_setuid,diskfreespace,disk_free_space,disk_total_space
; Allow users to upload bigger files
upload_max_filesize = 10M
; Don't set old (and deprecated) $HTTP_*_VARS for better performance
register_long_arrays = Off
; Set output buffer for better performance
output_buffering = 4096
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; Don't automatically add slashes to all input data, instead use 
addslashes() for data you are saving to a database
magic_quotes_gpc = Off
; Don't hash variables into $_ENV, use getenv() instead
variables_order = "GPCS"
; Log all errors for more stable, predicatable and secure code
error_reporting = E_ALL
; Cleaner code
allow_call_time_pass_reference = Off
; Don't allow <? ?> style tags for better portability
short_open_tag = Off



/home/000-suphp/zzz.zzz/web/php.ini

; Lock users in their own home directory
open_basedir = /home/zzz.zzz/
doc_root = /home/zzz.zzz/web/
; Temporary files
upload_tmp_dir = /home/zzz.zzz/tmp
session.save_path = /home/zzz.zzz/tmp
; Disable $argc and $argv which aren't used by cgi
register_argc_argv = Off
; prevent displaying errors in the client browser
display_errors = Off
log_errors = On
error_log = /home/zzz.zzz/logs/php.log 



[Index of Archives]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [Postgresql]     [PHP Books]     [PHP Databases]     [PHP SOAP]
  Powered by Linux