1
gruessle
own server == / != phpsuexec 777 / 755
  • 2005/12/3 6:07

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


The whole question is in the subject line.
I am now running XOOPS on a privat server
Do I need phpsuexec?
How bad is it to run cache and c_tamplate in 777. I know it' is bad. Is there another way?

cache and c_tamplate are theonly reason I need phpsuexec and if you know away to awoit it then please share it with me.

Thanks
Grüssle
......

http://www.vmclinks.com

2
Herko
Re: own server == / != phpsuexec 777 / 755
  • 2005/12/3 11:23

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


I bet LazyBadger can explain it more thoroughly, but if you're the only user on that machine, you probably don't need to set the folders to world writable. Just make sure that the user that owns the files is the same one as the user running the script (the apache user).

Herko

3
gediminasbyt
Re: own server == / != phpsuexec 777 / 755

You don't have to run Apache as apache user, it's assumed you run as apache. Check this post as I explained it a few days ago:

Post

Gediminas

4
gruessle
Re: own server == / != phpsuexec 777 / 755
  • 2005/12/3 19:30

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


gediminasbyt wrote:
Quote:
There are couple steps for it. Check as what user apache is running by issuing a command:

ps aux|grep apache

First column on left will show as what user apache is running. Most of the time it will be apache.

Go to your XOOPS install directory and issue:

ls -al

It will show something like:
drwxrwxrwx 13 username1 username2 4096 Nov 1 14:23 directoryname
(P.S. username2 is the owner of those files)

If username1 is not the same as in previous command then go to your XOOPS install directory and issue this command:

chown -R usernameinstep1 *

if you want to change the owner of the files then you do

chown -R usernamestep1:usernamestep1 *

Gediminas


This is a major thing so I like to make sure I understand you right.

I checked
ps aux|grep apache
first on my local linux box then on my hosted server. On my hosted server apache is running as root. Is it still save do do this?

Following would change all folders to be owned by root
chown -R root *
and this would change all files to be owned by root, right?
chown -R root:root *

Let me see if I understand this right.
If I transfer ownership of folders and files to what ever apache is running as then I can run cache and c_template as chmod 755 and don't have to run it as 777. Is this correct?

Now my understanding why people install phpsuexec is. They want to prevent users in a shared box to access each others php files. phpsuexec needs much more cpu resourses so if you don't have shared hosting it is better to run with out phpsuexec, right?


I could go on with quetions but if don't want to over due it.

Thank for your help
Grüssle
......

http://www.vmclinks.com

5
gediminasbyt
Re: own server == / != phpsuexec 777 / 755

No way I would recommend running apache as root nor chmoding files to be with root privileges. First thing I do disable root account for any types of outside connections on my servers except for console.

If you can get to httpd.conf file then you can start apache as any other user. You have to define that user in that file. I'm away from computer where I could check on how to do that, but if you need I can let you know later.

Basically, you have to find apache.conf file which most of the time is in /etc/httpd/conf/httpd.conf or /etc/httpd/conf.d/httpd.conf edit that file and look for a directive to runs apache as what user. Then you have to restart apache as that user with something like 'service httpd restart' or '/etc/rc.d/init.d/httpd restart' it would depend on the flavor of *ix you are using.

You can read more about running apache as another user on http://www.apache.org site.

6
gruessle
Re: own server == / != phpsuexec 777 / 755
  • 2005/12/3 20:08

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


Wait i might have gotten that wrong, it is mostly running as nobody just one time as root, see below
And it a centOS box

root@server [/]# ps aux|grep apache
root     27135  0.0  0.0  2668  908 pts/0    T    00:55   0:00 /usr/bin/perl /scripts/easyapache
root     27154  0.0  0.0  2020  804 pts
/0    T    00:55   0:00 sh buildapache.sea
root     27208  0.0  0.0  2788  988 pts
/0    T    00:55   0:00 /usr/bin/perl ./buildapache
root     24473  0.0  0.0 13148 1268 
?        S    02:31   0:02 /usr/local/apache/bin/httpd -DSSL
nobody    8682  0.2  0.1 20400 5964 
?        S    03:27   1:26 /usr/local/apache/bin/httpd -DSSL
nobody    8683  0.2  0.1 20312 4064 
?        S    03:27   1:40 /usr/local/apache/bin/httpd -DSSL
nobody    8684  0.3  0.1 20280 7176 
?        S    03:27   2:09 /usr/local/apache/bin/httpd -DSSL
nobody    8685  0.2  0.2 20388 8224 
?        S    03:27   1:34 /usr/local/apache/bin/httpd -DSSL
nobody    8686  0.2  0.1 19988 5756 
?        S    03:27   1:46 /usr/local/apache/bin/httpd -DSSL
nobody    9911  0.2  0.1 20464 6260 
?        S    03:32   1:25 /usr/local/apache/bin/httpd -DSSL
nobody    9915  0.2  0.1 20284 8108 
?        S    03:32   1:36 /usr/local/apache/bin/httpd -DSSL
nobody   13152  0.3  0.0 20200 3600 
?        S    03:43   2:05 /usr/local/apache/bin/httpd -DSSL
nobody   13472  0.1  0.1 21200 7388 
?        S    03:44   1:21 /usr/local/apache/bin/httpd -DSSL
nobody    1464  0.4  0.1 20952 7668 
?        S    06:02   2:32 /usr/local/apache/bin/httpd -DSSL
root     22994  0.0  0.0  1408  148 pts
/0    D    15:09   0:00 grep apache
root
@server [/]#
Grüssle
......

http://www.vmclinks.com

7
gediminasbyt
Re: own server == / != phpsuexec 777 / 755

Yes, httpd is probably started as root (normal config) and then run as nobody. You can change that in httpd.conf file.

8
gruessle
Re: own server == / != phpsuexec 777 / 755
  • 2005/12/3 21:01

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


I can change what, root not starting apache?

I don't get it.

I understand apache is running as nobody on my server.
Would it not be bad changing folders to be owned by nobody, that would be the same as 777, right.

So what I should do is change apache to run as a user called apache by creating an account for apache.
I just checked there is already a user apache.

In that case all I have to do is change nobody to apache in httpd.conf and then restart apache, right?

Now I go in and change ownership of the folders cache and c_template to user apache and thats it, right?

Sorry, I know how this must sound, please forgive me.
It just has to be right to the point.
Grüssle
......

http://www.vmclinks.com

9
gediminasbyt
Re: own server == / != phpsuexec 777 / 755

There is nothing to be forgiven. I should be sorry for not explaining normally .

You are absolutely correct. User nobody is used for nobody, so you should not use it. Because there is a user apache already created you have to edit httpd.conf file, change nobody to apache there, save file and restart httpd by '/sbin/service httpd restart'. Then go to your webhosting directory and 'chown -R apache:apache xoopsinstall'

Remember, when you edit files, copy them as another user from time to time you will have to issue the same 'chown -R apache xoopsinstall' for those files and dirs.

Good luck.

10
gruessle
Re: own server == / != phpsuexec 777 / 755
  • 2005/12/4 18:51

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


That sounds like a pain having to do that all the time!
Grüssle
......

http://www.vmclinks.com

Login

Who's Online

256 user(s) are online (117 user(s) are browsing Support Forums)


Members: 0


Guests: 256


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Oct 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits