Suphp Working With Vsftpd
Apr 23, 2009
I am setting up a shared Server with apache2 and php5 + suhosin +suPHP + vsftpd.
The Directory Structure is:
1. DocumentRoot
/var/www/virtual/website1
/var/www/virtual/website2
/var/www/virtual/website3
............etc
2. For each website I would create a system account and tie it to each virutal host(as required by suPHP)
chown -R John:group1 /var/www/virtual/website1
chown -R Mary:group1 /var/www/virtual/website2
chown -R Ben:group1 /var/www/virtual/website3
...........etc
<VirtualHost 192.168.100.44>
DocumentRoot /var/www/virtual/website1
ServerName www.website1.com
suPHP_UserGroup John group1
</VirtualHost>
<VirtualHost 192.168.100.45>
DocumentRoot /var/www/virtual/website2
ServerName www.website2.com
suPHP_UserGroup Mary group1
</VirtualHost>
........etc
3. I setup vsftpd with chroot to each virtual host.
This works very nice as long as each client has only one ftp account. But if a client(website1) wants to have multiple ftp accounts( ex. john, john100, john200), they would mess up the file ownership when they upload and change files. Since suPHP executes PHP scripts with the permissions of their owners (suPHP_UserGroup John group1, suPHP would complain their setid is mismatched because the John100 is not the suPHP_USERGROUP owner(John). I have tried Virtual Hosting with Vsftpd and Mysql, that didn't work because all the virutal users would be acting as one user (guest_username=virtualftp) when they upload and change files. I am wondering if there is ways to allow multiple ftp accounts for each Virutal host working together with suPHP. Or It is possible for ftp user to change ownership once they log in.
View 3 Replies
ADVERTISEMENT
Apr 29, 2007
I have a big problem because ban command for APF:
Quote:
/etc/apf/apf -d iptoban
Doesn't working for vsftpd service (only for apache & ssh).
Code:
Apr 29 13:35:05 xxx vsftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=217.20.127.191 user=web0
How can I ban this IP for vsftpd service in APF?
View 0 Replies
View Related
Sep 12, 2007
Which one would you consider using the most? Currently I use vsftpd and while it's fast and light, it's a real pain in the butt to add new users I've found (adding shell users except it doesn't always work). I was reading up on how to add users on pure ftp and they had something called virtual users which looked really nice...
View 9 Replies
View Related
Apr 24, 2007
Server is currently running on proftp with cpanel. If I switch to vsftpd, will all the ftp accounts work and can I manage them through cpanel?
View 1 Replies
View Related
Nov 8, 2008
I have been pulling my hair out all day trying to fix this issue, which should be simple in theory.
Basically in summary, vsftpd is running on the server, I can't connect to FTP from my own computer.
I have tried many things, but right now the way it stands is my vsftpd.conf file has listen=YES. I did a netstat -pan, with a return of:
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 29984/vsftpd
I can telnet/FTP into port 21 locally, so vsftpd is indeed running properly, but I cannot connect from the outside at all. I have also commented out everything in /etc/hosts.allow.
At this point, I am out of ideas. And to top it all off, I'm on a tight deadline. Usually works out there way doesn't it?
View 5 Replies
View Related
Jun 4, 2008
working with Ubuntu (and unix/linux) in general. I have, however, managed to install vsftpd and configure it in what I believe is a correct manner.
However, upon attempting to upload a file, I get a "could not create file" error which seems to imply that I don't have permission. The account that I'm logged in under is an administrator account.
My configuration file is:
Code:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to the Web-Ideals FTP Service! We're awesome.
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
View 0 Replies
View Related
Jul 11, 2008
With Red Hat Enterprise Linux 4 (RHEL 4), are updated packages made available, or are only security patches backported? Specifically I'm interested in vsftpd. Version 2.0.1 is included in the RHEL installation on a server I'm working on, but there is a bug fix in v2.0.4 that I'd like to get access to.
Is there an easy way for me to browse / search what packages are available for RHEL 4, preferably via website?
View 5 Replies
View Related
Nov 11, 2008
I been using plesk, and cpanel so this is the first time I have Webmin for my CentOS.
After some googling and reading, i able to install apache, mysqld and vsftpd (for some reason, my host (hivelocity) didnt install these. So this is my setup.
a.com: in godaddy, i add nameserver host as ns1.a.com and ns2.a.com and change the dns to point to that
b.com: in godday, point dns to ns1.a.com and ns2.a.com
BIND DNS Server
========================
I create two master zone for a.com and b.com
a.com
Code:
$ttl 38400
a.com. IN SOA server.a.com. abc.yahoo.com. (
1226206691
10800
3600
604800
38400 )
a.com. IN A 1.2.3.4
server.a.com. IN A 1.2.3.4
a.com. IN NS server.a.com.
mail.a.com. IN A 1.2.3.4
ftp.a.com. IN CNAME a.com.
www.a.com. IN CNAME a.com.
a.com. IN MX 10 mail.a.com.
b.com
Code:
$ttl 38400
b.com. IN SOA server.a.com. abc.yahoo.com. (
1226206691
10800
3600
604800
38400 )
b.com. IN A 1.2.3.4
server.a.com. IN A 1.2.3.4
b.com. IN NS server.a.com.
mail.b.com. IN A 1.2.3.4
ftp.b.com. IN CNAME b.com.
www.b.com. IN CNAME b.com.
b.com. IN MX 10 mail.b.com.
APACHE
========================
I created 2 virtual servers for a.com and b.com
/home/sites/a.com/html
/home/sites/b.com/html
I create an index.php in a.com/html with content: "a.com YEAH"
I create an index.php in b.com/html with content: "b.com YEAH"
After wait for dns to propogated,
when i try to go to a.com, content "a.com YEAH" shows up.
But when goto b.com, content "a.com YEAH" shows up? Why?
Also, when goto ns1.a.com, content "a.com YEAH" is there.
I also has problem with vsftpd but let fix that later.
View 4 Replies
View Related
May 26, 2007
I have a RHEL 4 plain server, and im using vsftpd server, i can not find an option to specify the max size for uploading files... does anybody know something about this?
View 1 Replies
View Related
Nov 13, 2007
I use "suphp" on 3 servers I own with apache 2.2.6 and suddenly yesterday (15 hours ago) one of the servers show "Internal server error" on all sites.
Tried rebuilding apache and php 4 times with no fix until I came to try handling php with cgi instead. (I always like to track who is using apache processes)
well. getting to this fix was after 10 hours of all sites not working on the server.
now (5 minutes ago) I go to http://www.suphp.org to read their docs for solution to find this
Quote:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, hostmaster@marsching.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache Server at www.suphp.org Port 80
Why did this suddenly arise while No changes were done on server software or config?
I believe this happens after the first coming apache restart or something but dunno what was the reason yet
maybe suphp.org guys have to update us when their site comes back online
View 5 Replies
View Related
Apr 1, 2009
what do you prefer?
fastcgi or suphp?
which one is better with suexec (in security and resource usage)?
View 11 Replies
View Related
Oct 28, 2009
we have installed suPHP along with suhosin on server to prevent upload of illegal scripts but still we are having problems with scripts used for phishing web sites! We have a lot of Joomla users and other php apps installed on server.
View 5 Replies
View Related
Mar 23, 2009
i have many problem from this
i want to remove it
i had recompiled apache without it but it still working
View 2 Replies
View Related
Jul 22, 2009
I have a Linux server for shared hosting in which I am using Cpanel/WHM. I have PHP running as suPHP which I believe is for security. The problem I am facing is a lot of PHP based websites create load on the server and consume as much as 10% of the CPU and sometimes some script even consumes 50% CPU. I think I can reduce the load caused by the PHP scripts by installing eAccelerator. However, it does not work with PHP running as suPHP. Can anybody tell me which one should I choose of the both? Is there any other way to reduce the load on the server?
View 14 Replies
View Related
Feb 8, 2008
what are suexec / suphp and for what purpose we use it.
View 1 Replies
View Related
May 22, 2008
we are try SuPhp on Cpanel server but seem that is use a lot of resource, on 2 X quad core server we can't add more than 300 domains for server, whic configuration do u use? any alternative solution?
View 7 Replies
View Related
Jun 25, 2008
somebody suphp?
What is your advice?
View 6 Replies
View Related
Mar 18, 2008
I'm wondering which one is the best with cPanel and Apache 1.3.41. The server will be used for shared hosting.
View 11 Replies
View Related
Mar 19, 2008
I wanted to ask an advice which php handler is the most secure to have on a shared server:
dso vs cgi vs SuPHP
I currently have dso with Suexec on and few accounts are getting phishing sites uploaded so I read that SuPHP is safer. What do you recommend?
If I do change the server to SuPHP should I enable Suexec as well in the whm: Configure Suexec and PHP?
View 9 Replies
View Related
Nov 27, 2008
i have install suhosin and i want to know that should i install suphp too?
and
do you recomend me to install suphp?
View 2 Replies
View Related
Jun 24, 2009
I have just installed my vps with webmin on debian 5 and I need a guide to how to configure my system to use suphp, Ive googled it but not come back with any clear guide.
I better add Ive plunged in at the deepend and after the secuity breach at Vaserv, I can not take the easy option and install lxadmin any longer.
View 1 Replies
View Related
Oct 18, 2009
I'm running a dedicated server (ie my site only) which is primarily a vbulletin powered site.
I was wondering if it is beneficial in running PHP as suPHP along with suhosin?
A lot of articles I see seem to be aimed at shared setups where there are other users with various (possibly) untrusted scripts.
It is a WHM/cPanel managed server which by default is set to run PHP5 as DSO (Apache module).
suexec is installed however this only affect CGI scripts correct?
I recently had a (paid) security audit completed and I asked the question about suhosin. The reply I got was:
Quote:
You do not need suhosin as you do not run suPHP we enforce posix acl's which will prevent vulnerable scripts from being able to download to the system easily and prevent the automated attacks. You can try this by installing a phpshell and you will see it's not very effective, only php functions are really of any use (such as readfile() and so on) but it will prevent things like wget xxx.
Should I recompile Apache (via EasyApache) with suPHP and suhosin or just leave as is?
View 14 Replies
View Related
Mar 29, 2009
my server is centos and cpanel,
i setup it with suphp and suEXEC,
and i set the register_globals as off on server,
now,i had a website need register_globals on,
i search many articles and try to edit php.ini and .htaccess,
but all still show
FATAL ERROR: register_globals is disabled in php.ini, please enable it!
or
500 internal error
could anyone teach me how to solve the issue?
View 14 Replies
View Related
May 17, 2009
suphp and spent the better part of the day configuring a new server and then upgrading it to suphp in preparation for a migration next week.
However, I broke the links to var/www/html in the process and I don't know at what point it broke to know how to fix it.
I have a couple of links that usually work to this directory:
lax.powermonster.net/test.bin
and
[url]
Both of which now come up to a 404 error from my main site: powermonster.net.
View 12 Replies
View Related
May 28, 2009
OS: CentOS 5
Software: Apache 2 / PHP CGI 5.8 / suPHP
Today I took the leap and switched to suPHP, rather than the Apache module. This is just what suited us best for hosting our own websites, keeping them more isolated from eachother bar a certain shared directory.
All is great, apart from I'm now noticing Zombie processes all of the time. These processes do seem to go away though, if I watch top the amount of Zombie processes will go up and down between 0 and 10.
Code:
17471 gnation 15 0 0 0 0 Z 1 0.0 0:00.03 php-cgi <defunct>
17463 gnation 16 0 0 0 0 Z 1 0.0 0:00.02 php-cgi <defunct>
17467 gnation 16 0 0 0 0 Z 1 0.0 0:00.02 php-cgi <defunct>
Are these processes a problem, considering they do leave after a while? I've read up about Zombie processes and it would seem that as long as they are closing at some point, instead of hanging around, then that's fine. Is this supposed to happen in my setup?
View 3 Replies
View Related
May 8, 2008
Forcetype does not appear to run correctly with Apache 2.2 and SuPHP. Most information suggests changing
ForceType application/x-httpd-php
To:
ForceType x-httpd-php
This does not work for me and php code is being displayed as text instead of being parsed by apache.
View 12 Replies
View Related
Dec 26, 2007
After upgrading to Apache2, installing suPHP and mod_userdir, and enabling open_basedir, I can still browse other users webroot with a c99 shell script. to increase protection without needing safe_mode on?
View 9 Replies
View Related
Oct 15, 2007
My server has update to
WHM 11.11.0 cPanel 11.15.0-R17665
CENTOS Enterprise 5 i686 on standard - WHM X v3.1.0
apache 1.3.37
and now the server run without phpsuexec so i try to recompile apache with php security and suphp module but the php.ini files still didn't work in the client's sites and there is alot of scripts want php.ini files for safemode = off , etc even the top process show me nobody not users to know who spam or other tings
i run this command
/usr/local/cpanel/bin/rebuild_phpconf --current
and i got
php has not yet been configured with EA3
with the new update cpanel i can't run php.ini files anymore
View 4 Replies
View Related
May 13, 2007
A server I have runs DA. On this server I switched php to SUPHP. This combo has worked 99% good so far except for one big pain in the ***.
When ever a new domain, sub domain or a pointer domain is added I get a php_admin_flag error and Apache will not restart untill I rem out all instances of php_admin_flag lines in the httpd.conf file.
Code:
Stopping httpd: [FAILED] Starting httpd: Syntax error on line 31 of /usr/local/directadmin/data/users/****/httpd.conf: Invalid command 'php_admin_flag', perhaps mis-spelled or defined by a module not included in the server configuration [FAILED]
Has anyone solved this? Apperantely the new version of DA was suppose to fix this but I upgraded DA today and at the end I ended having to rem out all php_admin_flag instances for all domains on that server which = good times.
View 2 Replies
View Related
Jul 10, 2009
I'm using suphp to secure a shared web hosting server and am confused about one issue I'm having. It is my understanding that using suphp, you should be able to chmod 755 all directories and chmod 600 all files since apache runs the .php files as the user.
However, when I chmod 600 all files, the formatting of the sites gets messed up. It loses all css and if you try to view image files in the browser you get a permission denied error. Why is that?
As a temporary solution, I can chmod 644 all files and then 600 only sensitive files like config files (wp-config.php for WordPress for example), but I'd rather just chmod 600 everything.
Can anyone explain why 600 doesn't work?
With 644 permissions, any user could upload a script like:
Code:
<?php
$filename = realpath("/home/user/public_html/wp-config.php");
$handle = fopen($filename, "r");
$contents = fread($handle, filesize($filename));
fclose($handle);
echo '<textarea name="textareaName" rows="46" cols="103">'.$contents.'</textarea>';
?>
and view another users's file if it is 644.
View 4 Replies
View Related
