Sounds to me like you should draw yourself a diagram of what each group of files has for permissions, what are all the users and groups involved and their effective permissions. Quite possibly you may just need to add the virtual domain admin users to some group or add user apache to the virtual domain group so the apache process can write. Do the php pages have to write anything to the virtual domain directories? Even if it's just a log file, then that user is denied. Do all of the virtual domains wrote to the database? I didn't understand that part. If so, then for one I wouldn't do it that way. They should each have their own database. Also, if you have this: rw-r--r--, then the group can't write only the specific user, but you may need to add the user you run the database as or the php process in somewhere. Hell, I'm confused now.
User Group Apache apache web process and /var/www/html Virtual1 virtual1 Domain1 Virtual2 virtual2 Domain2 Virtual3 virtual3 Domain3 Database database database files
Hint: Don't refer to them as one domain or another, use more concrete terms. You've got so much going on, I'm confuse now. Back to my nap.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jack Sent: Monday, June 13, 2005 6:41 PM To: Jonathan Hutchins; [email protected] Subject: Re: PHP safe mode on virtual hosts
Apache is running as apache. The file permissions are rw-r--r-- on all the directories accessed by apache or php. Each virtual webspace has it's own user and the group is the same as the user. So website-1 has file ownership of say admin1.admin1 and this is in the user and group as defined in the chrooted apache httpd.conf. AS I said, I compared two sites and have yet to see any configuration difference. In either the httpd.conf or it's included files or in the php.ini files.
--- Jonathan Hutchins [email protected] wrote:
On Monday 13 June 2005 01:22 pm, Jack wrote:
... one site works if the files in the chrooted /var/www/html directory are owned by a authorized admin for the virtual host, the other works only if that
directory
and the files are owned by root.
Who's apache running as? What are the file permissions? User? Group?
--- "Kelsay, Brian - Kansas City, MO" wrote:
Sounds to me like you should draw yourself a diagram of what each group of files has for permissions, what are all the users and groups involved and their effective permissions. Quite possibly you may just need to add the virtual domain admin users to some group or add user apache to the virtual domain group so the apache process can write. Do the php pages have to write anything to the virtual domain directories? Even if it's just a log file, then that user is denied. Do all of the virtual domains wrote to the database? I didn't understand that part. If so, then for one I wouldn't do it that way. They should each have their own database. Also, if you have this: rw-r--r--, then the group can't write only the specific user, but you may need to add the user you run the database as or the php process in somewhere. Hell, I'm confused now.
User Group Apache apache web process and /var/www/html Virtual1 virtual1 Domain1 Virtual2 virtual2 Domain2 Virtual3 virtual3 Domain3 Database database database files
...
Apache is running as apache. The file permissions
are
rw-r--r-- on all the directories accessed by apache
or
php. Each virtual webspace has it's own user and
the
group is the same as the user. So website-1 has
file
ownership of say admin1.admin1 and this is in the user and group as defined in the chrooted apache httpd.conf. AS I said, I compared two sites and
have
yet to see any configuration difference. In either
the
httpd.conf or it's included files or in the php.ini files.
--- Jonathan Hutchins
wrote:
On Monday 13 June 2005 01:22 pm, Jack wrote:
... one site works if the files in the chrooted
/var/www/html
directory are owned by a authorized admin for
the
virtual host, the other works only if that
directory
and the files are owned by root.
Ok, let me restate the problem again, along with an update. There are 19 virtual websites. Only one of the sites is using the pear library to access mysql. This is the only difference. So all I really need to find out is why would changing the owner of the pear tree cause a db error? I can of course put debugging code in this to trace what is going on, but doing so would disable the website. I know I've got to be missing something, probably something obvious.
Thanks, BRian Densmore
__________________________________ Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html
-
Jack -
Kelsay, Brian - Kansas City, MO