[BlueOnyx:08198] 5106R/5107R YUM updates (suPHP)

Michael Stauber mstauber at blueonyx.it
Mon Aug 22 23:12:59 -05 2011 

Hi all,

(Sorry for posting in HTML)

Full version of this news is available here:

http://www.blueonyx.it/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=94&cntnt01origid=54&cntnt01pagelimit=4&cntnt01returnid=54

Updated base-vsite RPMs were released today that extend the suPHP 
functionality with support for custom php.ini files.

Our suPHP integration always had been a bit incomplete. It's primary benefit 
being that PHP scripts run with the UID and GID of the owner of the scripts 
(instead of user "apache"). While using suPHP is more secure, our 
implementation had the drawback that only the server wide PHP settings would 
apply. But not those individually configured for the site. Especially in 
conjunction with the "open_basedir" directive this caused problems and/or 
confusion.
To fix this our suPHP integration was extended to support custom php.ini 
files, which reside inside the home directory of each suPHP enabled sites. 
These custom php.ini config files contain the PHP related settings applicable 
for the site in question and are honored when suPHP pages are served.
The following RPMs now available through YUM for 5106R and 5107R contain the 
new functionality and should be installed automatically during the next YUM 
update:
=========
 Package 
=========
Updating:

 base-vsite-capstone
 base-vsite-glue
 base-vsite-locale-da_DK
 base-vsite-locale-de_DE
 base-vsite-locale-en
 base-vsite-locale-en_US
 base-vsite-locale-ja
 base-vsite-ui   

Transaction Summary
============================
Upgrade       8 Package(s)

During the installation of these RPMs a special script is run 
(/usr/sausalito/sbin/suPHP_fixer.pl) which will check if you have sites with 
suPHP enabled. If suPHP enabled sites are found and if those sites don't have 
their own php.ini file yet, then suPHP is briefly turned off for these sites 
and immediately it's turned on again. That will automatically create the 
individual php.ini files for the sites with suPHP enabled.
In that case the YUM update will show the following notice on the screen:
Running Transaction
  Updating       : base-ssl-ui
  Updating       : base-ssl-locale-en
  Updating       : base-vsite-ui
  Updating       : base-vsite-locale-da_DK
  Updating       : base-ssl-glue
  Updating       : base-vsite-glue
Shutting down cced: done
Starting cced: [  OK  ]
Running CCE constructors: 
Going through all suPHP enabled Vsites to make sure they all have a custom php.ini: 
Vsite www.yoursite1.net has suPHP enabled, but is missing a custom php.ini. Fixing it!
Vsite www.yoursite31.com has suPHP enabled, but is missing a custom php.ini. Fixing it!
Vsite www.yoursite74.co.uk has suPHP enabled, but is missing a custom php.ini. Fixing it!
Whenever suPHP support for a Vsite is turned off, the custom php.ini files 
will be deleted automatically.
Please note: For security reasons the custom php.ini config files are root 
owned and protected with chattrib to prevent that anyone but the BlueOnyx GUI 
can modify them.

-- 
With best regards

Michael Stauber
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20110823/7e15a147/attachment.html>

More information about the Blueonyx mailing list