2008/2/9 11:22:59
|
---|
|
Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)I got a new server the other day. And as a result have had a bit of a learning curve. The server is setup with cpanel/whm, apache 2, php 5.2.5, mysql 5.0.45 community & runs in suphp mode out of the box.
I transfered some of my sites off of Wills server using whm. Anyway in saying that I had some interesting problems that I have never had to consider for my sites. Just the learning curve of trying to get all the owners and groups chown the right way to run with suphp. Then the chmod permission on all the files and folders half to be set to folders 755 & files 644. I did get them all sorted but it was a pain. Now I been trying to work out a way to build my site in a much more efficient manner. You see I move about two moths ago out into what I call "BFE" Bum guess Egypt. My internet connection is crap 26k to be exact. So instead of building site after site and uploading this and that. That I was going to build one mega site and clone from that one to any others I might build. This in its self is a major time saver. Anyway back to the topic. In testing this approach I uploaded xoops.tar.gz because I didn't have a impress.tar.gz I only had the .zip Now I thought in my mind I want to keep this server as pristine as possible. Thats why I went for the tar.gz because it supposed to be native. Well to my amazement the permissions are all set to 777 for files and folders. This was not something that I caught onto in the first 5 minutes either. It took me a few days to understand why in the heck xoops was in error on this brand new server. In a nutshell the .zip version has no permissions set to the files and folders. So when you upload the .zip version what ever permission and ownership the server has the files and folders from a .zip will inherited those features. The tar.gz is total mess trying to get up a running in a secure environment. So im not sure if this might help in the docs section or not. Or if the problem can be addressed in the released versions for a native impress install for linux/unix/bsd. Any ideas on how I can install impress using a .tar.gz with out so much work would be awesome. |
2008/2/9 11:46:19
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)If you are using winscp to execute the untar. Which I am sure you are. You can create a custom command to set all folder permissions and file permission.
Check the winscp docs for setting up a custom command. Likewise... shell is easy too. |
2008/2/9 12:05:41
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Quote:
Yep point takin although I cannot seems to get the right strings I need setup in winscp. However in putty from root is where I have had my success. You would think the same commands would work in winscp but they just error out. I have searched google big time trying to find a cheat sheet. So if you or anybody else has one it will make support here alot better. On another point... Sometimes a user would come into the forums on xoops and soon to be here. Based on what I have experienced the last few days or so. I know some of these user will have the same problem. So part of my post is meant for the docs section and the other part is to ask if this can be fixed in the releases done of the cms from the get go. This really is the best way to do it. Why release a package that has permissions on it already? Let the server decide what permissions the package will have once its uncompressed. Anyway here is a few commands that have proven results. chown owner.owner -R /home/owner/public_html/ chown owner.nobody /home/owner/public_html Please add to the list if possible. Also remember that I can only get the two above to work in putty at root. |
2008/2/9 12:07:26
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)This may even be easier.
cd /path/to/dir chmod -R 755 * find -type f -print0|xargs -0 chmod 644 This will change everything to 755, then you do a search for non-folders and chmod them to 644. It definitely needs to be owner/nobody. |
2008/2/9 12:16:05
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Will let me ask you a question. Do you think winscp has an export feature for custom commands? That way we could all figure out what works and offer a download of the commands. This way you could load up your winscp fast.
So what im asking you to do is export your commands from a winscp and send them to me... lol Quote:
Yep your correct but that is only for the public_html folder. Once inside public everything is owner.owner and 644,755 Root will not work on any handler like suphp or phpsuexe. |
2008/2/9 12:21:18
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Edit this is what I meant to quote for my answer.
Quote:
Yep your correct but that is only for the public_html folder. Once inside public everything is owner.owner and 644,755 Root will not work on any handler like suphp or phpsuexe. ! Idea ! Hey admins you going to need a hosting/reseller/vps/server forum here on impress. It will make support a lot better in the long run. |
2008/2/9 12:25:45
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)ok, so you have your owner/group fixed. Let's move on to your permission issues.
I don't use winscp for shall commands, I use shell. Do this in shell. cd /path/to/dir chmod -R 755 * find -type f -print0|xargs -0 chmod 644 problem solved, take you 2 minutes even on 26k. |
2008/2/9 12:31:46
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)I will try those later tonight. When I am testing a new install of impress.
Can you answer my question? Can you export the custom commands from winscp? I can not seem to find a way to do it. Sure I can copy and paste them. But like I said I don't have alot that really work the right way. The correct zip and unzip commands would be an awesome start. |
2008/2/9 12:32:46
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Quote:
There is an export command for winscp, but it is not intended to be shared. If you share your winscp.ini that person will have all your shiz.. random seed file.. accounts... as well as commands I am sure... Essentially, sending the exported .ini would clone my winscp... and I really don't want to do that, as I have access to several clients servers... I am sure they would not like me sharing their info.. lol. On top of that... I don't use winscp custom commands. I use shell. |
2008/2/9 12:57:47
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Will i was just trying to help some other people out down the road. These post are not directed specifically at you man. This is a community post!
My idea was about an export fuction for winscp that everyone could share their generic customs commands. In which the file could be modded for other users to use. I in no way was asking you for private information... lol The easy way I guess would be for "everyone" to just paste your generic commands for putty and winscp. man... Anyway back on topic... Can a .tar.gz or any other file released be set to have no permission or ownership assigned to it? Is this possible? |
2008/2/9 13:35:59
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Files in a .tar.gz always have permissions. When extracting the contents of a .tar.gz, I think it works like this:
If the current user is root, the permissions are preserved. If the current user is not root, the permissions are overridden by the umask setting. tar has options for modifying this behavior. Of course, this only applies to Linux. |
2008/2/9 13:52:28
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)I know its not directed at me specifically. Clearly you misread my post. WinScp DOES have an export command. However it does not export your command list alone.
That pertains to the community as well. You cannot export yours either, without all of your personal info piggybacking. This sounds more like something you should be posting on the winscp forums... as feature request. Otherwise, yes you will have to do it the same way everyone else has done it since the birth of telnet. Granted the commands have changed, and simplified. The snippets I posted are as simple as it gets. (if you are concerned about storing this somewhere where it will be easily accessible. Execute it once in putty, then whenever you need it again... just press the up key until you get to it, as by default putty stores all the commands you pass through it.) |
2008/2/9 14:12:51
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Quote:
Im am going to go back and check this tonight to confirm what you said. I cannot remember if I checked both ways on upload and when uncompressing the archive. Meaning as root and as account holder. If this rings true then the only thing needed would be to update docs. For us newbies... Should be something to the effect never use root to upload or uncompress the archive. Which looking back now might be something every server admin knows anyway. But doesn't cover us back yarders we learn by mistakes... Thanks for the post and the idea... Can this topic be moved to the server security forum? I think it might be better in that section. Which I did not see when starting this topic. |
2008/2/9 22:58:15
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)I have tested and tested this every way I can think of. Root and account owner makes no difference. impresscms.tar.gz all files and folders are 775 uncompressed. Xoops.tar.gz all file and folders are 777 uncompressed.
What is used to make these releases? |
2008/2/10 0:27:40
|
---|
|
Re: Php handlers like suphp as related to .tar.gz file ownership (chown) and permissions (chmod)Installing impresscms on a server with the suphp handler enabled.
_______________________________________ Using Putty or WinScp Custom Commands (chmod) Logged in under root or accountname ----- Warning: cd to/correct/dir/first #1 chmod -R 755 * Changes all files and folders to 755 First All I do is right click public_html and run from winscp You can paste in winscp custom command and check the remote command box. Save it #2 find -type f -print0|xargs -0 chmod 644 Searches for all non-folders and chmod them 644 All I do is right click public_html and run from winscp You can paste in winscp custom command and check the remote command box. Save it ______________________________________ Using Putty Only from Root (chown) ----- chown account.account -R /home/account/public_html/ chown account.nobody /home/account/public_html/ ______________________________________ Last step go back and make sure your public_html folder is still set at default. chmod 750 ______________________________________ Server security is the name of the game. I will be posting a little later about setting up your trust_path in impresscms. These are pretty tight settings. So it should be interesting. |