Virtualmin/Webmin anyone?

ardichokeardichoke Icrontian
edited June 2009 in Internet & Media
Just wondering if anyone out there uses Virtualmin or Webmin to manage a webserver. I installed it on my latest webserver, just to play around with. Right now I'm having a hard time figuring out how to get php to run as the user instead of as the webserver user though. I could set this up by hand but I'd prefer it get set globally through Webmin/Virtualmin... just wondering if anyone had any experience with this.

Comments

  • kryystkryyst Ontario, Canada
    edited June 2009
    I use webmin to manage a couple linux servers. I'm not sure what you mean though with your problem. What do you mean php runs as the webserver but not the user?
  • ardichokeardichoke Icrontian
    edited June 2009
    kryyst wrote:
    I use webmin to manage a couple linux servers. I'm not sure what you mean though with your problem. What do you mean php runs as the webserver but not the user?

    Generally, any time apache serves a php request, it runs as the user that apache runs as. In my case, this is www-data since I'm running a Debian system. This is all well and good if you're just running one site, installed in the default web root and all files and folders are owned by www-data. However I'm running multple vhosts, each one set up as their own user thus I would like php scripts to execute as the user whose vhost it is instead of as www-data. This makes it so you can securely make files writeable to your php scripts. The most common way of doing this is to set up suphp though there are other hackey ways of doing it. I can do this by hand if need be but I want to know how to set it up "properly" in virtualmin/webmin so that when I create a new account it automatically adds the appropriate config to their vhost entry.
  • kryystkryyst Ontario, Canada
    edited June 2009
    If you setup php to run with group permissions and make sure every user is a member of that group that should do the same thing.
  • ardichokeardichoke Icrontian
    edited June 2009
    Right, and that's how I'm doing it currently. There's a couple problems with this though.

    1) Making sure all files are owned by group www-data... this really only needs to be done once but still.

    2) Any files created by a site are now owned by www-data:www-data which means the owner of the site has no control over them. Currently not a problem since I'm the only one with accounts on the server. If I start hosting some of my friends sites, however, this becomes a problem as they have to contact me to get control over any files created by their sites (uploads, etc.)
  • kryystkryyst Ontario, Canada
    edited June 2009
    Ok I guess what I don't understand is where the problem is. If they are memebers of the group www-data and the file permissions are setup correctly so that members of group www-data have read/write/exec permissions for that file then it shouldn't matter what username that file is created under.
  • ardichokeardichoke Icrontian
    edited June 2009
    Hmm... come to think of it I guess you're right. I guess I was thinking of the shared hosting environment we have set up at work where users are not members of the webserver group. I'd just need to change the umask for www-data to automatically grant group write.... Of course that now opens another problem. All users on the system will be able to modify any other users websites. That wouldn't be good.
  • kryystkryyst Ontario, Canada
    edited June 2009
    No, because they should still only have access to their personal folder.

    So if you have /var/www/websites/bob and /var/www/websties/bill
    Only bob and bill would be able to have r/w/e access to the directory. Once you have permission in that directory if it's a www-data group file inside they can access it even if that file is www-data:www-data and not bob:www-data.
  • ardichokeardichoke Icrontian
    edited June 2009
    Here's the thing. bob and bill both belong to the www-data group. For web pages to be served, since apache runs with www-data user and group permissions, the www-data user and/or group has to be able to have at least read permissions on the files and execute permissions on the directories. By making the files writeable to the www-data group, so that the webserver is able to write to the files, since both bob and bill are members of the www-data group, then both bob and bill would be able to also write to the web files of the other user. If you restrict execute (passthrough) rights on the root web directory as you suggest to only the user, then apache is not able to access the files either and cannot serve the web pages. Herein lies the complexity of a shared hosting environment.
  • trolltroll Windsor, Nova Scotia Icrontian
    edited June 2009
    http://www.fastcgi.com/drupal/node/5?q=node/10
  • ardichokeardichoke Icrontian
    edited June 2009
    Yeah troll, I'm aware that fastcgi is also an alternative to suphp for doing what I'm trying to accomplish. What I'm looking for though is how to properly set it up in Virtualmin so that when I create a new account everything just works. I don't see any mention of how to set that up in the article you posted.
  • trolltroll Windsor, Nova Scotia Icrontian
    edited June 2009
    Sorry, haven't done a whole lot with Virtualmin Templates or automated processes...
  • ardichokeardichoke Icrontian
    edited June 2009
    I have to say... as much as CPanel annoys me sometimes they did do this right. You literally just go into a php screen and select the handler that you want to use. Choose suphp and it automatically sets everything up including configuring each virtual host to run php as the user.
Sign In or Register to comment.