Configuring Ubuntu 8.10, Plesk 8.6.x, Joomla! 1.5.x and suPHP

[DirtyMonkey]

Configuring Ubuntu 8.04, Plesk 8.6.x, Joomla! 1.5.x and suPHP [UPDATED]

I had been struggling to understand how to set-up my Installations of Joomla! with the perfect file/folder permissions and had read previous threads and nothing seemed to work... but I think I've cracked it so wanted to post my findings because I'm sure others must be trying to figure this out and to confirm I have done it correctly...

NB: Replace anything in [] with your own settings.

Set the correct file and folder permission settings via. SSH (If someone can actually explain in simple terms what this does...)

cd /var/www/vhosts/[yourdomain.com]
chown -R [yourdomainusername]:www-data httpdocs
chmod -R g+w httpdocs
find httpdocs -type d -exec chmod g+s {} \;

Then you need to create a vhost.conf file and upload it to the 'config' directory in your webspace.
I used the excellent PLESK Power Toys 4.3.0 to create mine:

# PHP version detected 5
<IfModule mod_suphp.c>
<Directory "/var/www/vhosts/[yourdomain.com]/httpdocs/">
php_admin_flag engine on
suPHP_Engine On
suPHP_ConfigPath "/var/www/vhosts/[yourdomain.com]/httpdocs/"
AddHandler php5-script .php
AddHandler x-httpd-php .php5
suPHP_AddHandler php5-script .php
<Files php.ini>
order allow,deny
deny from all
</Files>
php_value open_basedir "/tmp/"
php_value upload_tmp_dir "/var/www/vhosts/[yourdomain.com]/httpdocs/tmp/"
</Directory>
</IfModule>

Then force rebuild of httpd.include:

/opt/psa/admin/bin/websrvmng -u --vhost-name=yourdomain.com
/etc/init.d/apache2 restart

Joomla! is now happy to write anywhere in /httpdocs, cache works etc...

Can anyone confirm that this set-up is secure? [confirmed as secure]

Cheers, DM.

 

[lvalics]

As far as we know is secure

 

[DirtyMonkey]

Thanks mate, DM.

 

[KenScher]

receive an error while attempting your method

chown: 'domain name:www-data': invalid user shoulsd I be looking for some other file or user other than "www-data"

New to plesk, PHP and Joomla. I have verified the current versions and they match your post.

 

[DirtyMonkey]

chown: 'domain name:www-data': invalid user shoulsd I be looking for some other file or user other than "www-data"

New to plesk, PHP and Joomla. I have verified the current versions and they match your post.

Hi KenScher, so just to confirm you are running Debian/Ubuntu and Plesk?

cd /var/www/vhosts/[yourdomain.com]
chown -R [yourdomainusername]:www-data httpdocs
chmod -R g+w httpdocs
find httpdocs -type d -exec chmod g+s {} \;

Where [yourdomain] should actually be 'yourdomainusername' i.e. domain minus extension (.com)
My apologies, I have updated the original post.

Think this should fix it, DM.

 

[DirtyMonkey]

Additional info I have found out since my original posts.

To rebuild httpd.include

/opt/psa/admin/bin/websrvmng -u --vhost-name=mydomain.com
/etc/init.d/apache2 restart

This command rebuilds httpd.include in /var/www/vhosts/mydomain.com/conf/
If it finds files vhost.conf and/or vhost_ssl.conf, it includes them into configuration by Include directives in httpd.include.

Domain should then be accessible.

To support SSL simply copy the 'vhost.conf' and rename to 'vhost_ssl.conf'

I couldn't believe how hard it was to get this info!

DM

 

[KenScher]

sorry, using wrong linux os

I am actually running Centos 5 not Ubuntu like I thought.

 

[JamieRW]

I am actually running Centos 5 not Ubuntu like I thought.

That explains a few things... but at least I have corrected the errors in my original posting.
No experience with Centos, sorry.

DM.

 

[BengtK]

sorry for reactivating this thread, but it didn't work for me.

i do have a Ubuntu 6.06 and a Plesk 9.2.2.

i did all steps of the instruction above but it wont work. when i set up a new folder with joomla i am not able to upload files to this folder. the owner for this folder is again www-data:www-data and not domainuser:www-data

the only thing that was diferent from this "manual" is that my 'config' directory is called conf original it contains 2 files a httpd.include and a webalizer.conf


any ideas how to solve this problem?


and sorry for my bad english it is not my prefered language

 

[JamieRW]

NP BengtK, English is my only tounge

Ok, all you need too do is create folders via. FTP login for that specific domain or if you create new files folders via. root i.e. SSH then run the following again which will apply the correct folder/file owner and access privileges:

cd /var/www/vhosts/[yourdomain.com]
chown -R [yourdomainusername]:www-data httpdocs
chmod -R g+w httpdocs
find httpdocs -type d -exec chmod g+s {} \;

Hope this helps, DM.

 

[BengtK]

thanks for the fast response but thats not solving my problem, becouse i also wanna install some new modules to joomla and i can't do it through the backend. i get such nice messages when i do it

* JFolder::create: Unable to create destination

 

[JamieRW]

I have to go out now for the evening email me jamie at rocketitsupport.com with SSH login and the Joomla components you need to install and I will be happy to take a look for you.

Kind regards, DM (aka j.)

 

[Clarkey]

I hope it's OK to resurrect this thread (again!) but I'm struggling to get suphp running on my Ubuntu-based VPS to sort Joomla web/php and ftp user permission conflicts. A couple of questions:

1. Setting Ownerships: I'm new to linux but if I understand correctly, the use of chown with a colon ) in the original post suggests changing ownership of directories and files to the domain user name, within the 'www-data' group. On my VPS my domain user name (the ftp user) is in the 'psacln' group and the user 'www-data' is the apache/php user within the 'psasrv' group. So, without reassigning users to groups, I can't see how this command can run with its current syntax. But rather than argue about detail, is the idea behind this command to change ownership to the domain user - so that suphp can then force apache (the ubuntu user 'www-data') to run as the domain user and thereby align web and ftp user permissions (which is what I want to achieve)?

2. vhost.conf file: I have created an edited version of the vhost.conf file in my domain's httpdoc/conf directory but now Apache will not now restart (& my entire VPS is down!). Are there other external dependencies that need to be in place here (such as the contents and location of the referenced php.ini file)? Should something be in the httpdocs/tmp directory for this to work?

Grateful for any clues.
Keith..

 

[JamieRW]

Hi Keith, trying to get it to work on Debian was a jeffing nightmare!

When I thought I had it working (this original thread)... it turns out it wasn't!

When I get some time I'll re-write my experience from scratch.
For now It would prob be quicker if I did it for you.

In brief:

suPHP allows PHP Scripts to run under your specific user account, as opposed to the Apache user account. This has the benefit of all your php scripts running 'in' your account. For some PHP applications, such as Joomla, this is a great help because now when you create files/folders from inside the script, they will be owned properly by your account and not the generic Apache user account.

I'll PM you my contact details.

 

[lvalics]

Check error_log there is always the answer ...

 

[Clarkey]

Jamie, Many thanks for responding. I'm no Linux expert and trying to install and configure suphp on my VPS ended up breaking the stack completely. Something I did stopped my container's Apache, SMTP and other services and prevented them from restarting. I've ended-up backing-up all my sites and reinstalling the container. Just to increase the level of enjoyment, my server was relocated last month and it seems my original admin password is no longer valid (aargh!). So, I'm now waiting on support to let me back in! So, my company and development web sites are down, all for trying to install Joomla! for a pro bono project to set-up my son's local Scouts group web site - all rather frustrating!

On a slightly more positive note, I've seen on the Joomla! pages that an apt-get package has been developed (though I'm not too sure how formal/supported/stable it is). Whilst waiting for my server, I may research this approach a bit further. I'm not sure if installing this way would circumvent the ftp vs. apache permissions issue, so I guess I'll probably still need to solve the suphp under Plesk challenge <gulp!>
Best,
Keith..

 

[JamieRW]

Listen to the man he's is the suPHP guru who taught me everything I know!

 

[JamieRW]

Hi, looks like thread posts are a little out if sync.

Installing Joomla using apt-get or any other method will have no influence on Apache or user/file permissions...
So yes you will still need to install suPHP if you want to create an environment ideal for Joomla or any other CMS.

I too had a baptism by fire when it came to Linux and buggered everything up so your not alone there.
As I said once you have regaing access I'd be happy to have a look for you.

Kind regards, j.

 

[lvalics]

If you will still stuck in the solution, we could help you out, contact us on our page. (www.grafxsoftware.com)

 

[Clarkey]

Thanks to Jamie and Ivalics for the offers of help to sort this for me but I need to know what the fix is so that I can migrate the Joomla site from development on my VPS to its permanent production environment.

So, VPS restored, suPHP re-installed, then:
1. Changed directory and file ownership to the domain's ftp-user in the psacln group;
2. Created the attached /etc/suphp/suphp.conf and .../httpdocs/conf/vhost.conf files (I added the '.txt' ending to allow uploads and changed my real target domain to [MYDOMAIN.COM] to make the vhosts.conf file generic). These are based on this thread, suPHP documentation and this tutorial. I didn't understand much of this so 'finger-trouble' here is highly likely;
3. Copied php5 php.ini-dist into the virtual hosts' httpdocs web root folder, renaming it to php.ini;
4. Ran the apache restart commands from the original thread.

Apache won't restart for the domain (but at least the rest of my VPS seems to be safe and stable now!).

No relevant errors in the domain's httpdocs/statistics/logs/error_log file - just old Joomla image file errors.
Any ideas on what I'm still doing wrong?
Thanks
Keith..