Username in vhost template

[Sanderv]

Hello,

I'm planning to migrate several Plesk 9.5.4 servers to completely new installed servers running Plesk 10.3.1. On the new servers I want to make use of mod_ruid2 to run virtual hosts under the appropriate user, which I got working just fine.

To get this working I have to add a few lines in each domains vhost.conf, which includes the username of the subscription/domain. I found the variable @domain_name@ which is usable in the skeleton vhost.conf, however I haven't been able to find anything regarding the username. Is there such a thing? Or will I have to use the event manager to run some scripts to edit the vhost.conf?

 

[Sanderv]

Still looking for a solution!

 

[IgorG]

I'm not sure about @domain_name@ variable in vhost.conf but maybe list of possible variables for Event manager will be useful for you - http://download1.parallels.net/Ples...US/online/plesk-administrator-guide/67897.htm

 

[Sanderv]

Thank you Igor.

The @domain_name@ variable does work in the vhost.conf, unfortunately the variables on the page you linked are apparantly not for use in the skeleton vhost.
I guess I will just try to use the event manager to set it up the way I want with the hosting settings created/updated events, since they do support a lot of variables as shown by your link.

 

[IgorG]

Yes, it is well documented and I think it would be better solution.

 

[Sanderv]

Small problem with the event manager now.

I set it up to run as root, but it runs as the user psaadm. (executing the command whoami in the event, shows the user psaadm), also if I make a file in the event, psaadm is the owner of it. I have to edit a file which is owned by root.

Found the following in the Plesk 10 documents

Note for users of Linux Hosting: The server administrator can create the event handlers that will be run on the server on behalf of user root. If you wish to restrict usage of the root account, create an empty file with name root.event_handler.lock in the location /parallels_panel_installation_directory/var/.

But this file is not present.

How do I resolve this?

 

[Sanderv]

Still an issue for me with Plesk 10.4.4.

-Update-
Was using direct shell commands in the event manager. Now using it to execute a shell script, and it works fine. However when the shellscript was in the /tmp directory it did not seem to work, when placed somewhere under the /root directory it works fine.

 

[paulieG]

Hi Sanderv,

Just out of curiosity, are you creating customised vhost.conf files for the ruid2 config? In Plesk 10 there is a Better Way (TM), you can add it to the httpd.include when the virtualhosts are created/modified by editing the files in /usr/local/psa/admin/conf/templates/default/ .

This is how I plan to do it when I start planning deployment of Plesk 10 servers (mod_ruid2 will be the carrot to pull existing users to the new systems, Plesk 8 EOL will be the stick!).

Paul.

 

[Sanderv]

Hi Paul,

Yes I'm creating custom vhost.conf files.

Just took a look at those files, looks pretty interesting.

Although, I'm not sure if it's a good idea editting those files. For example when you're installing Plesk updates chances are those files will be replaced by new ones.

Sander

 

[EduardH]

Hello,

Plesk addon to use mod_ruid2:
http://forum.parallels.com/showthread.php?t=106297&highlight=ruid2

Also vhost.conf and vhost_ssl.conf are not changed during upgrade Backup / restore / migrate operations save/restore vhost.conf

 

[Steve Douzos]

Similar VARIABLE for ftp login name.

Thank you Igor.

The @domain_name@ variable does work in the vhost.conf, unfortunately the variables on the page you linked are apparantly not for use in the skeleton vhost.
I guess I will just try to use the event manager to set it up the way I want with the hosting settings created/updated events, since they do support a lot of variables as shown by your link.

I am trying this variable in a custom vhost.conf and it works fine.

Example Code:

<IfModule mpm_itk_module>
AssignUserId @domain_name@ psacln
</IfModule>

But what I really need is to use the FTP-LOGIN variable instead of the domain_name variable.

Does anyone know which variable is it?
Are they all available in some kind of documentation ?

IGOR, maybe you have some info on this ?

Thank you in advance for your help.

 

[paulieG]

Hi,

Are you creating vhost.conf's as skeleton's or using the event manager to create them or using the httpd configuration templates?

For the latter try :

<?php echo $VAR->domain->physicalHosting->login ?>

Thats what the suexec section uses in the default templates.

For the event manager :

$NEW_SYSTEM_USER

And for the vhost.conf's in the skeleton I'm afraid I have no idea!

Paul.

 

[Steve Douzos]

Hi,

Are you creating vhost.conf's as skeleton's or using the event manager to create them or using the httpd configuration templates?

For the latter try :

<?php echo $VAR->domain->physicalHosting->login ?>

Thats what the suexec section uses in the default templates.

For the event manager :

$NEW_SYSTEM_USER

And for the vhost.conf's in the skeleton I'm afraid I have no idea!

Paul.

I am trying to create a vhost.conf as part of a skeleton structure.

My goal is, every time I create or re-create a physical hosting,
the skeleton will put in the above file with the appropriate ftp username.
That way the ruid2 will work out of the box for me.
When I do it manually it seems to work.

 

[Òscar_Segura_Samper]

Similar VARIABLE for ftp login name.
I am trying this variable in a custom vhost.conf and it works fine.
But what I really need is to use the FTP-LOGIN variable instead of the domain_name variable.

I'm still to try this solution, but it may work fine or so I hope.
Already tested, and it worked fine for me!!!

NOTE: I designed this solution for apache2-mpm-itk , but I thought it would be applicable too for mod_ruid2 (just change the added lines in step 3 described below, adapting them to mod_ruid2).

Customizing VHosts templates for running with FTP User

In the aim of customizing vhosts using configuration templates, I've found documentation at the Advanced Administration Guide (v11.0): http://download1.parallels.com/Ples...nistration-guide/index.htm?fileName=68694.htm

Needed infos for our solution:

• copying parts of the folder /usr/local/psa/admin/conf/templates/default/ to /usr/local/psa/admin/conf/templates/custom/
• editing the file to custom (php format)
  
• adding the ftp_user and group to be used with the virtual host (using the proper variable for so)

These would be the complete solution steps:

1. Identify those files to customize (Appendix B: Configuration Templates Structure). For our solution would be either of the following:
   • /usr/local/psa/admin/conf/templates/default/domainVhost.php (per-website configuration for hosted websites)
     
   • /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php (for hosted website addressed by domain name)
2. Copy the specific file to customize preserving the directory structure and field name (here, the purpose of the named 'custom' directory in Plesk is to preserve the original templates, allowing making changes, but not directly to the original files of the default directory):
   • # mkdir /usr/local/psa/admin/conf/templates/custom
     
   • # cd /usr/local/psa/admin/conf/templates/default
     
   • # cp --parents domain/domainVirtualHost.php ../custom/
3. Edit and make the changes in the php file of the custom directory (/usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php). The variable you were looking for would probably be $VAR-domain->physicalHosting->login . I found it at Appendix C (Apache Configuration Variables) with this description: "username of FTP account used to access the website content; string". Somewhere in the file (e.g. at the line just before: </VirtualHost>) it must be added :
   • <IfModule mpm_itk_module>
     AssignUserId <?php echo $VAR->domain->physicalHosting->login ?> psacln
     </IfModule>
4. Check the format of the edited file:
   • php -l /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
     No syntax errors detected in /usr/local/psa/admin/conf/templates/custom/domain/domainVirtualHost.php
5. Reconfigure the domain (every reconfigured domain will get the vhost configuration with the added lines):
   • # /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain domain.tld
6. Check everything is working as desired.

NOTE: this solution assumes that the specific module for running apache under a specific user and group is already installed, though it can be installed after these changes.
​

Hope that this will help!
Let others know if it worked fine in your case.


EDIT:
This solution has worked fine for me!!

Security Advice: It is important to notice that the group 'psacln' must be this one, and never 'psaserv', since 'psaserv' group has directory execution permissions over /var/www/vhosts/any-domain, and an apache vhost running under this group ('psaserv') could access other users local web files (mainly with read permissions, but enough to stole other users' sensitive data, such as access passwords used by scripts, and developing other direct attacks to those other hosted webpages and services with such stolen sensitive data).