Topic: SME6.0.1-01 open_basedir - GeekLog 1.3.9sr1 - Gallery 1.4.4

[icpix]

I used Abe's wonderful RPM (thanks Abe)...
http://no.longer.valid/phpwiki/index.php/Geeklog%201.3.9%20rpm
...to install the GeekLog (it's a CMS/blog) into my SME Server v6.0.1-01 without any specific problems. That CMS is running nicely.

I would like to integrate my existing (iBay-mounted) Gallery v1.4.4 into Geeklog. I am given to understand that the integration is achieved during Gallery's install/config phase and I have followed the Gallery's instructions. Gallery states it is fully compliant working within Geeklog (ie embedded). Apparently nothing is 'needed' at the Geeklog end of things(!?) but I can't tell as I haven't yet got the thing working;~/

The end result is that my previously working (iBay-mounted) Gallery then shows a blank screen and the server's message log gives an open_basedir error:

Aug 14 10:01:13 systa httpd: PHP Warning:  open_basedir restriction in effect. File is in wrong directory in /home/e-smith/files/ibays/ic/html/gallery/init.php on line 162
Aug 14 10:01:13 systa httpd: PHP Fatal error:  Failed opening required '/opt/geeklog-1.3.9/public_html/lib-common.php' (include_path='.:/usr/share/php') in /home/e-smith/files/ibays/ic/html/gallery/init.php on line 162

The contents of <init.php> line 162...
   require_once(GEEKLOG_DIR . '/lib-common.php');
...seem appropriate enough.

I am unused to hoiking things deep into the server as, usually, I manage to get everything reliably running from an iBay. There seems something amiss DESPITE the following clause seen to be in the </etc/httpd/httpd.conf> file...

#----------------------------------------------------------
# Geeklog 1.3.9
#----------------------------------------------------------

Alias /geeklog /opt/geeklog-1.3.9/public_html/

<Directory /opt/geeklog-1.3.9/public_html>
AddType application/x-httpd-php .php .php3 .phtml
Options Indexes +Includes FollowSymLinks
order deny,allow
deny from all
allow from all
</Directory>

#---------------------------------------------------------
# end of Geeklog 1.3.9
#---------------------------------------------------------

...is there anything you could recommend I do next? I have brought this to the server's forum in preference to those of the Gallery or Geeklog as I have this feeling that it is a server-orientated matter;~/

best wishes, Robert

[deunan]

Have a look in this particular thread - http://forums.contribs.org/index.php?topic=21553.0

The posting have something to do with how to get access to the PHP Base Dir..


Regards!

[icpix]

Good post deunan. I have tried it out on both the GeekLog iBay <gl> and the Gallery iBay <ic> using the following command line code...

/sbin/e-smith/db accounts setprop <iBay-name> PHPBaseDir /home/e-smith/files/ibays/<iBay-name>/:/tmp

/sbin/e-smith/signal-event ibay-modify <iBay-name>

...but remain unconvinced, though I think we're on the right path [pun]:~)

Have had to uninstall Abe's (wonderful) RPM which installs the GeekLog into /opt/, an attribute that gave me (personally) all sorts of access problems and issues with which I have yet to grasp. I need to be able to access/control it from my workstation (w2k) remotely (using PuTTY) and an iBay installation is more appropriate.

My GeekLog is now installed into the <gl> iBay, with the control/admin stuff in the iBay's files strand and the www stuff in the iBay's html strand. My access and control logistics are now back to what I prefer.

The other main benefit is that, installing this way means that the (awful) term of GeekLog no longer *appears* in the URL;~/ The plain old dot com site is now running dynamic PHP (as opposed to its legacy static HTML) from the web site root.

Returning to the Gallery installer I have configured its visible areas for GeekLog appropriately (I hope) but all I see afterwards is a blank screen for the Gallery site. It goes without saying that nothing pops its head up on the GeekLog site;~/ The server's message log is as follows...

Aug 16 11:59:46 systa httpd: PHP Warning:  main(): open_basedir restriction in effect. File(/home/e-smith/files/ibays/gl/html/lib-common.php) is not within the allowed path(s): (/home/e-smith/files/ibays/ic) in /home/e-smith/files/ibays/ic/html/gallery/init.php on line 162

Aug 16 11:59:46 systa httpd: PHP Warning:  main(/home/e-smith/files/ibays/gl/html/lib-common.php): failed to open stream: Operation not permitted in /home/e-smith/files/ibays/ic/html/gallery/init.php on line 162

Aug 16 11:59:46 systa httpd: PHP Fatal error:  main(): Failed opening required '/home/e-smith/files/ibays/gl/html/lib-common.php' (include_path='.:/usr/share/pear') in /home/e-smith/files/ibays/ic/html/gallery/init.php on line 162

...and line 162 of the file <init.php> is still as it was in an earlier posting on this thread.

The ramifications of the update of PHP (from SME Server's native 4.1.2 to 4.3.8) have still to be fully resolved. Whilst Gallery is still running - from a web user's point of view - server-side it is throwing up some strange antics. The installer *NOW* apparently cannot see a number of the image tools, ones that are still present! Its checking routine is giving ambiguous results. Something is certainly amiss and so I cannot trust the installer/configurer's effectiveness.

I think I may be hoping for too much. Believe I am going to need to discuss this with a peer SME Server person, one much more competent in programming than I, who is deeply involved in PHP updating (PEAR included), interested in Gallery (an Open Source on-line image gallery) and au fait with the internals of GeekLog (an Open Source type of CMS/blog). Now... how likely is that;~/

best wishes, Robert

[arnoldob]

Well Robert, I found your post looking for exactly the same thing. I was trying to integrate gallery into geeklog, with little sucess. Just giving the topic a bump.

[icpix]

Gallery integrates extremely well into GeekLog. It's just a question of following the instructions and so forth. There is a specific setup area in Gallery to point to GeekLog and one has to remember to convert one's use of flavour of password when the Gallery's authentication needs are taken up by GeekLog. I've quite forgotten which flavour and I've since deleted my setup notes.

I dropped both GeekLog and Gallery (for differing reasons) a long time ago in favour of WordPress and osCommerce. WP is used for my text (blog-flavoured) sites. osC is used to both display and sell my pictures from its images site. I am unlikely to return to using GeekLog but intend to reassess Gallery 2 when it finally emerges.

best wishes, Robert

[icpix]

Just had a thought, if you are coming to grief over the open_basedir thingummy... here are my old workaround notes:

------------------

To extend open_basedir into the ibays specifically to allow for...
GeekLog's save database SQL and its temporary area,
Gallery's ImageMagick stuff

/sbin/e-smith/db accounts setprop <iBayName> PHPBaseDir **NoLineWrapHereJustASpaceCharacter**/home/e-smith/files/ibays/<iBayName>:/tmp:/usr/bin
/sbin/e-smith/signal-event ibay-modify <iBayName>

/etc/rc.d/init.d/httpd-e-smith graceful
------------------

It resolves it completely.

best wishes, Robert

*post edit*
To try to correct the display of the snippet...
Edit preview looks OK in Firefox 1.0.3.
Live rendering by FF103 is line-wrapped.
Live rendering by IE60 looks OK.

[arnoldob]

I wrote a long post about my geeklog/gallery woes, but my login timed out and sent it to that great bit bucket in the sky <sigh>. So heres' the executive summary

I have a similar set up with gallery 1.5.1 in an ibay and geeklog in /opt/geeklog-1.3.9/ from Charlie Brady's RPM (upgraded to 1.3.12cvs). I also got the same blank screen from gallery when I tried to set geeklog as the CMS.

Did you run this:

Code: [Select]

sbin/e-smith/db accounts setprop <iBayName> PHPBaseDir /home/e-smith/files/ibays/<iBayName>:/tmp:/usr/bin
/sbin/e-smith/signal-event ibay-modify <iBayName>

/etc/rc.d/init.d/httpd-e-smith graceful
With the gallery ibay name? Or did you move geeklog? I thought you just had to enable dynamic content from server-manager for the ibay to allow php? Does geeklog need some secret handshake to integrate gallery? Their site says it's possible but doesn't really detail how to do it. Does it need a block for gallery or is their a plugin in for it? I saw mention of a gallery plugin for geeklog but site searches there and googling didn't turn it up.

[icpix]

Pretty much done all that and been there;~/

This forum code is really strange, it's the only forum whose so-called ever lasting cookie always appears to time out really really quickly. I've got mine set for 1yr in the options but the darned thing probably times out in less than an hour. I just get used to actually logging in repeatedly before I do anything! Yet my Gallery and WebMasterWorld forum cookies go on and on and on... I almost pretty much forget their passwords except that they're in my PDA. Tip: when you have a very very long piece to go on into this forum then take a quick Ctrl-A/Ctrl-C (mark all and copy)... just like I'll be doing a the end of this piece;~)

I have an archive Gallery 1.4.4. only. Charlie Brady's and Abe's RPM appear to put GeekLog nearer the root. I'm sure it's probably safer there but to non-experts, like me and you, it's a pain with all the permissions to administer from a remote Windows box. So I worked out how to put mine out in an iBay...

Gallery's wizard Step 2 (Embbedded Gallery) has an area or two where you change your standalone Gallery to an embedded one. The 1st secret is in the paths... you must get them correct. The 2nd secret is to remember to use the GEEKLOG admin password for apparently Gallery stuff afterwards because it is the GeekLog authentication that does the checking and not Gallery's.

Read your SME Server logs (message, error) to help point out which installation area is falling down.

Yes, my code stuff needs the iBay name and you haven't used an iBay to install GeekLog into have you... My solution, way back then, was to uninstall the RPM (I even put a Sorry Abe note into the wiki or forum thread) and worked out how to install GeekLog into an iBay. It is not difficult at all really.

So I'm not at all sure how you resolve the open_basedir issue with GeekLog down in the /opt/ area. Why don't you try an alternative GeekLog in an iBay yourself...?

best wishes, Robert

[arnoldob]

I guess what I really need at this point is know what geeklog needs to recognize gallery. Is it a block or is there something else? I think I can handle putting geeklog into an ibay that looks pretty straight forward.

Thanks,
Arnoldo

[icpix]

I forget the precise mechanism though it largely depends on how you've arranged your site and your aspirations.

By the way, in the open_basedir thing a few messages back, the line starting /home should follow ie within the end of the line above. A carriage return was inserted by browser rendering (depending on your browser).
(post edit correction attempted)

Took me just a few minutes searching the home site for GeekLog...
http://www.geeklog.net/forum/viewtopic.php?forum=2&showtopic=52767&highlight=gallery

Another excellent GeekLog resource site...
http://www.tech-geeks.org/geeklog/article.php?story=20031024135401819&query=gallery

best wishes, Robert

[arnoldob]

I ran this first:

Code: [Select]


[root@server html]# /sbin/e-smith/db accounts setprop gallery PHPBaseDir /home/e-smith/files/ibays/gallery:/tmp:/usr/bin  
[root@server html]# /sbin/e-smith/signal-event ibay-modify gallery
[root@server html]# /etc/rc.d/init.d/httpd-e-smith graceful
Gracefully reloading httpd:                                [   OK   ]

But still get a blank page when I visit the gallery ibay. It was working before adding the geeklog path to the gallery setup embedded page and this in my messages log:

Code: [Select]

httpd: PHP Warning:  main(): open_basedir restriction in effect. File(/home/e-smith/files/ibays/blog/html/lib-common.php) is not within the allowed path(s): (/home/e-smith/files/ibays/gallery:/tmp:/usr/bin) in /home/e-smith/files/ibays/gallery/html/init.php on line 117

Hmmm, so gallery is complaining that the blog ibay isn't within the open_basedir allowed path. So I ran the PHPBaseDir commands again, this time against the blog ibay.

Code: [Select]

[root@server html]# /sbin/e-smith/db accounts setprop blog PHPBaseDir /home/e-smith/files/ibays/blog:/tmp:/usr/bin
[root@server html]# /sbin/e-smith/signal-event ibay-modify blog
[root@server html]# /etc/rc.d/init.d/httpd-e-smith graceful
Gracefully reloading httpd:                                [   OK   ]
But once again I get this:

Code: [Select]

httpd: PHP Warning:  main(): open_basedir restriction in effect. File(/home/e-smith/files/ibays/blog/html/lib-common.php) is not within the allowed path(s): (/home/e-smith/files/ibays/gallery:/tmp:/usr/bin) in /home/e-smith/files/ibays/gallery/html/init.php on line 117
Any suggestions?

[icpix]

Please confirm that you are aware and are working around the carriage return issue of the forum/browser in my original quoting of the /sbin/ commands.

I would advise against putting all your GeekLog stuff directly into the iBay root as opposed to the use of a /geeklog/ subdirectory or similar.

My old notes confirm that the open_basedir workaround *HAS* to be run for *both* the Gallery iBay and the iBay containing GeekLog. Well, mine inherited their separate iBays by legacy.

What about allowing both iBays to execute dynamic content (PHP)?

best wishes, Robert

[arnoldob]

I believe I found the secret sauce
First, I can't get it to work with gallery 1.5, the 1.4.4-pl4 version works better.

This command needs both ibay paths, since I've got mine setup with geeklog in the blog ibay and gallery in gallery ibay.
Change this:

Code: [Select]

/sbin/e-smith/db accounts setprop blog PHPBaseDir /home/e-smith/files/ibays/blog:/tmp:/usr/bin
To this:

Code: [Select]

/sbin/e-smith/db accounts setprop blog PHPBaseDir /home/e-smith/files/ibays/blog:/home/e-smith/files/ibays/gallery:/tmp:/usr/bin
The again for the other ibay:

Code: [Select]

/sbin/e-smith/db accounts setprop gallery PHPBaseDir /home/e-smith/files/ibays/gallery:/home/e-smith/files/ibays/blog:/tmp:/usr/bin
Then run the ibay-modify event on both ibays:

Code: [Select]

/sbin/e-smith/signal-event ibay-modify gallery
/sbin/e-smith/signal-event ibay-modify blog
And then restart httpd as before.

I notice some geeklog breakage after the ibay-modify command, i.e., articles won't save, user photos can't be uploaded, DB backups fail. It appears to reset permissions in the ibay. See the geeklog new install docs for details of how to set the permissions back here: http://www.geeklog.net/docs/install.html#install

I learned and re-learned some things:

1. Always have a backup, I killed my recently upgraded gallery 1.5 install by accident while trying to figure this out and had to restore an older version from backup.

2. RTFM, The geeklog-gallery integration posts I could find on the geeklog site all used the older version.

3. CHECK PATHS CAREFULLY! Double and triple check the paths used by geeklog and gallery configuration. Oh yeah, check paths even more carefully before deleting directories <ouch>.

Goodnight All