Topic: Drupal 7.2 on SME Server 8 beta6

[pearless]

I am trying to get Drupal 7.2 installed and running on SME Server 8beta6

I have made good progress, but I have one remaining issue.

So far I have had to:

to get PHP to work correctly:

Code: [Select]

db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary:/tmp
signal-event ibay-modify Primary

to get the overrides working properly for Apache:

Code: [Select]

db accounts setprop Primary AllowOverride all
db accounts setprop Primary FollowSymLinks enabled
db accounts setprop Primary Indexes disabled
signal-event ibay-modify Primary

to set appropriate memory limits for php:

Code: [Select]

db configuration setprop php MemoryLimit 128M
db configuration setprop php PostMaxSize 112M
db configuration setprop php UploadMaxFilesize 96M
expand-template /etc/php.ini
sv t httpd-e-smith
BUT, whenever I try to upload a module (as a .tar.gz) from within Drupal I get a ftp failed error in the update manager window (in this case I am trying to upload the colorbox module which I have tried to do both from the drupal website, and from a copy locally on another client machine using the same web interface):

Code: [Select]

File Transfer failed, reason: Cannot create directory /home/e-smith/files/ibays/Primary/html/drupal-7.2/sites/all/modules/colorbox
I have traced the code to the php ftp_mkdir call in the following function in ftp.inc:

Code: [Select]

  protected function createDirectoryJailed($directory) {
    if (!ftp_mkdir($this->connection, $directory)) {
      throw new FileTransferException("Cannot create directory @directory", NULL, array("@directory" => $directory));
    }
  }

where it is passed

Code: [Select]

/home/e-smith/files/ibays/Primary/html/drupal-7.2/sites/all/modules/colorboxin the $directory variable

Note: I use a general user account for the authorisation screen to upload the module.  I can use ftp to remotely ftp the module using the same user account from another machine.

I believe that this is a SME server specific issue as I have a drupal 7.2 on Centos vm image from bitnami the works flawlessly.

I am a bit stuck & I am running out of time, HELP!

Cheers
Douglas.

[pearless]

Well after a lot of debugging and searching, I found the following the the /var/log/secure log:

Code: [Select]

Jun 19 20:01:49 hikitia proftpd[25073]: hikitia.hikitia.com (127.0.0.1[127.0.0.1]) - USER fred: Login successful.
Jun 19 20:01:49 hikitia proftpd: pam_env(ftp:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
Jun 19 20:01:49 hikitia proftpd: pam_unix(ftp:session): session closed for user fred

Note I have also tried to modify the ChrootDir but to no effect:

Code: [Select]

config setprop ftp ChrootDir /home/e-smith/files/ibays/Primary/html/drupal-7.2/sites/default/files/tmp2
config show ftp

Any ideas as to why I am getting the security issues with PAM ?

Cheers
Douglas

[Stefano]

Any ideas as to why I am getting the security issues with PAM ?

no, but you should report it in bugzilla, thank you

[pearless]

Raised as bug 6654: http://bugs.contribs.org/show_bug.cgi?id=6654

I have now closed this bug as it is *NOT* an SME problem, rather drupal 7.2 does not correctly handle Chroot'd users.

You need to apply this patch http://drupal.org/files/issues/filetransfer_chroot_other_fixes-528326-44.patch as described on this page http://drupal.org/node/528326

You also need to make sure that you do *NOT* have DefaultRoot defined or set in your /etc/proftpd.conf file.

This will allow you to install modules and themes and directly ftp to your SME Server, but it still does not allow you to update themes or modules, this is still an issue.

[pearless]

Well after much trial and lots of issues, I finally have it working.

to get PHP to work correctly:

Code: [Select]

db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary:/tmp
signal-event ibay-modify Primary
to get the overrides working properly for Apache:

Code: [Select]

db accounts setprop Primary AllowOverride all
db accounts setprop Primary FollowSymLinks enabled
db accounts setprop Primary Indexes disabled
signal-event ibay-modify Primary

to set appropriate memory limits for php:

Code: [Select]

db configuration setprop php MemoryLimit 128M
db configuration setprop php PostMaxSize 112M
db configuration setprop php UploadMaxFilesize 96M
expand-template /etc/php.ini
sv t httpd-e-smith
in order to be able to ftp new themes and modules to your drupal installation, you need to go to the server-manager panel in smeserver and:

• create a user from the user panel and reset their password
• enable ftp from local networks

and give them access permissions; say you created a user called fred, then in order for fred to be able to ftp the required files via the drupal interface, then you give them permission to do so like this:

Code: [Select]

cd /home/e-smith/files/ibays/Primary/html/
chown -R fred:www .
find . -type d -exec chmod u=rwx,g=rx,o= {} \;
find . -type f -exec chmod u=rw,g=r,o= {} \;

where fred is the user account you use to ftp the files (for example installing a new theme) and www is the account that smesever runs the web server under.

and lastly you have to modify the /etc/proftpd.conf file and comment out the "DefaultRoot" line

Code: [Select]

cp /etc/e-smith/templates/etc/proftpd.conf/05DefaultRoot /etc/e-smith/templates-custom/etc/proftpd.conf/
nano  /etc/e-smith/templates-custom/etc/proftpd.conf/05DefaultRoot

and make comment out the DefaultRoot like:

Code: [Select]

#DefaultRoot            /home/e-smith/files

save the file by going pressing the control and o keys together, then exit nano by pressing the control and the x keys together.
then you need to expand the template:

Code: [Select]

expand-template /etc/proftpd.conf

to confim this:

Code: [Select]

config show ftp             
should return:

Code: [Select]

ftp=service
    LoginAccess=private
    TCPPort=21
    access=private
    status=enabled

NOTE: Do *not* set the ChrootDir property that I did in an earlier posting as it causes problems!:
config setprop ftp ChrootDir /home/e-smith/files/ibays/Primary/html/drupal-7.2/sites/default/files/tmp2
I have this working on the 8Beta7 release.

So the key lessons are:
(1) the user account that you use to ftp the files (e.g. themes and modules) must correctly access the various drupal directories
(2) DefaultRoot for proftpd must be disabled.

As a footnote, I would recommend only enabling ftp via the server-manager panel just when you need it so that it is not turned on all the time!

I would be interested in any comments from more knowledgeable drupal people that me!

It now works properly, what a mission.

If anyone is interested I could write a HOWTO?

[imcintyre]

That would be a good idea.

[janet]

pearless

If anyone is interested I could write a HOWTO?

Yes I'm sure there are many Drupal & SME users who would benefit from your efforts.
That's how it works here, someone does something & publishes it for others, ...and so on.... the wheel goes around ....

[pearless]

pearless

Yes I'm sure there are many Drupal & SME users who would benefit from your efforts.
That's how it works here, someone does something & publishes it for others, ...and so on.... the wheel goes around ....

The wiki entry has now been created: http://wiki.contribs.org/Drupal

Please try this out to ensure I haven't forgotten anything!

[nicko]

Code: [Select]

db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary:/tmp
Hello! This line of code correct?

Code: [Select]

[root@ns8 Primary]# cd /home/e-smith/files/ibays/Primary:/tmp

-bash: cd: /home/e-smith/files/ibays/Primary:/tmp: No such file or directory
What is it? I do not understand, please explain

Code: [Select]

:/tmp

[Jáder]

That line means both path are valid as BaseDir for PHP.
The  ":" it's just the separator for those two paths.

[janet]

nicko

Read
http://wiki.contribs.org/PHP

[CharlieBrady]

Well after much trial and lots of issues, I finally have it working.

You'll find that it is broken the next time you upgrade the server.

Do not try to change the ownership and permission of the Primary i-bay. Use a different i-bay, and use a member of its group which has write access when doing ftp. chdir from the user's home directory to the i-bay directory using ../../.. path.  These are standard features of SME server software which you don't need to change.

[Stefano]

Charlie, did you realize you answered to a 2 years old post?

[CharlieBrady]

Charlie, did you realize you answered to a 2 years old post?

Better late than never.

Blame nicko for resurrecting the thread.

[chris burnat]

Moving to Contribs section of the Forums.

[nicko]

Please help me!

I'm Install drupal according to the instructions: http://wiki.contribs.org/Drupal, but it is impossible to update the modules through drupal (ftp), manually have to upload.

[Stefano]

please help us to help you

"it doesn't work" isn't enough..
take a look at the logs (/var/log/httpd/)

I suspect something wrong with phpbasedir settings

[nicko]

Code: [Select]

phpinfo:
open_basedir /home/e-smith/files/ibays/Primary:/tmp:/home/e-smith/files/tmp no value

Code: [Select]

[root@ns8 ~]# db accounts get Primary
ibay|AllowOverride|all|CgiBin|enabled|FollowSymLinks|enabled|Group|shared|Indexes|disabled|Modifiable|no|Name|Primary i-bay|PHPBaseDir|/home/e-smith/files/ibays/Primary:/tmp:/home/e-smith/files/tmp|PasswordSet|no|Passwordable|no|PublicAccess|global|Removable|no|UserAccess|wr-admin-rd-group


[Stefano]

aha..
and what about log? without the error messages we can't help you (my crystal ball is broken atm)

[nicko]

[nicko]

Code: [Select]

/var/log/httpd/error_log: Просмотрен в Wed May 28 13:15:46 2014.
[Thu May 22 01:12:09 2014] [notice] Digest: generating secret for digest authentication ...
[Thu May 22 01:12:09 2014] [notice] Digest: done
[Thu May 22 01:12:10 2014] [notice] SSL FIPS mode disabled
[Thu May 22 01:12:10 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 22 01:12:10 2014] [warn] RSA server certificate CommonName (CN) `ns8.domain_one.com' does NOT match server name!?
[Thu May 22 01:12:10 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 22 01:12:10 2014] [warn] RSA server certificate CommonName (CN) `ns8.domain_one.com' does NOT match server name!?
[Thu May 22 01:12:10 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 22 01:12:10 2014] [warn] RSA server certificate CommonName (CN) `ns8.domain_one.com' does NOT match server name!?
[Thu May 22 01:12:10 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 22 01:12:10 2014] [warn] RSA server certificate CommonName (CN) `ns8.domain_one.com' does NOT match server name!?
[Thu May 22 01:12:10 2014] [warn] Init: SSL server IP/port conflict: domain_two.com:443 (/etc/httpd/conf/httpd.conf:836) vs. domain_three.com:443 (/etc/httpd/conf/httpd.conf:934)
[Thu May 22 01:12:10 2014] [warn] Init: SSL server IP/port conflict: domain_four.com:443 (/etc/httpd/conf/httpd.conf:738) vs. domain_three.com:443 (/etc/httpd/conf/httpd.conf:934)
[Thu May 22 01:12:10 2014] [warn] Init: SSL server IP/port conflict: domain_one.com:443 (/etc/httpd/conf/httpd.conf:610) vs. domain_three.com:443 (/etc/httpd/conf/httpd.conf:934)
[Thu May 22 01:12:10 2014] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!
[Thu May 22 01:12:10 2014] [notice] Apache configured -- resuming normal operations
[Thu May 22 01:19:43 2014] [crit] [client 91.79.152.9] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://lanos-club.ru/forum/index.php?showtopic=14185
[Thu May 22 01:19:43 2014] [crit] [client 91.79.152.9] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://lanos-club.ru/forum/index.php?showtopic=14185
[Thu May 22 01:19:43 2014] [crit] [client 91.79.152.9] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://lanos-club.ru/forum/index.php?showtopic=14185
[Thu May 22 01:19:43 2014] [crit] [client 91.79.152.9] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://lanos-club.ru/forum/index.php?showtopic=14185
[Thu May 22 01:19:43 2014] [crit] [client 91.79.152.9] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://lanos-club.ru/forum/index.php?showtopic=14185
[Thu May 22 01:31:47 2014] [crit] [client 82.145.211.110] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.lanos.in.ua/forum/lofiversion/index.php/t34455-100.html
[Thu May 22 02:10:36 2014] [crit] [client 109.229.99.87] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.domain_two.com/elegia
[Thu May 22 02:10:44 2014] [crit] [client 109.229.99.87] (13)Permission denied: /home/e-smith/files/ibays/Primary/html/img/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://www.domain_two.com/elegia
[Thu May 22 02:35:25 2014] [crit] [client 188.162.226.133] (13)Permission de