Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: arne on November 22, 2006, 12:06:57 AM
-
I have installed phproject to one of my sme boxes. (SME 7.0 server only)
It were originaly not able to upload files wia web due to security restrictions in the PHP setup (I belive.)
This is, I think, an old and very well known problem from at least SME 5.2 and SME 6.0.1, and also before that, I believe.
During the years I have used a fix from this problem using an old and rather historical e-smith faq:
<qoute>
PHP applications running in i-bays can only access files within the same i-bay. Is there a way that the administrator can relax this restriction?
Yes. The administrator can change the PHP Base Directory by executing the following commands (as root):
/sbin/e-smith/db accounts setprop your_i-bay_name PHPBaseDir /
/sbin/e-smith/signal-event ibay-modify your_i-bay_name
Note that the PHPBaseDir argument can be more restrictive than the example shown above. For example PHPBaseDir can also be '/home/e-smith/files/'.
<unquote>
Well, I now tried this procedure on the SME 7.0 as well with a bit less success.
First the web server crashed completely. I then made a new basic configuration og the server (logging in via ssh as admin).
The web server came back but it is now anly capable of handeling .html pages. None php pages works.
Any ideas how to come back to the original setup or to fix the php upload problem ?
Any suggestions will be apreciated
Best reg Arne
-
phprojekt - yet another project that has never heard of move_uploaded_file(), and prefers for admins to losen up the security on their servers.
http://us2.php.net/manual/en/function.move-uploaded-file.php
You may wish to raise it as a bug.
-- JJ
-
Correction:
The php fuction appears to work for the virtual domains but not for the Primary domain or subfolders. I dont know if the upload function works.
I have looked trough the custom templates and can not find any changes.
The commands I used were like this:
/sbin/e-smith/db accounts setprop Primary PHPBaseDir /
/sbin/e-smith/signal-event ibay-modify Primary
For the old SME 6.x this worked in the way that all restrictions for uploading files via php disapeared. For the SME 7.0 it looks like the effect is a bit different.
One thing I am wondering about is: If I made a backup and a restore will the backup restore still contain the modification ?? (I believe in the SME 6.x it did, even though there were no entries in the custom templates. Could be I have an incorrect memory about this.)
-
->judgej
Thanks for your info. I did not see it when I was writing/testing my server.
I guess that the function you refer to does not use the /tmp folder like that the phproject does ?
Arne
-
->judgej
Thanks for your info. I did not see it when I was writing/testing my server.
I guess that the function you refer to does not use the /tmp folder like that the phproject does ?
Arne
It does use the /tmp folder, but it does so in a way that bypasses the directory restrictions. It also has extra safeguards in it ensuring it cannot be hijacked to copy other files, such as /etc/passwd to a web-accessible location, something that phprojekt has been renouned for in the past.
-- JJ
-
Hmm .. The old upload method does not work any more, I think.
On the other hand I saved all my files and php applications under Primary by just copying them all over to a new i-bay.
phproject is an extremely good application, so I will try to solve the problem with the upload function in one way or the other.
Just don't know how yet .. ( .. modifying the phproject code might be an alternative ..)
Arne
-
Found this one ..
http://forums.contribs.org/index.php?topic=34615.0
Have not solved the problem.
-
Correction:
The php fuction appears to work for the virtual domains but not for the Primary domain or subfolders. I dont know if the upload function works.
I have looked trough the custom templates and can not find any changes.
The commands I used were like this:
/sbin/e-smith/db accounts setprop Primary PHPBaseDir /
/sbin/e-smith/signal-event ibay-modify Primary
For the old SME 6.x this worked in the way that all restrictions for uploading files via php disapeared. For the SME 7.0 it looks like the effect is a bit different.
One thing I am wondering about is: If I made a backup and a restore will the backup restore still contain the modification ?? (I believe in the SME 6.x it did, even though there were no entries in the custom templates. Could be I have an incorrect memory about this.)
To go back to original..
/sbin/e-smith/db accounts delprop Primary PHPBaseDir
/sbin/e-smith/signal-event ibay-modify Primary
What may get you going..
/sbin/e-smith/db accounts setprop Primary PHPBaseDir /home/e-smith/files/ibays/Primary/: /tmp
/sbin/e-smith/signal-event ibay-modify Primary
-
I'm impressed ! It worked. The web is full of the old solution here and there, but the only place I have seen the new solution is here in this tread.
One stange thing was that I also had to change the security setting of the phproject upload folder. I now use 775. I had it more restrictive under sme 6.0.1
Until now I have just testet the upload in subfolders of the Primary ibay.
Thanks a lot :D
Arne
-
A small correction again ..
It is the upload to other i-bays than Primary that works. Upload to subfolders of Primary seems not to work. (I think that is not a problem at all.) (And the other i-bays than Primary is accessed as virtually domains.)
To mention it again, I had to set the permisions of the opload folder a little bit different from the sme 6.0.1. This time I use 775
Arne
-
Upload function tested with Windows XP / Explorer And Linux / Konqueror / Opera http ans https. Everything worked just fine.
Great ! :D :D :D
Thanks again !
Arne
-
I thought I would have a play...
Download and extract all the files to /opt/phpproject
chown www:www -R /opt/phpproject
Make a file.. 86phpproject
Contents...
# phpproject
Alias /phpproject /opt/phpproject
<Directory /opt/phpproject>
SSLRequireSSL on
Options -Indexes
AllowOverride None
order deny,allow
deny from all
allow from all
Satisfy all
AddType application/x-httpd-php .php .php3
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
and copy it to /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
expand-template /etc/httpd/conf/httpd.conf
svc -t /service/httpd-e-smith
Make a empty mysql db and user
Goto
https://server/phpproject
File uploads appear to work.
https://secure.magicwilly.info/phpproject
arne/arne
And open_basedir is not set...
https://secure.magicwilly.info/phpproject/index2.php