Hi,

I've got a question that is not specificaly PHP, but has to do with my webserver. But perhaps any of you can help me out on this as well.

I currently have a virtual dedicated server (VDS) at a hosting company, where I host the websites of my clients. VDS means that one physical server is diveded into several virtual servers. Each VDS has a seperate linux installation and I can login as root.

Usually my website are supplied with a CMS written in php. Currently the CMS is installed seperately for every website. But I'd rather have this done centrally, to ease the updating and prevent clients from browsig through the source code.

Now my question is how this is best done? I was thinking to create a seperate hosting account in the control panel, for the installation of the CMS. Than I would include the CMS from any other account.

I tried to test this by including a file from account cms into account test. Then a received the following errors:

Warning: main(): open_basedir restriction in effect. File(/var/www/virtual/cms/htdocs/index.php) is not within the allowed path(s): (/var/www/virtual/test/:/usr/share/php/:/tmp/) in /var/www/virtual/test/htdocs/index.php on line 3

Warning: main(/var/www/virtual/cms/htdocs/index.php): failed to open stream: Operation not permitted in /var/www/virtual/test/htdocs/index.php on line 3

Warning: main(): Failed opening '/var/www/virtual/cms/htdocs/index.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/virtual/test/htdocs/index.php on line 3

Do any of you have experience with that sort of thing? How can I solve this problem of installing the CMS centrally, but accesible from different accounts?

Thanx in advance,

Michiel

You would probably need it to be in an allowed, up-root directory... There is a good reason why different accounts cant access eachothers files (imagine a script that deletes all files in a directory...

Basically, install the main part of it up root and then have it require files from there... Really though, it would be better having it installed individually for each client.

Hi Missing-score,

from what I've heard so far it is indeed best to install teh CMS for each client individually. However, since there are some downsides to it (higher maintanance, code less protected, etc.), I still would to look after the options.

Could you tell me some more about installing the main part of my CMS up root and have it require files from there. I've looked into my filestructure and the hostingaccounts are situated here:

/var/www/virtual

I quess this should be possible though, because the webmail and filemanager of my control panel (VHCS) is situated here:

/var/www/vhcs2/gui/tools

and they are accesible as well.

I was sort of thinking to create a new directory:

/var/www/cms

and find a way to access this directory from different hosting accounts ... is this a feasible idea? And if so, how would I go about this?

Thanx in advance,

Cheers Michiel

Thats probably how I would go about it... You have to find out important configuration files and find a way for these files that might be edited or contain database information to be stored individually for each user.

I guess this has to do with the open_basedir restriction. Is this correct? And how would I edit the php.ini accordingly?

your server probably has per-host apache configuration files , e.g on a Plesk VPS you would look in /home/httpd/vhosts/$account/conf for account specific httpd.conf overrides , not sure about your CP though.

basically you probably can't override httpd.conf open_basedir settings globally , though perhaps you can edit the httpd.conf overrides template if such a thing exists ..

a quick cheat to find where these directives are being set

# grep -r "open_basedir" /path/to/example/account

then simply change the basedir.

BTW I do exactly what you are planning to do and keep one copy of my framework and use it for all accounts , advantages are obvious , you only have to update 1 set of code , downfalls are that you cant test all accounts simultaneously to see if a change is likely to break anything .. I think this is where unit-testing comes in but lifes too short ~

I guess this has to do with the open_basedir restriction. Is this correct? And how would I edit the php.ini accordingly?

your server probably has per-host apache configuration files , e.g on a Plesk VPS you would look in /home/httpd/vhosts/$account/conf for account specific httpd.conf overrides , not sure about your CP though.

basically you probably can't override httpd.conf open_basedir settings globally , though perhaps you can edit the httpd.conf overrides template if such a thing exists ..

a quick cheat to find where these directives are being set

# grep -r "open_basedir" /path/to/example/account

then simply change the basedir.

BTW I do exactly what you are planning to do and keep one copy of my framework and use it for all accounts , advantages are obvious , you only have to update 1 set of code , downfalls are that you cant test all accounts simultaneously to see if a change is likely to break anything .. I think this is where unit-testing comes in but lifes too short ~

Hi Firepages,

it's good to hear that someone else has already achieved what I'm trying to do! I'm afraid however that I need some more help ..

I think that in my case there is one general php.ini file. I found this file under "etc/php4/apache2/". I can't find any other php.ini files anywhere in my linux distribution. At least there is no php.ini file in the account dirs

Now the question is how do I edit the php.ini file. What do I change "open_basedir" in. As said before the accounts are situated in "/var/www/virtual/<accountname>" and the cms file are placed under "/var/www/cms/"

Hope you can help me on this!

Michiel

its unlikely that the php.ini settings will make any difference since they are probably overwritten in apache's virtualhost configuration

the format is

open_basedir "colon seperated list of allowable directories"
e.g
open_basedir "/var/www/account:/var/shared/:cms/usr/local/pear"

but if any apache conf file (or files that that includes) contains the php flag php_admin_value then that will override any php.ini settings & you probably have 1 extra apache config for each account on the server. e.g in my /home/httpd/vhosts/example.com/conf/vhost.conf I have this

php_admin_value open_basedir "/home/httpd/vhosts/example.com/httpd
ocs:/tmp:/home/httpd/fpa_lib"

, I had to add the fpa_lib path myself to let my CMS do its stuff.

so basically I am saying , try the php.ini but I dont think that will solve the problem , chances are you need to edit seperate apache config files , find and read httpd.conf and see what files and directories it includes , hopefully that will lead you to the right files to edit.

Hi there,

I have looked into it again, but haven't succeeded yet .. but I have good hope we're getting there!

I searched for all the httpd.conf file (find / -name 'httpd.conf') and got the following result:

/usr/share/apache/default-configs/apache-perl/httpd.conf
/usr/share/apache/default-configs/apache/httpd.conf
/usr/share/apache/default-configs/apache-ssl/httpd.conf
/etc/apache2/httpd.conf
/etc/vhcs2/apache/httpd.conf

When I view the file "/etc/apache2/httpd.conf" it says:

'Include /etc/apache2/sites-available/vhcs2.conf'

In the file "/etc/apache2/sites-available/vhcs2.conf" I find this:

'<Directory /var/www/vhcs2/gui/tools/filemanager>
php_flag register_globals On
php_admin_value open_basedir "var/www/vhcs2/gui/tools/filemanager:/tmp/:/usr/share/php/"
</directory>'

Is this the correct place to add the dir to my CMS "/var/www/cms/"?

The file "/etc/vhcs2/apache/httpd.conf" is exactly the same as "/etc/apache2/sites-available/vhcs2.conf" .. which one should I edit? I tried to edit both files without any result. Hmm when I come to think of it, do I have to restart apache before the changes take effect?

Hope you can help me out!

Cheers, Michiel

I thinks that conf is just for your Control Panel

log in via ssh & type .. (assuming /var/www is where your actual domains are)

grep -r "open_basedir' /var/www

also try

grep -r 'open_basedir' /etc/apache2

this will show you all the files (under the path specified) that have open-basedir anywhere in them ... note it can take a while for the script to run !!

Hi,

I guess I'm one step further now ... I executed the commands you gave me. What I found out is teh following:

The string 'open_basedir' doesn't occur in the directory '/var/www' exepct in manual pages of phpmyadmin.

The string does occur in the directory '/etc/apache2' in the file I mentioned earlier '/etc/apache2/sites-available/vhcs2.conf'. I also found out that this file is edited whenever I create a new user/ domain. I created the user test.nl and now there are some rules about this user in the conf file:


# httpd Data BEGIN.

#
# Web traffic accounting.
#

LogFormat "%B" traff

#
# GUI Location.
#

Alias /vhcs2 /var/www/vhcs2/gui
<Directory /var/www/vhcs2/gui>
AllowOverride none
Options MultiViews IncludesNoExec FollowSymLinks
ErrorDocument 404 /vhcs2/errordocs/index.php
DirectoryIndex index.html index.php
</Directory>

<Directory /var/www/vhcs2/gui/tools/filemanager>
php_flag register_globals On
php_admin_value open_basedir "/var/www/vhcs2/gui/tools/filemanager/:/tmp/:/usr/share/php/"
</Directory>

Alias /vhcs_images /var/www/vhcs2/gui/images
<Directory /var/www/vhcs2/gui/images>
AllowOverride none
Options MultiViews IncludesNoExec FollowSymLinks
</Directory>

#
# Default GUI.
#

<VirtualHost _default_:*>

DocumentRoot /var/www/vhcs2/gui

<Directory /var/www/vhcs2/gui>
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>

</VirtualHost>

# httpd [11.111.11.11] virtual host entry BEGIN.

NameVirtualHost 11.111.11.11

# httpd [test.nl] dmn group entry BEGIN.

# httpd [{SUB_NAME}] sub entry BEGIN.
# httpd [{SUB_NAME}] sub entry END.

# httpd [test.nl] dmn entry BEGIN.
<VirtualHost test.nl>

#
#User vu2001
#Group vu2001
#

#
#SuexecUserGroup vu2001 vu2001
#

ServerAdmin root@test.nl
DocumentRoot /var/www/virtual/test.nl/htdocs

ServerName test.nl
ServerAlias www.test.nl test.nl

ErrorLog /var/log/apache2/users/test.nl-error.log
TransferLog /var/log/apache2/users/test.nl-access.log

CustomLog /var/log/apache2/test.nl-traf.log traff
CustomLog /var/log/apache2/test.nl-combined.log combined

Alias /errors /var/www/virtual/test.nl/errors/

ErrorDocument 401 /errors/401/index.php
ErrorDocument 403 /errors/403/index.php
ErrorDocument 404 /errors/404/index.php
ErrorDocument 500 /errors/500/index.php

# httpd dmn entry cgi support BEGIN.
ScriptAlias /cgi-bin/ /var/www/virtual/test.nl/cgi-bin/
<Directory /var/www/virtual/test.nl/cgi-bin>
AllowOverride None
#Options ExecCGI
Order allow,deny
Allow from all
</Directory>
# httpd dmn entry cgi support END.

<Directory /var/www/vhcs2/gui>
php_admin_value open_basedir "/var/www/vhcs2/gui/:/etc/vhcs2/:/proc/:/var/www/virtual/:/tmp/"
</Directory>

# httpd dmn entry PHP2 support BEGIN.
php_admin_value open_basedir "/var/www/virtual/test.nl/:/usr/share/php/:/tmp/"
# httpd dmn entry PHP2 support END.

<Directory /var/www/virtual/test.nl/htdocs>
# httpd dmn entry PHP support BEGIN.
# httpd dmn entry PHP support END.
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

</VirtualHost>
# httpd [test.nl] dmn entry END.

# httpd [test.nl] dmn group entry END.

# httpd [{DMN_GRP}] dmn group entry BEGIN.
# httpd [{DMN_GRP}] dmn group entry END.

# httpd [{ALS_NAME}] als entry BEGIN.
# httpd [{ALS_NAME}] als entry END.

# httpd [11.111.11.11] virtual host entry END.

# httpd [{IP}] virtual host entry BEGIN.
# httpd [{IP}] virtual host entry END.

# httpd Data END.


I guess I could edit the file manualy, but I must admit I don't really understand it ... can anyone take a look at it?

Thanx! Michiel

ok well the bit that is of interest is ..

# httpd dmn entry PHP2 support BEGIN.
php_admin_value open_basedir "/var/www/virtual/test.nl/:/usr/share/php/:/tmp/"
# httpd dmn entry PHP2 support END.

editing this to ... (and then restarting apache)

# httpd dmn entry PHP2 support BEGIN.
php_admin_value open_basedir "/var/www/virtual/test.nl/:/usr/share/php/:/tmp/:/var/www/virtual/cms/"
# httpd dmn entry PHP2 support END.

would temporarily solve your problem , its a temporary fix becuase the httpd.conf will probably be overwritten by the control panel the next time you add or edit a domain.

some CP's have a skeleton file (often called $whatever.skel) that gets parsed to create the httpd.conf , if so & if you can find it then you can edit that template to include your changes.

else you will just have to re-edit the httpd.conf after each change since your httpd.conf prohibits making these changes via .htaccess files.

Hi Firepages,

thanks a lot .. I got it to work! At least I managed to include a file situated in the account 'cms.nl' into a file inside the account 'test.nl'.

As you already indicated this is just a temporary solution, because any changes made in the CP overwrites the configuration file. I tried to look for a .skel file ("find / *.skel"), but I got no results.

Have you got any tips on finding the file that acts as a template for the configuration file?

Thanx again! Cheers Michiel

Not a clue sorry , in fact if there was such a template/skeleten file then the grep command should have found it earlier (you could `grep -r "open_basedir" /` but that could be a long search ;) (and may throw some errors in /proc && /dev etc))

I have never used your CP so I dont know how the internals work , on Plesk IF you create a vhost.conf file in a certain directory then plesk spots it and includes it into the virtual host configuration , but I had to do a bit of digging to work that out even though plesk has a reasonable amount of documentation.
Cpanel, Ensim are different again.