FrontPage Extensions & cPanel

[slimak]

Hello,
I have problem with using FrontPage Extensions at cPanel server.
I tried to login at http://account_domain/_vti_bin/_vti_adm/fpadmcgi.exe, but there was an error. In _vti_pvt/service.pwd was at first line "# - FrontPage -". When I deleted that comment (this is first problem), I can now login to http://account_domain/_vti_bin/_vti_adm/. When I go to http://account_domain/_vti_bin/_vti_adm/fpadmcgi.exe, I see 404 error. On Apache&cPanel there is working a FrontPage Extenstions Site. That is the second problem. Could you tell me, how could I enable FrontPage Extensions?

 

[slimak]

Answer

Yesterday I do some tests and there is impossible to setup FrontPage Extenstions, when you import configuration from httpd.conf (e. g. cPanel). I did also steps described at: http://www.litespeedtech.com/library/howto/#qa_frontpage

There is problem with: "The most important configuration is the Domain Names, it must match the domain name part of the URL that you used to access the web page, and otherwise it will not work". When configuration is imported from httpd.conf, then "Domain Names" aren't set. cPanel keeps FrontPage Extensions cofigurations in /usr/local/frontpage/. May you add ability to work FrontPage Extensions with httpd.conf/cPanel configuration?

 

[mistwang]

What is the apache directive used by cPanel to enable frontpage for a vhost?

"FrontpageEnable"? or something else?

 

[slimak]

Answer

None, there is only a one line in httpd.conf about FrontPage:
AddModule mod_frontpage.c

 

[mistwang]

OK, it is the mod_frontpage coming with Microsoft frontpage package, it is like a global switch which enable frontpage for all vhosts. I will add support for that module.

 

[mistwang]

OK, frontpage should work now with the updated package, please give it a try and let me know. Thanks.

 

[slimak]

Answer

There are still some problems:
1. from error.log:
[NOTICE] [FrontPage] //home/user/public_html/_vti_inf.html is missing!
or
[NOTICE] [FrontPage] ownership of //home/user/public_html/_vti_inf.html does not match ownership of document root!
2. the _vti_pvt/service.pwd file have by default permissions 0600, so LSWS can't access to that file. If there is a necessary, I may try to do some changes in cPanel files, which sets permissions to service.pwd.
3. after upgrade lsws, I had an error 403 for all _vti_*/* files
4. now the FrontPage Extensions doesn't work, but I don't know why
4. what will happen if somebody add FrontPage Extentions for his account in cPanel (cPanel isn't reloading lsws after that)?

 

[mistwang]

1. _vti_inf.html related error messages are because frontpage extension has not been installed for that vhost. LSWS tests existances of a few files under document root to make sure frontpage extension is enabled for that vhost. We can skip that test and enable fp extension for all vhost.
Who own the _vti_inf.html as well as all other _vti_*? it supposed to be owned by the same user that own the document root. Probably not required, we can relax the requirement on this.
2. should not matter, as service.pwd is only used by the extension itself running in setuid mode.
3. That's for security reason, direct access to all _vti_*/* files are denied.
4. probably because problem in #1, extension has not been turned on.
5. That's a good question, it will not be enabled as LSWS only verifies this at startup, maybe should just skip the verification.

 

[slimak]

1. They are owned by the $user:$user. The document root is owned by $owner:nobody
3. Some or even all should be accessible directly.
4. I will check that.
5. That could be a good idea. It could be verified, when somebody will try to use FrontPage Extensions for his site i.e. it will access the _vti_bin dir.

 

[mistwang]

Please give the to be released RC2 package a try

http://www.litespeedtech.com/packages/3.0/lsws-3.0RC2-std-i386-linux.tar.gz

It should work better.

 

[slimak]

Answer

They still doesn't work.
1. At first I had error: The server extensions were unable to access the file "www.$account_domain.conf". Please check the permissions.
2. I changed permissions to file /usr/local/apache/conf/sites/www.$account_domain.conf (owned by root:$user) to 644
3. I had then error: The server extensions were unable to access the file "httpd.conf". Please check the permissions.
4. I changed permissions to file /usr/local/apache/conf/httpd.conf (owned by root:root, default perms are 600) to 644.
5. FrontPage said that I must change the AllowOverride option to something else than none. I chaged the AllowOverride to All (for directory /usr/local/httpd/htdocs).
6. FrontPage asked me for user and password. It doesn't accept the correct one.
7. I changed permissions to file /home/$user/public_html/_vti_pvt/service.pwd (owned by $user:$user) to 644.
8. FrontPage accepted the password to $account_domain, but I have now another problem. FrontPage is asking for password to something else (it doesn't display for what).
May you check that? If possible, please also eliminate some needed changes described in points 1-8. Thanks.

 

[mistwang]

All the permission issuses are caused by the uid/gid that frontpage extension run as.
I wonder what uid/gid is used under cPanel + Apache, root:$user? What is the ownership of file uploaded via FP extension?
LiteSpeed run it under $user:nobody, same as the the owner of doc_root. I can change it to $user:$user, or root:$user, but need to find out which one should be used.

 

[mistwang]

cPanel has customized the standard frontpage installation, have mod_auth_pathrough and a customized frontpage wrapper fp-auth in order to make frontpage works when the service.pwd only readable to the user.

To make fp externsion works under LSWS, you have change relax the security of service.pwd a little bit, make it owned by $user:nobody with permission 0640, that's only modification you need to make.

The RC2 package has been updated, and I had verified that it works. Please give it a try and let me know the result.

 

[slimak]

Answer

There are still problems 3, 4, 5 and 8. Others (when I change the permissions to service.pwd) are now ok.

 

[mistwang]

Are you sure it is the default cPanel FP extension installation?

I wonder what FP extension feature were you using? the global admin site which can be used to enable/disable FP extension for each vhost? admin page for each site which can be used to manage user accounts? or uploading through FP extension from a windows machine.

The global admin site will not work under cPanel and it is not needed at all, cPanel will enable FP extension for each site automatically, no need to go through the global admin site. The other two features work well.

Default cPanel FP extension for each vhost does not use /usr/local/apache/conf/httpd.conf, instead, each vhost has a dedicated fake configuration file under /usr/local/apache/conf/sites/... , httpd.conf is not touched by FP extension for normal use.

And it may not be possible to make the global admin site work under cPanel, as /usr/local/apache/conf/httpd.conf is only readable to "root" user, and it is not desireable to run the FP extension CGI as root, problem 3,4,5 are related to it directly, problem 8 probably is caused by that as well.

 

[slimak]

Answer

I checked the /usr/local/apache/conf/sites/ and there are only files like www.domain. I always tried to access "domain" (without www.) in frontpage. Today I entered www.domain and... it works perfectly! Thanks for help.

If there is possible, please made FrontPage Extensions accessible from domain (without www.). In Apache I can access they both by domain and www.domain.