[solved] 4.1.5 php suExec issue

I

IrPr

Well-Known Member
#1
#1
Hi

after upgrading to 4.1.5 just found that some scripts are executed under nobody group which leads to sessions files to be stored with nobody user at tmpdir
also directories needs to be 777 word writable in order to php to have write access there while suExec/suphp is enabled

PS: there was no issue till 4.1.4
also tried to set 000 for new script restricted permission mask features but didn't work

Regards
 
Last edited by a moderator:
M

mistwang

LiteSpeed Staff
#2
#2
We need more information to reproduce this in our lab.
If you knew which script run as nobody, please send us more information.

file path, content of .htaccess along the path.

It is a cPanel server, right?
 
I

IrPr

Well-Known Member
#3
#3
mistwang said:
We need more information to reproduce this in our lab.
If you knew which script run as nobody, please send us more information.

file path, content of .htaccess along the path.

It is a cPanel server, right?
Click to expand...
Yes, cPanel server with the following configurations:

Code: 
<VirtualHost 95.211.87.120:80>
    ServerName w00t.tld
    ServerAlias www.w00t.tld
    DocumentRoot /home/usr/public_html
    ServerAdmin webmaster@w00t.told
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/w00t.tld combined
    CustomLog /usr/local/apache/domlogs/w00t.tld-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    UserDir enabled usr 
    <IfModule concurrent_php.c>
        php4_admin_value open_basedir "/home/usr:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        php_admin_value open_basedir "/home/usr:/usr/lib/php:/usr/local/lib/php:/tmp"
    </IfModule>
    <IfModule !concurrent_php.c>
        <IfModule mod_php4.c>
            php_admin_value open_basedir "/home/usr:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        </IfModule>
        <IfModule mod_php5.c>
            php_admin_value open_basedir "/home/usr:/usr/lib/php:/usr/local/lib/php:/tmp"
        </IfModule>
        <IfModule sapi_apache2.c>
            php_admin_value open_basedir "/home/usr:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp"
        </IfModule>
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup usr usr
    </IfModule>
    <Directory "/home/w00t/public_html">
        Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch
        AllowOverride AuthConfig Limit FileInfo
        RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
    </Directory>

</VirtualHost>
htaccss ( WP - W3TC enabed ):
Code: 
# BEGIN W3TC Page Cache
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{HTTP_USER_AGENT} (2\.0\ mmp|240x320|alcatel|amoi|asus|au\-mic|audiovox|avantgo|benq|bird|blackberry|blazer|cdm|cellphone|danger|ddipocket|docomo|dopod|elaine/3\.0|ericsson|eudoraweb|fly|haier|hiptop|hp\.ipaq|htc|huawei|i\-mobile|iemobile|j\-phone|kddi|konka|kwc|kyocera/wx310k|lenovo|lg|lg/u990|lge\ vx|midp|midp\-2\.0|mmef20|mmp|mobilephone|mot\-v|motorola|netfront|newgen|newt|nintendo\ ds|nintendo\ wii|nitro|nokia|novarra|o2|openweb|opera\ mobi|opera\.mobi|palm|panasonic|pantech|pdxgw|pg|philips|phone|playstation\ portable|portalmmm|ppc|proxinet|psp|pt|qtek|sagem|samsung|sanyo|sch|sec|sendo|sgh|sharp|sharp\-tq\-gx10|small|smartphone|softbank|sonyericsson|sph|symbian|symbian\ os|symbianos|toshiba|treo|ts21i\-10|up\.browser|up\.link|uts|vertu|vodafone|wap|willcome|windows\ ce|windows\.ce|winwap|xda|zte) [NC]
    RewriteRule .* - [E=W3TC_UA:_low]
    RewriteCond %{HTTP_USER_AGENT} (acer\ s100|android|archos5|blackberry9500|blackberry9530|blackberry9550|cupcake|docomo\ ht\-03a|dream|htc\ hero|htc\ magic|htc_dream|htc_magic|incognito|ipad|iphone|ipod|lg\-gw620|liquid\ build|maemo|mot\-mb200|mot\-mb300|nexus\ one|opera\ mini|samsung\-s8000|series60.*webkit|series60/5\.0|sonyericssone10|sonyericssonu20|sonyericssonx10|t\-mobile\ mytouch\ 3g|t\-mobile\ opal|tattoo|webmate|webos) [NC]
    RewriteRule .* - [E=W3TC_UA:_high]
    RewriteCond %{HTTPS} =on
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{SERVER_PORT} =443
    RewriteRule .* - [E=W3TC_SSL:_ssl]
    RewriteCond %{HTTP:Accept-Encoding} gzip
    RewriteRule .* - [E=W3TC_ENC:.gzip]
    RewriteCond %{REQUEST_METHOD} !=POST
    RewriteCond %{QUERY_STRING} =""
    RewriteCond %{REQUEST_URI} \/$
    RewriteCond %{REQUEST_URI} !(\/wp-admin\/|\/xmlrpc.php|\/wp-(app|cron|login|register|mail)\.php|wp-.*\.php|index\.php) [NC,OR]
    RewriteCond %{REQUEST_URI} (wp-comments-popup\.php|wp-links-opml\.php|wp-locations\.php) [NC]
    RewriteCond %{HTTP_COOKIE} !(comment_author|wp-postpass|wordpress_\[a-f0-9\]\+|wordpress_logged_in) [NC]
    RewriteCond "/home/usr/public_html/wp-content/w3tc/pgcache/$1/_index%{ENV:W3TC_UA}%{ENV:W3TC_SSL}.html%{ENV:W3TC_ENC}" -f
    RewriteRule (.*) "/wp-content/w3tc/pgcache/$1/_index%{ENV:W3TC_UA}%{ENV:W3TC_SSL}.html%{ENV:W3TC_ENC}" [L]
</IfModule>
# END W3TC Page Cache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
In fact I see php processes are running under specified users not nobody but when creating files ( in some cases i think ) 777 permission is needed and it should be created under nobody privileges

The same exact configuration just was working properly with prior versions but its broken in 4.1.5

Any idea?
 
Last edited:
I

IrPr

Well-Known Member
#4
#4
Forgot to mention about permissions

all files/folders are owned by usr:usr and folders are in 755 mode at least ( expect public_html which is 750 owned by usr:nobody )
 
I

IrPr

Well-Known Member
#5
#5
When WP tried to write uploaded files on bellow folder It just got error:

/home/usr/public_html/wp-content/uploads/2011/10

permissions in hierarchy:

Code: 
  12 drwxr-xr-x  9 usr usr     12288 Oct 11 22:15 wp-content/

   4 drwxr-xr-x  3 usr usr  4096 Mar  4  2011 uploads/

   4 drwxr-xr-x 10 usr usr  4096 Oct  1 04:25 2011/

164 drwxr-xr-x  2 usr usr 163840 Oct 11 23:01 10/
changing wp-content/uploads/2011/10 mode to 777 fixes the issue and WP could write there
 
I

IrPr

Well-Known Member
#9
#9
mistwang said:
Looks like php was runnng as nobody user, at least for the file upload script.
Click to expand...
Correct,
This VH's php scripts are running under nobody user while suExec/suPHP is enabled and i see all other websites are running under their own users but this one

I double checked configuration for both working properly and this one, Didn't find any difference
Also checked for all permissions, they're the same in user, group and mode

Any idea?
 
You must log in or register to reply here.
Top