From mysql.jorge at decimal.pt Fri Jan 6 00:32:39 2017 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Thu, 5 Jan 2017 23:32:39 -0000 Subject: [mpm-itk] ITK and php7+apache 2.4.25 Message-ID: <000001d267ac$011f9ad0$035ed070$@jorge@decimal.pt> Howdy, I just upgraded to php7+apache 2.4.25, and not, even with vhosts with: AssignUserID #5015 #5000 The user/group of the vhost is www-data, the configuration placed no efect, it was working fine for previous apache version 2.4.10 and php 5.6x. Any idea where should I start? I havent changed my configuration. Where should I start to debug this? Thanks in advanced! -------------- next part -------------- An HTML attachment was scrubbed... URL: From jean at phpnet.org Fri Jan 6 02:11:53 2017 From: jean at phpnet.org (Jean Weisbuch) Date: Fri, 6 Jan 2017 02:11:53 +0100 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <000001d267ac$011f9ad0$035ed070$@jorge@decimal.pt> References: <000001d267ac$011f9ad0$035ed070$@jorge@decimal.pt> Message-ID: <77f00ad0-a68e-1389-86c6-9d9ea92c7978@phpnet.org> Is it the same version of mpm_itk on both cases? Have you tested with "|EnableCapabilities|Off" and is there anything on the error log? Le 06/01/2017 ? 00:32, Jorge Bastos a ?crit : > > Howdy, > > I just upgraded to php7+apache 2.4.25, and not, even with vhosts with: > > AssignUserID #5015 #5000 > > The user/group of the vhost is www-data, the configuration placed no > efect, it was working fine for previous apache version 2.4.10 and php > 5.6x. > > Any idea where should I start? I havent changed my configuration. > > Where should I start to debug this? > > Thanks in advanced! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mysql.jorge at decimal.pt Fri Jan 6 12:44:47 2017 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 06 Jan 2017 11:44:47 +0000 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <77f00ad0-a68e-1389-86c6-9d9ea92c7978@phpnet.org> References: <000001d267ac$011f9ad0$035ed070$@jorge@decimal.pt> <77f00ad0-a68e-1389-86c6-9d9ea92c7978@phpnet.org> Message-ID: <2cc0f83ef9a5f5137bc5ffe15a057030@decimal.pt> Hi Jean, Thanks for the reply. Meanwhile I confirmed that, sinse i'm using for some old websites php fpm via fcgi, since fcgi just uses one user the AssinUserID doesn't has any efect. My doubt now is, would it be possible to have itk on it aswell? my vhost is: AssignUserID #5015 #5000 ServerName re.pt ServerAlias www.re.pt SetHandler "proxy:fcgi://127.0.0.1:9056" php_admin_value open_basedir /home/hosting/re.pt/:/tmp/:/usr/share/php/ php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f re.pt at fastweb.dal.pt" php_admin_value session.save_path /tmp/ etc etc On 2017-01-06 1:11, Jean Weisbuch wrote: > Is it the same version of mpm_itk on both cases? > > Have you tested with "EnableCapabilities Off" and is there anything on the error log? > > Le 06/01/2017 ? 00:32, Jorge Bastos a ?crit : > >> Howdy, >> >> I just upgraded to php7+apache 2.4.25, and not, even with vhosts with: >> >> AssignUserID #5015 #5000 >> >> The user/group of the vhost is www-data, the configuration placed no efect, it was working fine for previous apache version 2.4.10 and php 5.6x. >> >> Any idea where should I start? I havent changed my configuration. >> >> Where should I start to debug this? >> >> Thanks in advanced! > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk [1] Links: ------ [1] http://lists.err.no/mailman/listinfo/mpm-itk -------------- next part -------------- An HTML attachment was scrubbed... URL: From sgunderson at bigfoot.com Fri Jan 6 12:58:45 2017 From: sgunderson at bigfoot.com (Steinar H. Gunderson) Date: Fri, 6 Jan 2017 12:58:45 +0100 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <000001d267ac$011f9ad0$035ed070$@jorge@decimal.pt> References: <000001d267ac$011f9ad0$035ed070$@jorge@decimal.pt> Message-ID: <20170106115845.GA16819@sesse.net> On Thu, Jan 05, 2017 at 11:32:39PM -0000, Jorge Bastos wrote: > The user/group of the vhost is www-data, the configuration placed no efect, > it was working fine for previous apache version 2.4.10 and php 5.6x. > > Any idea where should I start? I havent changed my configuration. PHP shows the wrong value for uid/gid. Verify that you are _actually_ running as the user you think you are. /* Steinar */ -- Homepage: https://www.sesse.net/ From mysql.jorge at decimal.pt Fri Jan 6 17:51:28 2017 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 6 Jan 2017 16:51:28 -0000 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <20170106115845.GA16819@sesse.net> References: <000001d267ac$011f9ad0$035ed070$@jorge> <20170106115845.GA16819@sesse.net> Message-ID: <000901d2683d$2021de70$60659b50$@jorge@decimal.pt> Hi Steiner, > > Any idea where should I start? I havent changed my configuration. > > PHP shows the wrong value for uid/gid. Verify that you are _actually_ > running as the user you think you are. > My real issue is what i said in the previous email, I'm running some vhosts with php fpm, and since fpm run's with just one user it was running with www-data default webserver's user. Question is, can I tell fpm to use the itk inside FilesMatch? I think no but if you can confirm my vhost is: AssignUserID #5015 #5000 ServerName re.pt ServerAlias www.re.pt SetHandler "proxy:fcgi://127.0.0.1:9056" php_admin_value open_basedir /home/hosting/re.pt/:/tmp/:/usr/share/php/ php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f re.pt at fastweb.dal.pt" php_admin_value session.save_path /tmp/ etc etc From mysql.jorge at decimal.pt Fri Jan 6 15:44:32 2017 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Fri, 6 Jan 2017 14:44:32 -0000 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <20170106115845.GA16819@sesse.net> References: <000001d267ac$011f9ad0$035ed070$@jorge> <20170106115845.GA16819@sesse.net> Message-ID: Hi Steiner, > PHP shows the wrong value for uid/gid. Verify that you are _actually_ > running as the user you think you are. > My real issue is what i said in the previous email, I'm running some vhosts with php fpm, and since fpm run's with just one user it was running with www-data default webserver's user. Question is, can I tell fpm to use the itk inside FilesMatch? I think no but if you can confirm my vhost is: AssignUserID #5015 #5000 ServerName re.pt ServerAlias www.re.pt SetHandler "proxy:fcgi://127.0.0.1:9056" php_admin_value open_basedir /home/hosting/re.pt/:/tmp/:/usr/share/php/ php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f re.pt at fastweb.dal.pt" php_admin_value session.save_path /tmp/ etc etc From znews at 13fr.com Fri Jan 6 21:53:49 2017 From: znews at 13fr.com (ZNews) Date: Fri, 6 Jan 2017 21:53:49 +0100 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <000901d2683d$2021de70$60659b50$@jorge@decimal.pt> References: <000001d267ac$011f9ad0$035ed070$@jorge> <20170106115845.GA16819@sesse.net> <000901d2683d$2021de70$60659b50$@jorge@decimal.pt> Message-ID: <37a7e90d-43e2-a0ac-7fd7-4f7ac4d4dc9e@13fr.com> Hi, You can try this: 1. Create a php-fpm pool for each user you need: - copy the default www config file /etc/php/7.0/fpm/pool.d/www.conf (path on my ubuntu 16.04 server) - change the pool name at the top: [www] -> [newpoolname] - set user and group as needed just few line below - change the listen variable to a unique file for this pool /run/php/php7.0-fpm.sock -> /run/php/php7.0-fpm_newpoolname.sock - at the end of the config file, set the php settings you need: php_admin_value[doc_root] = "/home/hosting/re.pt/" php_admin_value[open_basedir] = "/home/hosting/re.pt/:/tmp/:/usr/share/php/" 2. Update your vhost config to use new pool Alias /php7-fcgi /usr/lib/cgi-bin/php7-fcgi-newpoolname FastCgiExternalServer /usr/lib/cgi-bin/php7-fcgi-newpoolname -socket /var/run/php/php7.0-fpm_newpoolname.sock -pass-header Authorization Require all granted 3. restart php-fpm and apache2 I'm using mpm_itk on a multi-user server, however I'm using this kind of configuration with mpm-event, not itk. To use with itk, you might want to match your cgi proxy rather than my mod_fastcgi. .Alex. Le 06/01/2017 ? 17:51, Jorge Bastos a ?crit : > Hi Steiner, > >>> Any idea where should I start? I havent changed my configuration. >> PHP shows the wrong value for uid/gid. Verify that you are _actually_ >> running as the user you think you are. >> > My real issue is what i said in the previous email, > I'm running some vhosts with php fpm, and since fpm run's with just one user > it was running with www-data default webserver's user. > > Question is, can I tell fpm to use the itk inside FilesMatch? > I think no but if you can confirm > > > my vhost is: > > > AssignUserID #5015 #5000 > ServerName re.pt > ServerAlias www.re.pt > > > SetHandler "proxy:fcgi://127.0.0.1:9056" > > > php_admin_value open_basedir > /home/hosting/re.pt/:/tmp/:/usr/share/php/ > php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f > re.pt at fastweb.dal.pt" > php_admin_value session.save_path /tmp/ > > etc etc > > > _______________________________________________ > mpm-itk mailing list > mpm-itk at err.no > http://lists.err.no/mailman/listinfo/mpm-itk From mysql.jorge at decimal.pt Sat Jan 7 02:35:47 2017 From: mysql.jorge at decimal.pt (Jorge Bastos) Date: Sat, 07 Jan 2017 01:35:47 +0000 Subject: [mpm-itk] ITK and php7+apache 2.4.25 In-Reply-To: <37a7e90d-43e2-a0ac-7fd7-4f7ac4d4dc9e@13fr.com> References: <000001d267ac$011f9ad0$035ed070$@jorge> <20170106115845.GA16819@sesse.net> <000901d2683d$2021de70$60659b50$@jorge@decimal.pt> <37a7e90d-43e2-a0ac-7fd7-4f7ac4d4dc9e@13fr.com> Message-ID: <2c2674adde555921816d200784358a48@decimal.pt> Hi Alex, Thanks for tip, didn't know i could run several pools for FPM. Thing is, it doesn't support numeric ID's, only system users :( On 2017-01-06 20:53, ZNews wrote: > Hi, > > You can try this: > > 1. Create a php-?fpm pool for each user you need: > -? copy the default www config file /?etc/?php/?7.0/?fpm/?pool.d/?www.conf [1] (path on my ubuntu 16.04 server) > -? change the pool name at the top: [www] -?> [newpoolname] > -? set user and group as needed just few line below > -? change the listen variable to a unique file for this pool /?run/?php/?php7.0-?fpm.sock -?> /?run/?php/?php7.0-?fpm_newpoolname.sock > -? at the end of the config file, set the php settings you need: > php_admin_value[doc_root] = "/?home/?hosting/?re.pt/?" > php_admin_value[open_basedir] = "/?home/?hosting/?re.pt/?:/?tmp/?:/?usr/?share/?php/?" > > 2. Update your vhost config to use new pool > > Alias /?php7-?fcgi /?usr/?lib/?cgi-?bin/?php7-?fcgi-?newpoolname > FastCgiExternalServer /?usr/?lib/?cgi-?bin/?php7-?fcgi-?newpoolname -?socket /?var/?run/?php/?php7.0-?fpm_newpoolname.sock -?pass-?header Authorization > > Require all granted > > > > 3. restart php-?fpm and apache2 > > I'm using mpm_itk on a multi-?user server, however I'm using this kind of configuration with mpm-?event, not itk. > > To use with itk, you might want to match your cgi proxy rather than my mod_fastcgi. > > .Alex. > > Le 06/?01/?2017 ? 17:51, Jorge Bastos a ?crit : Hi Steiner, > > Any idea where should I start? I havent changed my configuration. PHP shows the wrong value for uid/?gid. Verify that you are _actually_ > running as the user you think you are. My real issue is what i said in the previous email, I'm running some vhosts with php fpm, and since fpm run's with just one user it was running with www-?data default webserver's user. Question is, can I tell fpm to use the itk inside FilesMatch? I think no but if you can confirm my vhost is: AssignUserID #5015 #5000 ServerName re.pt ServerAlias www.re.pt [2] SetHandler "proxy:fcgi:/?/?127.0.0.1:9056" php_admin_value open_basedir /?home/?hosting/?re.pt/?:/?tmp/?:/?usr/?share/?php/? php_admin_value sendmail_path "/?usr/?sbin/?sendmail -?t -?i -?f re.pt at fastweb.dal.pt" php_admin_value session.save_path /?tmp/? etc etc _______________________________________________ mpm-?itk mailing list mpm-itk at err.no http://lists.err.no/mailman/listinfo/mpm-itk [3] Links: ------ [1] http://www.conf [2] http://www.re.pt [3] http://lists.err.no/mailman/listinfo/mpm-itk -------------- next part -------------- An HTML attachment was scrubbed... URL: From jean at phpnet.org Wed Jan 18 14:39:26 2017 From: jean at phpnet.org (Jean Weisbuch) Date: Wed, 18 Jan 2017 14:39:26 +0100 Subject: [mpm-itk] Access to ap_has_irreversibly_setuid from a third party module Message-ID: I need to access to "ap_has_irreversibly_setuid" from a third party module (https://devel.npulse.net/Jb-boin/installer/src/master/ext_modules/mod_vhs), right now it does that : if (vhr->itk_enable) { module *mpm_itk_module = ap_find_linked_module("mpm_itk.c"); if (mpm_itk_module == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "vhs_itk_post_read: mpm_itk.c is not loaded"); return HTTP_INTERNAL_SERVER_ERROR; } [...] extern AP_DECLARE_DATA int ap_has_irreversibly_setuid; // If ITK already dropped the privileges for this connection and this virtualhost needs yet another UID/GID, it will close the connection so the client can open a new connection for this query ## if (ap_has_irreversibly_setuid) { [...] } } vhr->itk_enable is set by a configuration directive to enable the itk support of the module (which is optional). The problem is that if the mpm_itk module is not loaded, httpd returns a fatal error even if the itk support of the module has been set to Off : |httpd: Syntax error on line XXX of httpd.conf: Syntax error on line XX of httpd.conf: Cannot load modules/mod_vhs.so into server: XXX/mod_vhs.so: undefined symbol: ap_has_irreversibly_setuid| Is there a way to avoid this error without having to compile the module with itk support disabled so the module could be "distributed" and used on setup that might or might not have itk loaded or that unloading the itk module wont break the service? -------------- next part -------------- An HTML attachment was scrubbed... URL: