Skip to main content

Disabling mod_mpm_itk caused lots of permissions problems

Comments

18 comments

  • andrew.n
    Make sure you have mod_suexec installed as well.
    0
  • psytanium
    Make sure you have mod_suexec installed as well.

    mod_suexec is installed. The probems triggered exactly when I change the PHP handler from CGI to suphp. Lots of folders are restricted and cannot found. Now I switched back to CGI, but I need mod_userdir to proceed with teh developement of a project.
    0
  • andrew.n
    hm and do you have custom permissions set on those folder? It shouldn't cause any issues normal.y
    0
  • cPRex Jurassic Moderator
    In general, you'll want to make sure that all files are 644 and all directories are 755. If the permissions are different than that, you'll run into issues with suPHP on the machine due to the way it handles user scripts.
    0
  • psytanium
    All files are 644 and folders 755, working well on CGI.. But on suPHP many websites have permissions errors. I don't know where to look for fixes.. I noticed if I change the permission to 777, things work again, but there is a lot of directories to change, i can't do it all.
    0
  • ffeingol
    Look in /var/log/apache2/suphp_log (from memory). suPHP will refuse to execute any PHP script with write set for group or world. The permissions errors are usually pretty obvious in the log.
    0
  • cPRex Jurassic Moderator
    @ffeingol is correct - you can check the main Apache log (/etc/apache2/logs/error_log) or the suPHP log (/etc/apache2/logs/suphp_log, which is also linked to the path that @ffeingol provided if that is easier to remember for you) and you should see the errors in one of those locations. With the errors you are describing there is almost certainly a permissions or ownership issue causing the problem. For security reasons, you don't want to set everything to 777, so fixing the root cause of the errors is the best way to get this resolved.
    0
  • cPRex Jurassic Moderator
    To add to the above, if you have too many permissions allowed to a file or directory, such as setting 777 on a file, and you are using suPHP, you'll see something like this in the Apache log on the system. This example may help you track down the error: [Tue Dec 15 12:15:05.803735 2020] [:error] [pid 865355:tid 47350949099264] [client 1.2.3.4:54904] SoftException in Application.cpp:261: File "/home/username/public_html/testdir/phpinfo.php" is writeable by group
    0
  • psytanium
    To add to the above, if you have too many permissions allowed to a file or directory, such as setting 777 on a file, and you are using suPHP, you'll see something like this in the Apache log on the system. This example may help you track down the error: [Tue Dec 15 12:15:05.803735 2020] [:error] [pid 865355:tid 47350949099264] [client 1.2.3.4:54904] SoftException in Application.cpp:261: File "/home/username/public_html/testdir/phpinfo.php" is writeable by group

    I checked one of the accounts logs errors: In "Latest suEXEC error log Messages : [2020-12-18 09:14:30]: uid: (1114/user) gid: (1116/user) cmd: ea-php73 In "Latest web server error log messages" : [Sat Dec 12 23:57:55.943708 2020] [cgi:error] [pid 7003] [client 13.66.139.97:14400] AH01215: PHP Warning: fwrite() expects parameter 1 to be resource, boolean given in /home/elementslb/public_html/system/library/log.php on line 31: /usr/local/cpanel/cgi-sys/ea-php56
    0
  • cPRex Jurassic Moderator
    I don't believe either of those messages would be related to your error, as the first is just a notification letting you know it's processing data, and the second is a warning, but not an actual error.
    0
  • psytanium
    I don't believe either of those messages would be related to your error, as the first is just a notification letting you know it's processing data, and the second is a warning, but not an actual error.

    all output errors are the same, nothing else. any idea where should i look ? when i switch back to CG all websites works well.
    0
  • cPRex Jurassic Moderator
    It's interesting that the latest web logs would be from December 12. Are you checking the main /etc/apache2/logs/error_log file when you are referencing the "latest web server error log messages"? That would be the place I'd start looking.
    0
  • psytanium
    It's interesting that the latest web logs would be from December 12. Are you checking the main /etc/apache2/logs/error_log file when you are referencing the "latest web server error log messages"? That would be the place I'd start looking.

    how can i browse /etc/apache2/logs/error_log from Terminal ?
    0
  • cPRex Jurassic Moderator
    If you have root access to the server you could run this command to perform that work while you load the page on the site causing the issues: tail -f /etc/apache2/logs/error_log
    That will let you watch the Apache log in real-time to see what errors are happening on the system.
    0
  • psytanium
    If you have root access to the server you could run this command to perform that work while you load the page on the site causing the issues: tail -f /etc/apache2/logs/error_log
    That will let you watch the Apache log in real-time to see what errors are happening on the system.

    Thank you for this important command line.. useful. The errors appeared when I browsed a website: [Sat Dec 19 19:26:54.868214 2020] [:error] [pid 1997] [client 94.187.3.79:58017] SoftException in Application.cpp:267: File "/home/user/public_html/livezilla/script.php" is writeable by group, referer: https://domain.com/livezilla/mobile/ [Sat Dec 19 19:26:54.868260 2020] [core:error] [pid 1997] [client 94.187.3.79:58017] End of script output before headers: script.php, referer: https://domain.com/livezilla/mobile/ [Sat Dec 19 19:27:07.355382 2020] [:error] [pid 2057] [client 94.187.3.79:58030] SoftException in Application.cpp:267: File "/home/user/public_html/livezilla/server.php" is writeable by group, referer: https://domain.com/index.php?route=common/home [Sat Dec 19 19:27:07.355437 2020] [core:error] [pid 2057] [client 94.187.3.79:58030] End of script output before headers: server.php, referer: https://domain.com/index.php?route=common/home
    0
  • cPRex Jurassic Moderator
    Great - those are exactly the errors I expected to happen. You'll want to make sure the permissions on the files are 644 and then those errors will stop happening. If the files themselves have the correct permissions, check the "livezilla" directory and make sure that is 755.
    0
  • psytanium
    Great - those are exactly the errors I expected to happen. You'll want to make sure the permissions on the files are 644 and then those errors will stop happening. If the files themselves have the correct permissions, check the "livezilla" directory and make sure that is 755.

    Permissions are correct, i checked the folders and files mentioned in the errors log
    0
  • cPRex Jurassic Moderator
    There must be a wrong permission at some point in the path, since it's giving the error saying Group has write permissions. If you aren't able to find the root cause, or believe the error message isn't correct, it would be best to speak with our team directly through a ticket so e can check that directly on the machine.
    0

Please sign in to leave a comment.