Problem with CustomLog (at DirectAdmin server)

[slimak]

Hello,
yesterday I do some tests and installed LiteSpeed at DirectAdmin box. I found only problem with logs. In every virtual host are lines:

Code:

CustomLog /var/log/httpd/domains/$domain.com.bytes bytes
CustomLog /var/log/httpd/domains/$domain.com.log combined
ErrorLog /var/log/httpd/domains/$domain.com.error.log

In main httpd.conf are lines:

Code:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%b" bytes

The problems is with byteslog (they doesn't be create, so the bandwidth usage isn't counted). Also the $domain.com.error.log doesn't be create, but these logs are in main lsws error.log file, so I don't thing this is a bug. The combined logs seems to be ok.

[slimak]

Today I found two another problems:

1. In every virtual host are lines like:

Code:

<VirtualHost $ip:80>
...
        <Directory /home/$user/domains/$domain/public_html>
                ...
                php_admin_value open_basedir /home/$user/:/tmp/:/usr/local/lib/php/
        </Directory>
</VirtualHost>

The problem is that their works for all virtual host, especially for aliases (from /var/www/html). Every thing is ok when I change the first line to:

Code:

        <Directory ~ /home/$user/domains/$domain/public_html>

2. The second problem is with webmails installed by DirectAdmin and phpsuexec. They created files in /var/www/html (e.g. /var/www/html/uebimiau/tmp). When I enter webmail by hostname (http://server_hostname/webmail/) then it's ok, but when I enter it by user domain then I have no permissions to write tmp folder. Changing permissions to tmp folder doesn't help, because webmails override them - for the first user will be ok, but for the second no. I see to solutions:
a) force apache:apache for php scripts in /var/www/html
b) I could move the "User $user" and "Group $group" lines to directory directive in virtual hosts, but currently the lines User&Group doesn't work in such situation.

[mistwang]

We will treat directadmin's byte log as a special case. Custom access log is not supported in standard edition, and this feature is not available via Apache's httpd.conf.

Can you please clarify what exactly is the problem #1?

I guess it is that "php_admin_value" should not be applied to alias?
The reason LSWS does that is because LSWS combind implementation of <directory><location> and alias directives all together as a "Context", so those configurations were inherited with alias. We will change our implementation to match Apache's.

For problem #2, does DirectAdmin + Apache run the webmails under user "apache:apache" without suexec for all user accounts? Is there any special directives in httpd.conf for this?
I have a sample directadmin httpd.conf file, seems directadmin only uses "SuexecUserGroup" at <VirtualHost ...> level.
"/webmail" is a server wide alias. I think suexec should be used for the entire virtual host, including aliases, for the sake of security.

[mistwang]

updated 3.0 package should have the log file and problem #1 addressed. We have no good idea about the second problem yet.

[slimak]

#0. The bytes log problem still occur.

#1. Now it's ok.

#2. Yes, it does. DirectAdmin + Apache doesn't have phpsuexec by default. There is possibility to install suphp. Scripts in suphp (configured for DA) run by the owner of file (not owner of the document_root). When the owner is root (e. g. script in /var/www/html), then the scripts are run under "apache:apache"

"I think suexec should be used for the entire virtual host, including aliases, for the sake of security." - I suppose so, by in that case some scripts (webmails) installed by DirectAdmin in /var/www/html won't work, so there should be possibility to disable/force phpsuexec for some directories.

[slimak]

#2. I did some changes in configuration of webmails and now their works. I did two changes:

1. in file /var/www/html/webmail/inc/config.php I changes $temporary_directory... to:

Code:

$uidinfo = posix_getpwuid(posix_getuid());
$temporary_directory = (($uidinfo['name']=='apache')?'tmp/':"/home/".$uidinfo['name']."/webmail/uebimiau/");

2. in file /var/www/html/squirrelmail/config I inserted after line "$data_dir = SM_PATH . 'data/';" these lines:

Code:

$uidinfo = posix_getpwuid(posix_getuid());
if($uidinfo['name']!='apache') {
    @mkdir("/home/".$uidinfo['name']."/webmail");
    @mkdir("/home/".$uidinfo['name']."/webmail/squirrelmail");
    $data_dir = "/home/".$uidinfo['name']."/webmail/squirrelmail/";
}

Now the webmails temporary files are stored in /home/$user/webmail/ directory.

[mistwang]

For bytes log file, I tried a sample DA httpd.conf, the bytes log file get created on my server. Are you sure it is not a permission problem?

[slimak]

Yes, that isn't a permission problem. I deleted all files from /var/log/httpd. The files are created, but all $domain.bytes files are always empty.

Today I found another problem. In every VH is line:
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
It sets the sendmail_path to '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|' and in that case the mail() function in PHP doesn't work. It should be set to:
/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN| (with out the ' ').