Support

mistwang · #11 08-27-2009, 05:47 PM

It is not recommended and the risk is on your own, but if you really want, you can change files/directories owned by lsadm back to the old user account. restart LSWS.
Or, you can run the installer of the older release, do a manual upgrade, you can back to the older release. you will stuck with the old release.

raphidae · #12 08-27-2009, 06:27 PM

Well, I rather not downgrade of course, but I have other things (scripts etc.) that may read or write the config files and changing the owner of these files will require a total overhaul of the file permissions.

I'm sure splitting the ownership is a good idea security-wise, but I would expect such a change to be noted in really big red letters in the changelog, followed by an explaination of what exactly is changed so that preparations can be made.

Have you considered to make the change an option for a couple of releases so that people have time to ajust their environments to this change? You should at least incorporate some kind of check in the installer and alert users that the permissions need to be changed, now it upgrades correctly continues to serve correctly but completely breaks the web console without any direct link to the upgrade.

Most of the users will probably use some control panel or an apache config file, but I was glad with the XML format and have integrated the configuration of vhosts into our intranet. This simple change means that we need to re-think the entire setup and requires a testserver and extensive testing, etc.

In my opinion changes that need a change in the environment require at least a minor version bump, not just a revision increment.

Also, I am really unconfortable with software updates that silently add users to my system. Especially because it choose an inappropriate UID, which I would need to correct by hand.

MikeDVB · #13 09-04-2009, 12:51 PM

Quote:

Originally Posted by raphidae

Also, I would like to ask you to properly document such changes in the version history, because for me 'changing the admin to suExec' does not mean add a new user and require changing the file permissions on a zillion vhosts.

I upgraded to 4.0.10 on 3 servers and did not have any issues at all with any permissions. How did you perform the upgrade?

Quote:

Originally Posted by raphidae

I'm sure splitting the ownership is a good idea security-wise, but I would expect such a change to be noted in really big red letters in the changelog, followed by an explaination of what exactly is changed so that preparations can be made.

I do agree that it could have been explained a tad better for those doing custom things

Quote:

Originally Posted by raphidae

Have you considered to make the change an option for a couple of releases so that people have time to ajust their environments to this change? You should at least incorporate some kind of check in the installer and alert users that the permissions need to be changed, now it upgrades correctly continues to serve correctly but completely breaks the web console without any direct link to the upgrade.

Again, I had no problems at all during the upgrades - how did you perform the upgrade?

raphidae · #14 09-04-2009, 01:31 PM

I performed the upgrade by downloading the package and running ./install.sh

And I'm curious as to what your permissions on the config files are then, because if they are world writable then there would be no issues indeed.

MikeDVB · #15 09-04-2009, 01:44 PM

Hmm, nope

Code:

root@atlantis [/usr/local/lsws/conf]# ls -l
total 88
drwx------  4 lsadm lsadm  4096 Sep  4 16:08 ./
drwxr-xr-x 15 root  root   4096 Jul 18 17:24 ../
drwx------  2 lsadm lsadm  4096 Jul 18 17:24 cert/
-rw-r--r--  1 lsadm lsadm 11603 Sep  4 16:08 httpd_config.xml
-rw-------  1 root  root   2418 Sep  4 15:26 httpd_config.xml.rej
-rw-r-----  1 lsadm lsadm     0 Sep  3 19:03 .last
-rw-------  1 root  root    256 Sep  4 15:26 license.key
-rw-r-----  1 lsadm lsadm  1810 Sep  3 14:25 license_proxy.xml
-rw-------  1 lsadm lsadm  3849 Jul 18 17:24 mime.properties
-rw-r-----  1 lsadm lsadm     0 Aug 18 18:13 .restart
-rw-r--r--  1 root  root     19 Sep  4 15:26 serial.no
drwx------  2 lsadm lsadm  4096 Jul 18 17:24 templates/
-rw-r-----  1 lsadm lsadm  1806 Sep  2 19:22 update_proxy.xml

Exactly as it was configured by the installation.

raphidae · #16 09-04-2009, 01:46 PM

How about the per-vhost config files, because those are the problem.

MikeDVB · #17 09-04-2009, 01:56 PM

Quote:

Originally Posted by raphidae

How about the per-vhost config files, because those are the problem.

Ah, ok so that makes a bit more since

We're running cPanel on the said servers and are not using the LSWS vhost configuration files so I'm not sure about that.

PSS · #18 09-27-2009, 01:31 PM

I agree 100% with what raphidae said. Litespeed is a beautiful piece of engineering and well worth the investment, but PLEASE do not ruin it by taking things for granted. We need more documentation, how-to's and clear and detailed changelogs. On a clean install, created new virtual host and:

*failed to create file /ownpath/towww/youdomain/conf/vhconf.xml

I created the file by hand, set chmod/chown/chgrp and all I can think of, and same error. This thread here explains the reason.