Support

brettdavidsonnz · #1 02-25-2008, 01:29 PM

Using a very basic forms/move_uploaded_file script to upload files to a host.

The host is loaded via the apache httpd.conf and is set to use suexec as a particular user:group. (Server is FreeBSD 6.3).

Files created with fwrite have correct user:group permissions but files uploaded with move_uploaded_file do not. They get the owner:group permissions of the backend lsws process.

Is this a known issue or am I doing something wrong?

mistwang · #2 02-25-2008, 05:13 PM

Please check the user id of lsphp processes. Please remove the old file and test again. if the file exist, the ownership will not be changed if upload again.

brettdavidsonnz · #3 02-25-2008, 05:50 PM

lsphp5 ownership is www so that will explain this issue.

Now then, if PHPsuEXEC is enabled and docroot UID is set, why would the process be owned by www?

Ownership when creating files works by (I assume) deciding this based on the directory ownership.

brettdavidsonnz · #4 02-25-2008, 05:56 PM

As a further note, the apache httpd.conf is loaded in via lsws' httpd_config.xml file. The systems uses Plesk.
This httpd.conf file in turn loads some includes (plesk.include) which then include a file for each domain (a httpd.include file within each domain).
The suexecUserGroup directive is set in these httpd.include files.

The system control panel shows the APVH virtual host entry and APVH listeners running. Does PHPsuEXEC only work with Litespeed listeners?

mistwang · #5 02-25-2008, 06:28 PM

can you PM me the login to LSWS admin console?

mistwang · #6 02-25-2008, 07:15 PM

I checked the server, it does use suexec for that vhost.
Can you please double check the suexecUserGroup configuration for that vhost. the user does exist.
And, you can send us your http.conf and included configuration file for analysis to bug @ litespeedtech ...

brettdavidsonnz · #7 02-25-2008, 07:53 PM

These have been emailed to the address you listed.

mistwang · #8 02-25-2008, 08:16 PM

One more question, does the server installed with "root" user? suExec only works when the user who run LSWS installer is "root". if you run the installer as "www" user, suexec will not work.

brettdavidsonnz · #9 02-26-2008, 11:40 AM

Yes. System installed as root but runs as www.

ps shows :

root 17697 0.0 0.1 5188 4240 ?? S 4:28PM 0:42.42 lshttpd (lshttpd.3.3.4)
root 17698 0.0 0.0 1296 692 ?? S 4:28PM 0:00.48 lscgid (lscgid.3.3.4)
www 17699 0.0 0.1 5156 4240 ?? S 4:28PM 0:33.41 lshttpd (lshttpd.3.3.4)
www 17700 0.0 0.1 5156 4236 ?? S 4:28PM 0:33.27 lshttpd (lshttpd.3.3.4)

mistwang · #10 02-26-2008, 11:49 AM

Can you please check the ownership and permission mask of lsws/bin/lscgid,
It should be owned by root with setuid bit set. suEXEC rely on it.