Permissions on PHP file uploads are a little weird.

[brettdavidsonnz]

Ownership is :

-r-sr-xr-x 1 root www 10780 Feb 14 16:17 lscgid.3.3.4

[mistwang]

Looks correct.
Is there any security option in FreeBSD to disable setuid?
Is it possible to PM me a temp root ssh access?

[brettdavidsonnz]

There is but it is not utilised. (We have other programs running setuid successfully).

ssh access "PMed" to you. :-)

[mistwang]

OK, after add environment variable "LSAPI_PPID_NO_CHECK" to lsphp5 external app configuration to prevent lsphp5 quit immediately, ps -aux shows that lsphp5 does run as "noc" user, so php suEXEC works properly.

[mistwang]

FYI:
http://www.litespeedtech.com/support...ead.php?t=1587

[brettdavidsonnz]

OK then. Now back to the original question.

It appears that the owner is now noc when using the move_uploaded_file function. Weird. I didn't change anything. Good that it's working however.

The group is still wheel though.
I have setting the ForceGID option but this does not appear to work, even with a complete hard restart of the server.

[brettdavidsonnz]

Thanks for the above link. Now I understand why the user was wrong and why the PPID check fixes it.

Any ideas about group ownership?

[mistwang]

Do you know how to check the gid of a process? maybe run "id" command from php script?

I just want to make sure the group id of lsphp5 is not "wheel". If it is, I will look into the code of lscgid.

BTW: please upgrade to 3.3.5 package first.

[mistwang]

Have you change the ownership of files/directories under lsws/conf?

Code:

drwx------  2 root  www    512 Feb 14 16:17 cert
-rw-------  1 root  www   3320 Feb 14 16:17 mime.properties
drwx------  2 root  www    512 Feb 14 16:17 templates

It will break the web console, all should be owned by "www".

[brettdavidsonnz]

No. Web console was working this morning.

Since you've been on the system, I can no longer access the server configuration pages.