Support

sofatime · #11 07-17-2006, 10:30 AM

about group limit: I think Linux kernel 2.6 supports 65536 group memberships, older also only 32 (NGROUPS_MAX).

about php.ini: Sorry, I still don't get it: I didn't copy lsphp nor php.ini. lsphp is in chroot/opt/lsws/fcgi-bin and php.ini in chroot/opt/lsws/conf. In the virtual host configuration I used:
command: $SERVER_ROOT/fcgi-bin/lsphp
address: uds://tmp/lshttpd/$VH_NAME_php.sock
(btw: shouldn't I see the sock file in /tmp/lshttpd? there is none)

There is one other strange thing: In the global config I deleted the script handler (for testing), then re-created it, but php is not working in the global server anymore (php-files just get downloaded).

Any idea?
Thanks
Daniel

mistwang · #12 07-17-2006, 10:56 AM

OK, I see, it is more like that setuid PHP process do not have read permission on php.ini.

For the other problem, clearing your browser cache may help.

sofatime · #13 07-17-2006, 11:06 AM

You were absolutely right about both things. Working perfectly now!

Thank you
Daniel

Arkadius · #14 07-19-2006, 04:09 AM

I am still fighting with my Server to get it all up and working :

Whenever I enable the Listener I get the following Error ->

http://www.dorijan.de/lsws/error.jpg

i created the following application within lsws

then went into Security Tab and set these Options ->

then restarted the websever and boom 503.
nothing inside the logs except worker process started/stopped. no errors no nothing.

any ideas ?

and last but not least i selected General and set ->

mistwang · #15 07-19-2006, 08:26 AM

I don't think your chroot environment has been configured properly, it is not some thing would work by just setting the chroot path to an arbitrary path without substantial work involved. You need to learn more about setting up a chroot environment manually if you want to chroot at vhost level.

Our Enterprise edition can build a chroot environment easily at the server level. And it will give enough protection for the server along with CGI SuEXEC. Virtual host level chroot is not recommended unless you are really know what you are doing.

Arkadius · #16 07-19-2006, 10:50 PM

Hello mistwang,

I do not really need a full chroot on my server since no user is ever going to be able to login via ssh and if all scripts run under each users personal id there is no access to anything besides the dir they are supposed to use and the non execute mounted /tmp partition.
i never had to create full chroot environments on zeus or apache in order to use suexec.

while following the guide listed on
LiteSpeed Wiki
there is nothing about chroot written there at all so why would I need chroot suddenly ?

i was asking where to look for hints regarding the 503 error I am getting after setting up a 2nd lsphp application inside the vhost template which is an exact copy of the standard lsphp application. the logfiles dont show anything at all.

xing · #17 07-20-2006, 12:54 AM

suexec is just execution of external app under a different UID from that of the server. If you just need suexec, disable chroot, and set your "CGI Chroot Mode" to "Same as Server". Right now you have it set to vhost level and if you don't have a real chroot env in your vhost path, it will not work.

Chroot is a whole different matter from suexec and right based on your screen capture, you have both enabled.

As far as the lacking of log for your 503 errors, please enable debug logging level and set it to maxium. Recreate the 503 error and check log.

Will check to see if "$VH_NAME" variable replacement is actually supported in the Name and Address fields you have used.

Arkadius · #18 07-20-2006, 01:18 AM

i have now set CGI Chroot Mode as you requested.

this is the entry from the error.log set to DEBUG

Code:

2006-07-20 10:10:33.509 [DEBUG] [85.14.217.59:54689-0#dorijan.org] New request:
        Method=[GET], URI=[/uid.php5],
        QueryString=[]
        Content Length=0
2006-07-20 10:10:33.509 [DEBUG] [85.14.217.59:54689-0#dorijan.org] Find context with URI: [/], location: [/home/d00001/websites/dorijan.org/]
2006-07-20 10:10:33.510 [DEBUG] [85.14.217.59:54689-0#dorijan.org] Find handler [dorijan.org_lsphp] for [.php5]
2006-07-20 10:10:33.510 [DEBUG] [85.14.217.59:54689-0#dorijan.org] processContextPath() return 0
2006-07-20 10:10:33.510 [DEBUG] [85.14.217.59:54689-0#dorijan.org] run lsapi processor.
2006-07-20 10:10:33.510 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] reconnect()
2006-07-20 10:10:33.511 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onWrite()
2006-07-20 10:10:33.511 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] request header is done
2006-07-20 10:10:33.511 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::continueRead()
2006-07-20 10:10:33.511 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Request body done!
2006-07-20 10:10:33.511 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::suspendWrite()
2006-07-20 10:10:33.511 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] processNewReq() return 0.
2006-07-20 10:10:33.512 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onRead()
2006-07-20 10:10:33.512 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] LsapiConn::doRead()
2006-07-20 10:10:33.512 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] process packet header -1 bytes
2006-07-20 10:10:33.512 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] connection to [uds://tmp/lshttpd/dorijan.org_lsphp.sock] on request #1, error: Connection reset by peer!
2006-07-20 10:10:33.512 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] close()
2006-07-20 10:10:33.512 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] reconnect()
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onWrite()
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] request header is done
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::continueRead()
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Request body done!
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::suspendWrite()
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] close()
2006-07-20 10:10:33.513 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] reconnect()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onWrite()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] request header is done
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::continueRead()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Request body done!
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::suspendWrite()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onError()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onRead()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] LsapiConn::doRead()
2006-07-20 10:10:33.514 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] process packet header 0 bytes
2006-07-20 10:10:33.516 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onRead()
2006-07-20 10:10:33.516 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] LsapiConn::doRead()
2006-07-20 10:10:33.516 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] process packet header -1 bytes
2006-07-20 10:10:33.516 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] connection to [uds://tmp/lshttpd/dorijan.org_lsphp.sock] on request #1, error: Connection reset by peer!
2006-07-20 10:10:33.516 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] close()
2006-07-20 10:10:33.516 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] reconnect()
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::onWrite()
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] request header is done
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::continueRead()
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Request body done!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] ExtConn::suspendWrite()
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] [ExtConn] close()
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpIOLink::continueWrite()...
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] write resumed!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpIOLink::handleEvents() events=4!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpIOLink::suspendWrite()...
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpConnection::sendHttpError(),code=503 Service Unavailable
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpConnection::flush()!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Written to client: 637
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpConnection::nextRequest()!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpExtConnector::cleanUp() ...
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] abort request...
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] release ExtProcessor!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Non-KeepAlive, CLOSING!
2006-07-20 10:10:33.517 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Shutting down out-bound socket ...
2006-07-20 10:10:33.518 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] HttpIOLink::handleEvents() events=17!
2006-07-20 10:10:33.518 [DEBUG] [85.14.217.59:54689-0#dorijan.org:lsapi] Close socket ...

mistwang · #19 07-20-2006, 09:29 AM

The problem is in your lsphp configuration, "Memory soft limit (Bytes)" and "memory hard limit (Bytes)" is too low, should set to "100M" and "150M", by appending a "M". Should work.

Arkadius · #20 07-20-2006, 11:07 PM

thank you very much, it works perfekt now.