4.0.10 suEXEC

#1
We were using LiteSpeed for a while. To change configuration files we used to:
(1) edit httpd_config.xml and domain.xml files locally
(2) upload .xml files to the server via ssh
(3) restart the server via ssh

This works fine for 4.0.9 and previous versions but when we do it with 4.0.10 the admin login page shows session errors though the server starts correctly.

These are the permissions of uploaded files:
httpd_config.xml rw-r-----
domain.xml rw-------

What have we add to the script in order to avoid the session errors? Should we change the ownership of sess_* files?
 

mistwang

LiteSpeed Staff
#5
the admin console run as lsadm:lsadm for 4.0.10, no long as the user that web sever run as for better security. You should change your upload file permission accordingly.

For PHP session error, check the permission of lsws/admin/tmp and the session file in it. should be owned by lsadm for 4.0.10.
 
#6
cd /opt/lsws/conf
ls -l

drwx------ 2 lsadm lsadm 4096 Feb 4 2009 cert
-rw-r----- 1 lsadm lsadm 1072 Sep 5 19:10 domain1-com.xml
-rw-r----- 1 lsadm lsadm 1072 Sep 5 19:10 domain2-com.xml
-rw------- 1 lsadm lsadm 21187 Sep 5 19:10 httpd_config.xml
-rw------- 1 root root 256 Sep 5 19:08 license.key
-rw------- 1 lsadm lsadm 256 Aug 29 15:13 license.key.old
-rw------- 1 lsadm lsadm 3773 Feb 4 2009 mime.properties
-rw-r--r-- 1 root root 20 Sep 5 19:08 serial.no
drwx------ 2 lsadm lsadm 4096 Feb 4 2009 templates

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

cd ..
ls -l
drwxr-xr-x 9 root root 4096 Sep 5 03:02 add-ons
drwxr-xr-x 12 root root 4096 Sep 5 19:08 admin
drwx------ 8 lsadm lsadm 4096 Sep 4 08:08 autoupdate
drwxr-xr-x 2 root root 4096 Sep 5 19:08 bin
drwxrwxrwx 4 root root 4096 Sep 5 2009 conf
drwxr-xr-x 7 root root 4096 Feb 4 2009 DEFAULT
drwxr-xr-x 2 root root 4096 Feb 4 2009 docs
drwxr-xr-x 2 root root 4096 Apr 17 20:29 fcgi-bin
drwxr-xr-x 2 root root 4096 Feb 4 2009 lib
-rw-r--r-- 1 root root 6959 Sep 5 19:08 LICENSE
-rw-r--r-- 1 root root 2214 Sep 5 19:08 LICENSE.OpenLDAP
-rw-r--r-- 1 root root 6279 Sep 5 19:08 LICENSE.OpenSSL
-rw-r--r-- 1 root root 3208 Sep 5 19:08 LICENSE.PHP
drwxr-xr-x 2 root root 12288 Sep 5 22:39 logs
drwxr-xr-x 2 root root 4096 Feb 4 2009 php
drwx------ 2 lsadm lsadm 4096 Feb 4 2009 phpbuild
drwxr-xr-x 3 root root 4096 Feb 4 2009 share
-rw-r--r-- 1 root root 7 Sep 5 19:08 VERSION
 

auser

Super Moderator
#7
cd /opt/lsws/conf
ls -l

-rw-r----- 1 lsadm lsadm 1072 Sep 5 19:10 domain1-com.xml
-rw-r----- 1 lsadm lsadm 1072 Sep 5 19:10 domain2-com.xml
-rw------- 1 lsadm lsadm 21187 Sep 5 19:10 httpd_config.xml

cd ..
ls -l
drwxrwxrwx 4 root root 4096 Sep 5 2009 conf
so only user/group lsadm can read httpd_config.xml.
what user to run lshttpd?
you can check this by "ps -ef|grep lshttpd"
 
#8
Got it!

Here is the solution. It could be useful for anyone else.

After uploading .xml config files via ssh (as root), ownerships and permissions must be adjusted.

chown lsadm:lsadm /opt/lsws/conf/*.xml
chmod 600 /opt/lsws/conf/*.xml
chown lsadm:lsadm /opt/lsws/conf
chmod 700 /opt/lsws/conf
killall -9 lshttpd
/opt/lsws/bin/lswsctrl start

That's all. No session errors.
 
Top