conf/vhconf.xml is not a valid file AFTER upgrade

Discussion in 'Install/Configuration' started by ikiji, Jun 13, 2012.

  1. ikiji

    ikiji New Member

    Hi,

    Ok, so we have a few sites on a CentOS VPS.

    Each site is inside:

    /home/<user1>
    /home/<user2>
    etc

    Permissions of /home/ are set as:
    USER GROUP DIRECTORY
    drwx--x--- 6 user1 user1 4096 Oct 23 2011 user1
    drwx--x--- 6 user2 user2 4096 Oct 23 2011 user2


    We issue the commands:
    usermod -a -G user1 lsadm
    usermod -a -G user1 nobody


    Then when we go into Configuration -> Virtual Hosts and the site for user1 we can update the settings and the vhconf.xml is written to fine.

    Every so often, when coming back to the LiteSpeed admin to look at the config for a site, we get the dreaded red writing error message saying the vhconf.xml is not present/accessible.

    Issuing the first usermod command as above and a graceful restart fixes it

    I've noticed this happening AFTER each upgrade and need to monitor and see if that was coincidence or not.

    Can anyone think why 'user1' would be disappearing from the group 'lsadm'?
    Is the upgrade for some reason resetting the group?

    Any help/suggestions for securing the sites better would be much appreciated.
  2. NiteWave

    NiteWave Administrator

    what's the permission of conf/, conf/vhconf.xml ?
  3. ikiji

    ikiji New Member

    Hi

    /home/user1:

    drwxrwxr-x 2 user1 user1 4096 Nov 27 2011 conf
    -rw-r--r-- 1 lsadm lsadm 831 Nov 27 2011 vhconf.xml

    As mentioned, it works fine after adding user1 to the lsadm group

    BUT

    Why would an upgrade touch group assigments?
    I'm finding that it stops working and that by re-issuing the usermod command it starts working again.

    Many thanks
  4. NiteWave

    NiteWave Administrator

    I can reproduce the issue you reported on centOS:
    #groups lsadm
    lsadm : lsadm nobody user1

    after upgrade:
    #groups lsadm
    lsadm : lsadm nobody

    and it can be fixed by change line 905 of functions.sh from
    usermod -G $WS_GROUP lsadm
    to
    usermod -a -G $WS_GROUP lsadm

    we'll estimate if this change has any other side effect.

    however, is it a good practice?
    assume you have 1000 users, will you add lsadm to all these 1000 groups?
  5. ikiji

    ikiji New Member

    Hi NiteWave,

    Thank you.

    More than happy to look at how we have it setup if you can 'recommend' a better method for securing each user's space?
  6. NiteWave

    NiteWave Administrator

    not sure, maybe you can refer
    Virtual Host Templates -> EasyRailsWithSuEXEC
  7. ikiji

    ikiji New Member

    Is that going to tell us the best users/groups to run things under?

    We don't plan on this server having max of more than 5 sites.

    So is what we've got that bad practice?
  8. NiteWave

    NiteWave Administrator

    if so, your way is ok and not a problem. just searched, a user(here lsadm) belonging to max number of groups is 32 or 16. if only 5 users, I think it's ok.

    please wait for our development's investigation result.
  9. ikiji

    ikiji New Member

    Always keen to ensure we're following best practices.

    So if anyone can suggest the best way to run Litespeed?

    If we set each home/user/ as 'lsadm' then they could see each other's content, hence why we did it they way we did.
  10. mistwang

    mistwang LiteSpeed Staff

    applied to functions.sh
  11. ikiji

    ikiji New Member

    ... which will be in the next release?

    Thank you.

    At least I'm not going mad, thought there were gremlins on the server ;)

Share This Page