Help?!? LSWS no longer recognizing any of my folders as present?

Discussion in 'General' started by jdash, Aug 26, 2009.

  1. jdash

    jdash New Member

    I have several different domains served up on my server by lsws went to the control panel to add another added to the PHP Virtual Host Template went to Instantiate and it kept telling me the folder was not valid for the host root. After trying several times deleting, re-adding, etc. I went and clicked over to one of my existing domains and this is the error I am getting on every single one of them:

    /home/username/sites/domain.com/config/domain.com.xml is not a valid file.

    I checked the server settings still configured to use the www-data user group which the entire "sites" folder is configured under, I haven't changed anything with these folders, but all of a sudden they are "invisible" to LSWS.

    Help greatly appreciated!
  2. auser

    auser Super Moderator

    are you using latest 4.0.10?
  3. xendex

    xendex New Member

    Yes, I have the same problem with 4.0.10. I think that this happens due to AdminWebConsole suexec mode - so AWC cannot access vhost configuration files that are outside SERVER_ROOT, though server process can read them fine.
    Here is what admin console error.log is showing:
    Code:
    2009-08-26 14:22:02.634 [NOTICE] [MY_IP_ADDRESS:3730-3#_AdminVHost] [STDERR] PHP Warning:  is_file() [<a href='function.is-file'>function.is-file</a>]: Stat failed for /[path to con-file outside server root]/conf.xml (errno=13 - Permission denied) in /usr/local/lsws/admin/html.4.0.10/classes/XmlTreeBuilder.php on line 13
    2009-08-26 14:22:02.647 [NOTICE] [MY_IP_ADDRESS:3730-3#_AdminVHost] [STDERR] /[path to con-file outside server root]/conf.xml is not a valid file.
    Sounds like a bug...
  4. jdash

    jdash New Member

    Yes, I am using 4.0.10, in fact I redownloaded it from here and ran a manual upgrade just to make sure (all before I posted here)
  5. jdash

    jdash New Member

    I pulled up my error log getting the same thing:

    Code:
    2009-08-26 00:17:41.862 [NOTICE] [ipaddress-3#_AdminVHost] [STDERR] PHP Warning:  is_file() [<a href='function.is-file'>function.is-file</a>]: Stat failed for /**path to config**/config/domain.com.xml (errno=13 - Permission denied) in /usr/local/lsws/admin/html.4.0.10/classes/XmlTreeBuilder.php on line 13
    2009-08-26 00:17:41.862 [NOTICE] [ipaddress-3#_AdminVHost] [STDERR] /**path to config**/config/domain.com.xml is not a valid file.
    
    Last edited: Aug 26, 2009
  6. mistwang

    mistwang LiteSpeed Staff

    You need to update the file ownership and permission as the admin console is running in suEXEC mode with 4.0.10.

    make the configuration file owned by "lsadm" and make sure lsadm user/group can access the directory holding the configuration file.
  7. xendex

    xendex New Member

    Thanks, mistwang, that solves the problem.
    Just note, that it's needed to change owner(to lsadm) not only for the conf-file, but also for the destination folder that cantains this file.
  8. jdash

    jdash New Member

    Any security reason not to just add the lsadm user to the www-data group? That fixes the issue as well.
  9. mistwang

    mistwang LiteSpeed Staff

    Yes, you can do that.
    You still need to change the owner of configuration files to lsadm, otherwise, it cannot be changed via web console.

    The purpose of this is to prevent the user/group that lshttpd run as to access any configuration file, only the web console can.
  10. raphidae

    raphidae New Member

    How do I disable this or downgrade? My file permissions are just fine as-is.

    Also, I would like to ask you to properly document such changes in the version history, because for me 'changing the admin to suExec' does not mean add a new user and require changing the file permissions on a zillion vhosts.

    Thanks.
  11. mistwang

    mistwang LiteSpeed Staff

    It is not recommended and the risk is on your own, but if you really want, you can change files/directories owned by lsadm back to the old user account. restart LSWS.
    Or, you can run the installer of the older release, do a manual upgrade, you can back to the older release. you will stuck with the old release.
  12. raphidae

    raphidae New Member

    Well, I rather not downgrade of course, but I have other things (scripts etc.) that may read or write the config files and changing the owner of these files will require a total overhaul of the file permissions.

    I'm sure splitting the ownership is a good idea security-wise, but I would expect such a change to be noted in really big red letters in the changelog, followed by an explaination of what exactly is changed so that preparations can be made.

    Have you considered to make the change an option for a couple of releases so that people have time to ajust their environments to this change? You should at least incorporate some kind of check in the installer and alert users that the permissions need to be changed, now it upgrades correctly continues to serve correctly but completely breaks the web console without any direct link to the upgrade.

    Most of the users will probably use some control panel or an apache config file, but I was glad with the XML format and have integrated the configuration of vhosts into our intranet. This simple change means that we need to re-think the entire setup and requires a testserver and extensive testing, etc.

    In my opinion changes that need a change in the environment require at least a minor version bump, not just a revision increment.

    Also, I am really unconfortable with software updates that silently add users to my system. Especially because it choose an inappropriate UID, which I would need to correct by hand.
    Last edited: Aug 28, 2009
  13. MikeDVB

    MikeDVB New Member

    I upgraded to 4.0.10 on 3 servers and did not have any issues at all with any permissions. How did you perform the upgrade?

    I do agree that it could have been explained a tad better for those doing custom things :)

    Again, I had no problems at all during the upgrades - how did you perform the upgrade?
  14. raphidae

    raphidae New Member

    I performed the upgrade by downloading the package and running ./install.sh

    And I'm curious as to what your permissions on the config files are then, because if they are world writable then there would be no issues indeed.
  15. MikeDVB

    MikeDVB New Member

    Hmm, nope :)
    Code:
    root@atlantis [/usr/local/lsws/conf]# ls -l
    total 88
    drwx------  4 lsadm lsadm  4096 Sep  4 16:08 ./
    drwxr-xr-x 15 root  root   4096 Jul 18 17:24 ../
    drwx------  2 lsadm lsadm  4096 Jul 18 17:24 cert/
    -rw-r--r--  1 lsadm lsadm 11603 Sep  4 16:08 httpd_config.xml
    -rw-------  1 root  root   2418 Sep  4 15:26 httpd_config.xml.rej
    -rw-r-----  1 lsadm lsadm     0 Sep  3 19:03 .last
    -rw-------  1 root  root    256 Sep  4 15:26 license.key
    -rw-r-----  1 lsadm lsadm  1810 Sep  3 14:25 license_proxy.xml
    -rw-------  1 lsadm lsadm  3849 Jul 18 17:24 mime.properties
    -rw-r-----  1 lsadm lsadm     0 Aug 18 18:13 .restart
    -rw-r--r--  1 root  root     19 Sep  4 15:26 serial.no
    drwx------  2 lsadm lsadm  4096 Jul 18 17:24 templates/
    -rw-r-----  1 lsadm lsadm  1806 Sep  2 19:22 update_proxy.xml
    
    Exactly as it was configured by the installation.
  16. raphidae

    raphidae New Member

    How about the per-vhost config files, because those are the problem.
  17. MikeDVB

    MikeDVB New Member

    Ah, ok so that makes a bit more since :) We're running cPanel on the said servers and are not using the LSWS vhost configuration files so I'm not sure about that.
  18. PSS

    PSS Member

    I agree 100% with what raphidae said. Litespeed is a beautiful piece of engineering and well worth the investment, but PLEASE do not ruin it by taking things for granted. We need more documentation, how-to's and clear and detailed changelogs. On a clean install, created new virtual host and:

    *failed to create file /ownpath/towww/youdomain/conf/vhconf.xml

    I created the file by hand, set chmod/chown/chgrp and all I can think of, and same error. This thread here explains the reason.

Share This Page