Chmod is broken with Litespeed

J

Jedis

Member
#1
#1
My host is telling me that chmod does not work correctly with Litespeed. Is this true?

I want my directories to be chmod 750 to prevent directory listing. They told me to use htaccess to prevent directory listing, but I don't want this global for my account and do not want to have to create an htaccess for each directory I want directory listing turned on.

The exact quote from them is the following:

"If you chmod your directories, you'll get a 404 error, not a permission error. It's the way litespeed is designed."

Someone please help! I chmod'd to 750 in the shell and directory listing is still working if I navigate there with a browser.

Any help is greatly appreciated, thank you!
 
N

NiteWave

Administrator
#2
#2
my test: if chmod 750 path/to/mydir
Code: 
[ERROR] Can not open directory for URI: path/to/mydir
>I chmod'd to 750 in the shell and directory listing is still working if I navigate there with a browser.

litespeed use lsws/share/autoindex/default.php to generate directory index.
so check if the user/group of lsphp and user/group of the directory matches.

for example, if lsphp run as nobody/nobody, and the directory's user/group also nobody/nobody, even if the directory's permission is set to 700, directory listing still working. in this case, change directory's user/group to jedis/jedis(for example) and set permission to 750, will prevent the directory listing.
 
J

Jedis

Member
#3
#3
Hi NiteWave,

Thanks for the response. I will do my best to answer your questions.

I can perform the chmod to the directory and do not get an error, but can still pull a directory list by navigating to that directory via a web browser. Litespeed seems to completely ignore the chmod, as if I never performed it, at least as far as chmod 750 is concerned.

My home folder permissions are set to myusername/myusername. I cannot seem to find the lsws directory in my jailed shell to check the permissions. It is not in /usr/local.

Is there anything else I can check on my end? Should I direct my host to this thread to read your response?

Any additional help you can provide would be greatly appreciated.

Thank you!
 
J

Jedis

Member
#5
#5
654 11237 10958 8 07:35 ? 00:00:01 lsphp5
654 12428 10958 6 07:35 ? 00:00:00 lsphp5
599 12434 10958 0 07:35 ? 00:00:00 lsphp5
myusername 12454 8309 0 07:35 ? 00:00:00 grep lsphp
 
N

NiteWave

Administrator
#6
#6
got to understand your situation.

your php run in suEXEC mode, which has same uid/gid as your home folder.

so auto directory indexing happens on a folder which has least 500 permission, include 750. unless you set the directory's permission to 000.

there is a possible way to implement your requirement: customize your own autoindex script. when directory permission is 750, then the script won't index.

there is a wiki page regarding customizing auto index script:
http://www.litespeedtech.com/support/wiki/doku.php?id=litespeed:wiki:autoindex

also please refer this forum thread:
http://www.litespeedtech.com/support/forum/showthread.php?t=3880&highlight=autoindex
 
J

Jedis

Member
#8
#8
mistwang said:
Just turn off directory indexing at the document root directory via .htaccess, all sub directories will be off by default.
Click to expand...
Jedis said:
They told me to use htaccess to prevent directory listing, but I don't want this global for my account and do not want to have to create an htaccess for each directory I want directory listing turned on.
Click to expand...
See above. I don't want a global .htaccess file.

Chmod really should be made to work correctly with LiteSpeed, like how it does with Apache. I was frustrated enough, I almost had them move me to a server that didn't have LiteSpeed and just had regular old Apache.
 
N

NiteWave

Administrator
#9
#9
please try:
1. copy the default.php to your home folder
Code: 
cp /usr/local/lsws/share/autoindex/default.php /home/myusername/test/myindex.php
2.edit .htaccess in your document root -- assume it's ~/public_html/.htaccess
add one line:
Code: 
alias /_autoindex/default.php /home/myusername/test/myindex.php
3.edit /home/myusername/test/myindex.php
change:
Code: 
function readDirList( $path, &$excludes, &$map )
{
        $handle = opendir( $path );
to
Code: 
function readDirList( $path, &$excludes, &$map )
{
        $perms = fileperms($path);
        if(($perms & 0x0004)==0)
        {
                return null;
        }
        $handle = opendir( $path );
Has tested above code sample at my local lsws. Please share with us if it works at your end as well.
 
J

Jedis

Member
#10
#10
NiteWave said:
please try:
1. copy the default.php to your home folder
Code: 
cp /usr/local/lsws/share/autoindex/default.php /home/myusername/test/myindex.php
Click to expand...
I can't find that file in my jailed shell. Is it available online somewhere so I can get a copy of default.php?

Thanks!
 
N

NiteWave

Administrator
#11
#11
Code: 
I can't find that file in my jailed shell. Is it available online somewhere so I can get a copy of default.php?
download the latest standard version(current 4.0.14) lsws to your site's host(or local PC). extract the .tar.gz file, default.php located at lsws-4.0.14/share/autoindex/default.php
 
A

AndrewT

Well-Known Member
#15
#15
Tell your host to create an include file for this and uncomment the relevant include line in the virtualhost for the domain. These includes exist specifically for things like this. A commented explanation of this is even provided in the httpd.conf by cPanel.
 
J

Jedis

Member
#16
#16
I told them and they said they can't (won't) do it because cPanel automatically generates them. Yes, I copied and pasted, word for word, what you said into my support ticket. That was their response.

They offered to move me to another server that uses Apache instead to get around the issue. I'm just going to drop the matter. Perhaps LiteSpeed can make it easier for users on shared hosting to make this change themself with future versions.

Thanks for the help here guys. Sorry it was for nothing.
 
You must log in or register to reply here.
Top