Problem with CustomLog (at DirectAdmin server)

[slimak]

Hello,
yesterday I do some tests and installed LiteSpeed at DirectAdmin box. I found only problem with logs. In every virtual host are lines:

CustomLog /var/log/httpd/domains/$domain.com.bytes bytes
CustomLog /var/log/httpd/domains/$domain.com.log combined
ErrorLog /var/log/httpd/domains/$domain.com.error.log

In main httpd.conf are lines:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%b" bytes

The problems is with byteslog (they doesn't be create, so the bandwidth usage isn't counted). Also the $domain.com.error.log doesn't be create, but these logs are in main lsws error.log file, so I don't thing this is a bug. The combined logs seems to be ok.

 

[slimak]

Answer

Today I found two another problems:

1. In every virtual host are lines like:

<VirtualHost $ip:80>
...
        <Directory /home/$user/domains/$domain/public_html>
                ...
                php_admin_value open_basedir /home/$user/:/tmp/:/usr/local/lib/php/
        </Directory>
</VirtualHost>

The problem is that their works for all virtual host, especially for aliases (from /var/www/html). Every thing is ok when I change the first line to:

        <Directory [B]~ [/B]/home/$user/domains/$domain/public_html>

2. The second problem is with webmails installed by DirectAdmin and phpsuexec. They created files in /var/www/html (e.g. /var/www/html/uebimiau/tmp). When I enter webmail by hostname (http://server_hostname/webmail/) then it's ok, but when I enter it by user domain then I have no permissions to write tmp folder. Changing permissions to tmp folder doesn't help, because webmails override them - for the first user will be ok, but for the second no. I see to solutions:
a) force apache:apache for php scripts in /var/www/html
b) I could move the "User $user" and "Group $group" lines to directory directive in virtual hosts, but currently the lines User&Group doesn't work in such situation.

 

[mistwang]

We will treat directadmin's byte log as a special case. Custom access log is not supported in standard edition, and this feature is not available via Apache's httpd.conf.

Can you please clarify what exactly is the problem #1?

I guess it is that "php_admin_value" should not be applied to alias?
The reason LSWS does that is because LSWS combind implementation of <directory><location> and alias directives all together as a "Context", so those configurations were inherited with alias. We will change our implementation to match Apache's.

For problem #2, does DirectAdmin + Apache run the webmails under user "apache:apache" without suexec for all user accounts? Is there any special directives in httpd.conf for this?
I have a sample directadmin httpd.conf file, seems directadmin only uses "SuexecUserGroup" at <VirtualHost ...> level.
"/webmail" is a server wide alias. I think suexec should be used for the entire virtual host, including aliases, for the sake of security.

 

[mistwang]

updated 3.0 package should have the log file and problem #1 addressed. We have no good idea about the second problem yet.

 

[slimak]

Answer

#0. The bytes log problem still occur.

#1. Now it's ok.

#2. Yes, it does. DirectAdmin + Apache doesn't have phpsuexec by default. There is possibility to install suphp. Scripts in suphp (configured for DA) run by the owner of file (not owner of the document_root). When the owner is root (e. g. script in /var/www/html), then the scripts are run under "apache:apache"

"I think suexec should be used for the entire virtual host, including aliases, for the sake of security." - I suppose so, by in that case some scripts (webmails) installed by DirectAdmin in /var/www/html won't work, so there should be possibility to disable/force phpsuexec for some directories.

 

[slimak]

Answer

#2. I did some changes in configuration of webmails and now their works. I did two changes:

1. in file /var/www/html/webmail/inc/config.php I changes $temporary_directory... to:

$uidinfo = posix_getpwuid(posix_getuid());
$temporary_directory = (($uidinfo['name']=='apache')?'tmp/':"/home/".$uidinfo['name']."/webmail/uebimiau/");

2. in file /var/www/html/squirrelmail/config I inserted after line "$data_dir = SM_PATH . 'data/';" these lines:

$uidinfo = posix_getpwuid(posix_getuid());
if($uidinfo['name']!='apache') {
    @mkdir("/home/".$uidinfo['name']."/webmail");
    @mkdir("/home/".$uidinfo['name']."/webmail/squirrelmail");
    $data_dir = "/home/".$uidinfo['name']."/webmail/squirrelmail/";
}

Now the webmails temporary files are stored in /home/$user/webmail/ directory.

 

[mistwang]

For bytes log file, I tried a sample DA httpd.conf, the bytes log file get created on my server. Are you sure it is not a permission problem?

 

[slimak]

Answer

Yes, that isn't a permission problem. I deleted all files from /var/log/httpd. The files are created, but all $domain.bytes files are always empty.

Today I found another problem. In every VH is line:
php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
It sets the sendmail_path to '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|' and in that case the mail() function in PHP doesn't work. It should be set to:
/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN| (with out the ' ').

 

[mistwang]

Thanks for the update.
Who own $domain.bytes files? Should be apache:apache.
The quoted string problem will be fixed in official 3.0 release.

 

[slimak]

Answer

Yes, the files are owned by apache:apache.

 

[mistwang]

What's the ownership and permission mask of its parent directories?
The file is created by the lshttpd run as root, chown to apache:apache, however, the lshttpd run as apache may not able to write to this file if permission of parent directories is not allowed.

We tried it again on our test server, it works.

Does $domain.com.error.log get created? It does on our test server.

 

[slimak]

Answer

The owner of /var/log/httpd/domains was root:nobody and permissions were 0710. I changed the owner to apache:nobody and now it works properly. Thank you for help.