Package: suphp-common
Version: 0.6.2-1+etch0
Severity: important
I always set the vhosts in Apache on my system to a path containing symlinks
from a general "website" directory to the website directory of the appropriate
user for ease of administration.
For example:
<VirtualHost *>
ServerAdmin [EMAIL PROTECTED]
ServerName www.example.com
DocumentRoot /www/hosts/www.example.com
<Directory /www/hosts/www.example.com/>
Options IncludesNoExec FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Order allow,deny
allow from all
</Directory>
...
However, /www (owned by root) points at /var/www
inside /var/www/hosts/ each site name (e.g. www.example.com) is a symlink owned
by root pointing at a website directory in the approriate user's home
directory, e.g.:
www.example.com -> /home/a_user/websites/www.example.com
where the contents of their home directory and sub-directories is all owned by
the user and their own group.
On accessing php pages, I get a 500 server error.
In the Apache error.log, it records the following:
SoftException in Application.cpp:499: Directory /www/hosts is not owned by
a_user
When I first installed suPHP I had a similar problem, resolved by changing
check_vhost_docroot from true to false in /etc/suphp/suphp.conf and I'm
wondering if this security fix is no longer respecting that setting?
I have reverted back to 0.6.2 for now, so the information below may be
misleading.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages suphp-common depends on:
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libgcc1 1:4.1.1-21 GCC support library
ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3
ii php5-cgi 5.2.0-8+etch10 server-side, HTML-embedded scripti
suphp-common recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]