pizzicar

Great minds think alike

__________________
"Argue for your limitations, and sure enough, they are yours"

Skipdawg

I've had bad experiences with moves. So I thank you but bow out.

Like I told David if this all gets to where it is no longer fun I'll just walk away from it.

I don't need the stress. I started all this mostly for fun and partly for my ministry. Took it all online for I'm medically retired for health reasons. Doing this so far has been therapeutic.

But if I have to start stressing over if all I have done in the last well near 10 months ends up in the toilet. I will not start over again. I've had to do that to many times in real life.

I need a breather.........

__________________

David

Funny how theraputic stuff stresses people out. I do my music stuff to relieve stress and rant about things that frustrate me, and yet deadline times happen or writers block hits and bang!...stress. Makes no sense.

Are you the only one who runs your site?

__________________

Skipdawg

For now yes. But I am grooming 2 others to maybe step into a Admin roll down the road.

And that is part of the issue. I trust them but to a point as with anyone. I've been stabbed in the back to many times and once by one who claimed to be a best friend for over 15 years. So trust must be built. I'm very security oriented. layered security on my PC and passwords change often on everything.

With the 777 to 755 issue I myself could just change it when I'm working on something but when I make someone Admin in the forums they would be able to update and all to a point. Package manager and all. But if it was set to 755 and not working and I was away when something needed updating. Shoot at this rate I will have to stay around at all times.

Googling I am seeing that there seems to be issues with several blog scripts and this PHPsuexec too with chmod settings.

I may be blowing this out of the water but when anything look like it may threaten my comfort zone I get combative and and protective over what I have. Like I said I have put to much time in this already.

I'm just concerned.

__________________

cowboy

In all honesty, too much emphasis or blame is being put on file and folder permissions as the big bad culprit breaking existing scripts when a server is transformed to use PHP as a 'set user' application, phpsuexec.

New installs are not giving any problems with the su issue.

An example: Use this script to make a new folder on a server using phpsuexec. It makes a folder named testing and forces the permission to 777.
Then verify the permissions of the folder and you will see that it is set to 755.

PHPsuExec will not allow itself to make a folder which is against it's own internal rules.

The problem with 'upgrading' to phpsuexec is that files and folder being used have to be owned by the user. Before the upgrade they were owned by: the user, or, nobody, or root, and apache did not care and PHP using apache rules did not either.

Now, after the 'upgrade', phpsu will not let any other owner of a file tell it what to do. It only takes orders from the designated user.

When the su police see a file or folder owner other than that on the passport, (httpd.conf), it is not allowed on the homeland, PHPsuExec immediately issues a 'halt' order and shuts down all further script execution. The server is then at a total loss as what it is to do, so it issues the most basic error message, "Incomplete header" or as we know it "500 Internal Server Error" the apache version of "blue screen of death."

Think of su as the security line at the airport. It does not screen files or folders until they are called upon, thus, you can have 777 files and folders on your site without problems until they are called in the future. (Aliens always appear at the most inappropriate times.)

Now, since only the server administrator can change file ownership, the most important step after activating phpsuexec on a server, is that someone logged in as 'root' has to chown any file or folder which PHP will possibly ever use, to that of the user. You cannot chown yourself. You can use a PHP script to recurse your public_html directory to chmod provided the file or folder has an owner write permission. (Dedicated users can write your own perl script to parse your httpd.conf file and chown for your users in one step.) Other users will have to ask support to do this for you,

Or, you can do it yourself by downloading all of your files to your local computer, deleting them from the server, and uploading again. (You cannot use a backup as it generally maintains the owner and permissions.)

Since cPanel and most FTP clients do not show the ownership of files and folders, the user with a problem moves to the next logical step; blame the permissions. If your FTP client has an option for showing file ownership, make sure it is activated. If not, download another, I will suggest FileZilla, at least long enough to verify your owner and group. Your owner and group will both be your login username, or it's numerical equal. If your user and group are numbers and you have mixed numbers, you can find your number by uploading a file and see what number apache assigns you after the su directive has been activated.

After your site is converted, phpsuexec will take orders diligently from you and give you the security that no one else can get away with telling it to do something differently.

__________________
Where would you be if you were at the highest court in the land (US)?

pizzicar

Thanks Cowboy - thats the best description of how phpsuexec works that I have run across. It should be cut and pasted into a new message and pinned to the top.

__________________
"Argue for your limitations, and sure enough, they are yours"

Skipdawg

Yes thanks a whole lot cowboy. Awesome!

So the issue I need to focus on is the owner really and not the permissions primarily.
And if I upgrade Surpass should be able to address and handle all the needs to making sure all that is right.

I also posted a query on the SMF forum. Must have the gurus stumped or they are sleeping. No reply yet.

But understating this more thanks to cowboy's post I am more comfortable with what will be going on with PHPsuexec and any PHP scripts I may have setup. SMF or later Wordpress again and maybe a Gallery too. As soon as I find one I like. lol

3 cheers to cowboy!

__________________