I've recently setup an Ubuntu server that uses suPHP. I wanted to also use phpMyAdmin but found that there were some issues with getting it to work with phpMyAdmin. I found some work arounds while Googleing but nothing definitive. So this is how I did it.
The first problem I ran across was that suPHP would not allow phpMyAdmin to run because Ubuntu installs it into /usr/share/phpmyadmin rather than the default web document root /var/www. So suPHP would return the error " File "/usr/share/phpmyadmin/index.php" is not in document root of Vhost "/var/www." Some got around this by simply installing phpMyAdmin manually in /var/www but I'd rather let Ubuntu handle it. (suPHP would not allow symlinks either).
The easiest way to get around this would be to tell suPHP to ignore that security restriction by editing /etc/suphp/suphp.conf and change
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
to
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=false
But that screamed "SECURITY BREACH" to me so that was not an option.
So, what I did was make phpMyAdmin its own virtual host.
Edit Apache's phpMyAdmin config file:
sudo pico /etc/apache2/conf.d/phpmyadmin.conf
At the beginning of this file add:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /usr/share/phpmyadmin
At the end of the file, add
</VirtualHost>
Save by holding down the Control key and hit the o key. Then ctrl-x to exit.
Then, tell suPHP that /usr/share/phpmyadmin is okay:
sudo pico /etc/apache2/mods-available/suphp.conf
Add the following before "</IfModule>":
<Directory /usr/share/phpmyadmin>
suPHP_Engine on
</Directory>
And in /etc/suphp/suphp.conf, add phpmyadmin's directory to an allowed docroot:
;Path all scripts have to be in
docroot=/var/www:${HOME}/public_html:/usr/share/phpmyadmin
Now, after browsing to http://mysite.com/phpmyadmin, I got a 500 Internal Error message. Searching the logs, I found this message:
UID of script "/usr/share/phpmyadmin/index.php" is smaller than min_uid
Two issues. One is that the Ubuntu's phpMyAdmin install is owned by root. Easy fix:
sudo chown -R www-data:www-data /usr/share/phpmyadmin
But, still get the same error. So the second reason is that suPHP is configured to have a minimum UID of 100. www-data's UID is 33. So, edit suPHP's config to change the minimum to 33.
sudo pico /etc/suphp/suphp.conf
Change:
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
to:
; Minimum UID
min_uid=33
; Minimum GID
min_gid=33
Make sure you change the min_gid as well or else suPHP will still reject phpMyAdmin. I guess this could be a potential security issue as well but less of a one than letting web scripts have free rein outside their designated directories.
Now we have suPHP and phpMyAdmin working together!
"Invalid command 'suPHP_Engine', perhaps misspelled or defined by a module not included in the server configuration"
Here's the snippet (you may need to change your paths accordingly):
Alias /phpmyadmin /usr/share/phpmyadmin
suPHP_Engine Off
AddHandler php5-script .php
This way, suphp can be enabled/disabled without throwing errors when Apache loads its configuration files.
Alias /phpmyadmin /usr/share/phpmyadmin
suPHP_Engine Off
AddHandler php5-script .php
1) the one described in this post;
2) enable php5 and suphp but restrict php5 to only directory /usr/share. This is done editing the file /etc/apache2/mods-available/php5.conf, removing all content and adding:
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
So, all php files will be handled by suphp but files residing in /usr/share will be handled by php5.
What approach is more safety? Is there some performance issue with each one of these?
Kind regards,
Caju
thanks
Shouldn't unless it overwrites your config file. Usually Ubuntu will tell you before it does such things and give you the option to view, merge, overwrite, etc config files.
Start Prev 1 2 Next End