At Cadent, we use Parallels Plesk Control Panel Software for Hosting on our servers (we’ve also used the open source Webmin and the commercial CPanel). Plesk has a great user interface, which our clients appreciate.
It also imposes its own way of doing things, which can be a bit of a pain when tracking down subtle issues with server configuration. Because Plesk rewrites many configuration files automatically, it’s really critical to ensure that I make any manual changes to the server configuration in the right place, or Plesk will overwrite my efforts without remorse.
The issue we needed to address was this: we installed Joomla! 1.0 on our development server, and Joomla reported the following configuration problems:
• Safe mode was on, needs to be off.
• The session directory was unwriteable.
PHP: Safe Mode is a global setting allows only a file's owner or group to execute the script or read a file. Clearly, this is a good thing for security reasons, but it is now officially deprecated in PHP 6, since it is not "architecturally" correct. Nevertheless, Joomla 1.0 wants it off. Since the server hosts multiple domains, we don’t want to turn off safe mode for the entire server, by changing the settings in /etc/php.ini. Instead, we want to implement it “locally,” as Joomla terms it. In Joomla 1.0, you can compare the local and master settings for PHP on the PHP Info tab, available from the administrator interface via System > System Info.
The session directory issue was also thornier than expected. After logging in as root and changing the permissions for the specified directory, and restarting Apache, Joomla still refused to recognize the changed status of the session directory -- even though I could see Joomla writing session files to the specified directory!
I logged in to the bash shell via ssh to check the directory permissions. A simple bash command lists permissions by file:
# ls -lh /var/www/vhosts/domain.com/httpdocs/
...
drwxr-xr-x 9 ftplogin psacln 4.0K Mar 11 10:42 administrator
drwxrwxrwx 2 ftplogin psacln 4.0K Mar 11 10:42 cache
-rw-r--r-- 1 ftplogin psacln 103K Mar 11 10:42 CHANGELOG.php
drwxrwxrwx 18 ftplogin psacln 4.0K Mar 18 02:52 components
...
The user name “ftplogin” is the account that uploads & maintains the file via FTP, and “psacln” is the Plesk group for ... something. Anyway, neither of these are “apache” and that’s the account that needs to execute the PHP scripts for Joomla to run.
At first, I thought there might be some conflict with PHP’s openbasedir (see the PHP: Safe Mode - Manual for details) but after checking to ensure that the session directory was in the openbasedir path, we determined the problem was elsewhere. Since openbasedir is associated with Safe Mode in PHP, it made sense to try to fix the Safe Mode issue first.
At first glance, this seems the perfect opportunity to use .htaccess files, but for some reason, this didn’t work. I turned to the Apache configuration files. The master configuration file, in /etc/httpd/conf/httpd.conf, is certainly not the place to make local settings changes. Plesk stores domain-level Apache configuration settings in
/var/www/vhosts/<domainname>/conf/httpd.include
but this isn’t the place to make changes either, as noted in the file header:
[root@domain.com ~]# cat /var/www/vhosts/domain.com/conf/httpd.include | head -8
# ATTENTION!
# DO NOT MODIFY THIS FILE OR ANY PART OF IT. THIS CAN RESULT IN IMPROPER PLESK
# FUNCTIONING OR FAILURE, CAUSE DAMAGE AND LOSS OF DATA. IF YOU REQUIRE CUSTOM
# MODIFICATIONS TO BE APPLIED TO THE CONFIGURATION, PLEASE, PERFORM THEM IN THE
# FOLLOWING FILE(S):
# /var/www/vhosts/domain.com/conf/vhost.conf
# /var/www/vhosts/domain.com/conf/vhost_ssl.conf
# /var/www/vhosts/domain.com/subdomains/<subdomain-name>/conf/vhost.conf
Note that I’ve substituted the generic “domain.com” for our actual domain name.
Since we are staging the site in a subdomain, I looked into the last option. After some difficulty, like the malformed config file that I wrote that prevented Apache from restarting, I succeeded with these steps:
1. Create a vhost.conf file with the correct directive in the specified directory.
2. Tell Plesk about the new vhost.conf file.
3. Restart Apache.
Those steps, executed correctly, fixed both the Safe Mode and the session directory issues. Here’s what I did at the command line, logged in as root (using ssh, obviously!)
Create vhost.conf file
Create the new file.
[root@server ~]# nano /var/www/vhosts/domain.com/subdomains/<subdomain-name>/conf/vhost.conf
Enter:
<Directory /var/www/vhosts/domain.com/subdomains/<subdomain-name>/httpdocs>
php_admin_flag safe_mode off
</Directory>
Save & exit.
Tell Plesk about the new vhost.conf file
[root@server ~]# /usr/local/psa/admin/sbin/websrvmng --reconfigure-vhost --vhost-name=domain.com
Restart Apache
[root@server ~]# /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Finally, check the settings in Joomla (System > System Info) -- all set!
If you don't want to be tied down to a desktop, you need direct access to your computer in the cloud. Since Firefox runs just about everywhere, it's a good place to start to set up a reliable way to access your accounts. Blog & Social Delicious Bookmarks is the recommended and official Firefox add-on for Delicious, the world's leading social bookmarking service (formerly del.icio.us). It integrates your bookmarks and tags with Firefox and keeps them in sync for easy, convenient access. Syncing slows down startup, though. ScribeFire Blog Editor is a blog editor that integrates with your browser and lets you easily post to your blog. They've also integrated their affiliate Quick Ads advertising program, which I haven't tried.
Comments
I'm having the same session problem, and at the moment, it looks like my options are:
1) Edit php.ini and change...
session.save_path = /var/lib/php/session/
...to...
session.save_path = /tmp/
...because tmp is one of the default directories that apache can write to in Plesk.
2) Create a vhosts.conf file with php_admin_value open_basedir and add /var/lib/php/session/ to the end of the line.
There's more info here...
http://www.sugarcrm.com/forums/showthread.php?t=5915
Thanks for your comment (above). I don't know if you are working with Joomla 1.0 or some other app (you include a link to Sugar CRM). The interaction between PHP Safe Mode and your app is quite specific to the application. For example, Joomla 1.5 doesn't even care about PHP Safe Mode, so the usefulness of these settings can change from version to version.
Having said that, I'd strongly recommend that you make all your configuration changes in a vhosts.conf file, instead of editing php.ini. The php.ini file, as you probably know, controls the global PHP configuration for your entire server, so any change you make here have security ramifications for your entire server. If you restrict your changes to a specific domain's vhosts.conf file, you are only risking the security of that domain, not the entire server.
Note that a change to the vhosts.conf file is a change to the Apache server settings, and if there is an error in the file, it can bring your entire web server to a stunning, crashing halt. So, test plenty, keep backups, and in a pinch, you can always rename vhosts.conf to something else (like vhosts.bak) and restart Apache to restore your original settings.
<Directory /var/www/vhosts/domain.com/httpdocs>
php_admin_flag safe_mode off
php_admin_flag magic_quotes_gpc on
php_admin_value session.save_path /tmp
php_admin_flag allow_url_fopen off
php_admin_flag display_errors on
</Directory>