Control Web Panel
WebPanel => PHP => Topic started by: lolite on November 24, 2016, 11:48:29 PM
-
hello admin Why I Want updates php time through php error switcher?
/usr/local/src/php-rebuild.sh: line 95: /scripts/add_alert: Permission denied
(http://i.imgur.com/76WqR17.png)
-
I have exactly the same error. Any solution for this?
-
You have problem with Folder/files permission
Maybe try to
chmod +x /usr/loca/src/php-rebuild.sh
-
Strange, I wanted to check permissions on php-rebuild.sh as you suggested, but I can't find it at /usr/local/src.
Did a system wide search but php-rebuild.sh is nowhere to be found!
Perhaps php-rebuild.sh is generated on the fly by the cwp software and deleted afterwards.
-
@karel,
When you rebuild php it uses the /tmp folder to retrieve all files, perhaps you made to many restrictions on your /tmp folder?
-
That could well be the case. The /tmp folder has these permissions 555. Only read and execute and owned by root, but no write permissions.
I used a CentOS 6.8 minimal install, updated it and installed CWP. The permissions were not altered by me. Shouldn't the CWP install script check this?
-
CWP has not that intelligence ;-) lol
when I did my first compile/rebuild I discovered in the log some missing programs, so I added the following, yum install -y ed re2c just make sure you check the log files for any missing ones.
I sugggest you secure /tmp in this way
nano /etc/fstab, as you can see I have added some setting when you compare mine with yours.
The noatime makes it even faster as it avoids writing access time, no need for temp files... just read up about that parameter ;-)
UUID=48e6de4c8ed0a /tmp ext4 defaults,noatime 1 2
UUID=231f1115b0c6c2 swap swap defaults,noatime 0 0
tmpfs /dev/shm tmpfs defaults,noexec,nosuid,nodev,noatime 0 0
Even better would be to create a seperated partition for /tmp so it is out of reach for your system, but still protect it as suggested, it really depends how strict you want to be in security, but with suPHP and modsecurity you are a little bit better off.
Install all the rest like maldet, rkhunter, rootkit and so on...
Hope that helps you.
-
### Also make sure you have the sticky bit set on /tmp in case you changed that folder to 555
chmod +t /tmp
I just noticed I pasted old document, please swap the settings as follow:
UUID=48e6de4c8ed0a /tmp ext4 defaults,noexec,nosuid,nodev,noatime 1 2
UUID=231f1115b0c6c2 swap swap defaults,noatime 0 0
tmpfs /dev/shm tmpfs defaults,noexec,nosuid,nodev,noatime 0 0
You have to reboot after making these changes, ignore my UUIDs as that's the hard disk id....
-
CWP has not that intelligence ;-) lol
I hoped the developers would be. :) But seriously, I'm impressed with CWP.
Will dig trough all the logfiles to see if I need to install some more with yum. :'(
I have made some adjustments to fstab according to your suggestions and will consider the proposed security measures. I'm the only user and just use it to host a few simple domains and as an ftp backup server for 2 external servers. Only port 80 and 21 are exposed to the outside world.
Thanks for your help and suggestions! :)
-
I'm the only user and just use it to host a few simple domains and as an ftp backup server for 2 external servers.
Even then you need full security, because your the only user at risk, please don't!!! secure it as if there are 50 users, also your backups need to be safe, no discussion about that ;-)