Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
CentOS-WebPanel Bugs / Re: [not important] Small typo in standard vhosts template
« on: February 15, 2016, 06:17:24 AM »
Thank you very much for your reply.
According to this:
https://httpd.apache.org/docs/2.4/mod/directive-dict.html
Both, totally without quotes and with two double quotes are correct as long as it doesn't contains any spaces.
If it contains spaces then then it should be quoted using double quotes.
The original version using only one double quote at the beginning is not mentioned there, so maybe it could be fixed if the developers have time.
According to this:
https://httpd.apache.org/docs/2.4/mod/directive-dict.html
Both, totally without quotes and with two double quotes are correct as long as it doesn't contains any spaces.
If it contains spaces then then it should be quoted using double quotes.
The original version using only one double quote at the beginning is not mentioned there, so maybe it could be fixed if the developers have time.
32
CentOS-WebPanel Bugs / Re: Serious file owning issues (CWP Users own installation files)
« on: February 11, 2016, 07:33:21 AM »
I fixed the permissions and ownership manually and now the quotas make much more sense:
The user #1000 is from my VPS.
However I wonder where #119 and #507 come from, they own CWP installation files!
Not only is it wasting CWP user's quotas, but also
this whole file owning issue is a severe security issue in case of shell access for CWP users and needs to be addressed!
What will prevent it from happening again?
I guess nothing?
(Also it should be considered to change the default umask for the root user to 700 instead of 755, if possible.)
Code: [Select]
[root@xxx /]# repquota -a -s
*** Report for user quotas on device /dev/vzfs
Block grace time: 00:00; Inode grace time: 00:00
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
...
amira -- 49536 1000M 1000M 1449 0 0
vgs -- 40 1000M 1000M 9 0 0
srdent -- 40 1000M 1000M 9 0 0
...
#119 -- 8420 0 0 345 0 0
#507 -- 19036 0 0 26 0 0
#1000 -- 8 0 0 2 0 0The user #1000 is from my VPS.
However I wonder where #119 and #507 come from, they own CWP installation files!
Not only is it wasting CWP user's quotas, but also
this whole file owning issue is a severe security issue in case of shell access for CWP users and needs to be addressed!
What will prevent it from happening again?
I guess nothing?
(Also it should be considered to change the default umask for the root user to 700 instead of 755, if possible.)
33
CentOS-WebPanel Bugs / Re: Serious file owning issues (CWP Users own installation files)
« on: February 11, 2016, 06:43:30 AM »
I did a
find / --user srdent
and it owned the whole
/tmp/php-build/
and
find / --user vgs
and it owned thw whole
/usr/local/src/cwp/php-5.4.27/
and
find / --user amira
and it owned the whole
/tmp/apache-build/httpd-2.2.27
/usr/local/apache/man/man1/*
/usr/local/apache/man/man8/*
/usr/local/apache/cgi-bin/*
/usr/local/apache/error/*
/usr/local/apache/icons/*
/usr/local/cwpsrv/man/man1/*
/usr/local/cwpsrv/man/man8/*
/usr/local/cwpsrv/cgi-bin/*
/usr/local/cwpsrv/error/*
/usr/local/cwpsrv/icons/*
/usr/local/src/cwp/httpd-2.2.27/
example:
find / --user srdent
and it owned the whole
/tmp/php-build/
and
find / --user vgs
and it owned thw whole
/usr/local/src/cwp/php-5.4.27/
and
find / --user amira
and it owned the whole
/tmp/apache-build/httpd-2.2.27
/usr/local/apache/man/man1/*
/usr/local/apache/man/man8/*
/usr/local/apache/cgi-bin/*
/usr/local/apache/error/*
/usr/local/apache/icons/*
/usr/local/cwpsrv/man/man1/*
/usr/local/cwpsrv/man/man8/*
/usr/local/cwpsrv/cgi-bin/*
/usr/local/cwpsrv/error/*
/usr/local/cwpsrv/icons/*
/usr/local/src/cwp/httpd-2.2.27/
example:
Code: [Select]
[root@xxx cwp]# pwd
/usr/local/src/cwp
[root@xxx cwp]# ls -la
total 24200
drwxr-xr-x 6 root root 4096 Feb 8 19:34 .
drwxr-xr-x 4 root root 4096 Feb 8 19:38 ..
drwxr-xr-x 28 1000 1000 4096 Feb 8 19:32 apr-1.5.1
-rw-r--r-- 1 root root 1020833 Apr 19 2014 apr-1.5.1.tar.gz
drwxr-xr-x 20 1000 1000 4096 Feb 8 19:33 apr-util-1.5.3
-rw-r--r-- 1 root root 874462 Nov 16 2013 apr-util-1.5.3.tar.gz
drwxr-xr-x 12 amira amira 4096 Feb 8 19:33 httpd-2.2.27
-rw-r--r-- 1 root root 7519677 Mar 18 2014 httpd-2.2.27.tar.gz
drwxr-xr-x 17 vgs games 4096 Feb 8 19:37 php-5.4.27
-rw-r--r-- 1 root root 15333755 Apr 4 2014 php-5.4.27.tar.gz34
CentOS-WebPanel Bugs / Serious file owning issues (CWP Users own installation files)
« on: February 11, 2016, 06:03:16 AM »
Hello, all my users share the same "default" package.
I created the user amira first and uploaded over 40 MB
Then I created vgs, which atm should be empty.
Then I creaded srdent, which should be empty too atm.
How is this even possible :O
The only awkward things I did is
- edited the package after and "(Update quota for all users using this package, also disables inode limits !)"
- entered CWP users using the root pw
Edit: I am using CWP version: 0.9.8.11
Code: [Select]
*** Report for user quotas on device /dev/vzfs
Block grace time: 00:00; Inode grace time: 00:00
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
[...]
amira -- 111M 1000M 1000M 8070 0 0
vgs -- 134M 1000M 1000M 16303 0 0
srdent -- 137M 1000M 1000M 16492 0 0
[...]I created the user amira first and uploaded over 40 MB
Then I created vgs, which atm should be empty.
Then I creaded srdent, which should be empty too atm.
How is this even possible :O
The only awkward things I did is
- edited the package after and "(Update quota for all users using this package, also disables inode limits !)"
- entered CWP users using the root pw
Edit: I am using CWP version: 0.9.8.11
35
CentOS-WebPanel GUI / Bandwith quota is unclear
« on: February 10, 2016, 12:05:47 PM »
If I edit a package it says
Bandwidth: 10000 MB
by default.
Maybe it's obvious for Linux savvy users what this quota is, but for me it's not:
- Is it the general I/O bandwith in MB/s? (I think it's that, but then it should read I/O Bandwith and MB/s (maybe add an info button that tells that when hovered with the mouse behind for stupid users like me.)
- Is it a montly traffic limit?
- S.th. else?
I'd be thrilled, if you could tell me where the script related to that setting is, so I could learn more about Linux by reading it's commands, but it's not really important :-)
Bandwidth: 10000 MB
by default.
Maybe it's obvious for Linux savvy users what this quota is, but for me it's not:
- Is it the general I/O bandwith in MB/s? (I think it's that, but then it should read I/O Bandwith and MB/s (maybe add an info button that tells that when hovered with the mouse behind for stupid users like me.)
- Is it a montly traffic limit?
- S.th. else?
I'd be thrilled, if you could tell me where the script related to that setting is, so I could learn more about Linux by reading it's commands, but it's not really important :-)
36
CentOS-WebPanel Bugs / [not important] Small typo in standard vhosts template
« on: February 10, 2016, 11:58:39 AM »
In the Apache Domain Virtual Host tpl:
The line
Should probably be
But this doesn't seem to affect anything, just s.th. that could be updated for consistency :]
The line
Code: [Select]
ScriptAlias /cgi-bin/ "%homedir%/%username%/public_html/cgi-bin/Should probably be
Code: [Select]
ScriptAlias /cgi-bin/ "%homedir%/%username%/public_html/cgi-bin/"But this doesn't seem to affect anything, just s.th. that could be updated for consistency :]
37
Installation / Re: Error 500 on several standard PHP pages (except CWP itself)
« on: February 09, 2016, 08:08:58 PM »
I did
And the problem is solved now!
Thread can be closed
Code: [Select]
chown root:root /
chown root:root /etcAnd the problem is solved now!
Thread can be closed
38
Installation / Error 500 on several standard PHP pages (except CWP itself)
« on: February 09, 2016, 07:51:01 PM »
Hello, I did a fresh install of CWP on a CentOS 6 VPS yesterday.
Currently it says CWP version: 0.9.8.11
However there were 2 lines with maroon / red text in them (on the right side of the screen) (not sure if it said error or not) running over the SSH terminal screen when I installed, but it didn't report any errors at the end (also I didn't find any logs of the install yet).
While the CWP PHP pages itself work fine, pages of i.e. phpMyAdmin and roundcube webmail give a 500 Internal Server error.
Here is what if found in the apache logs:
I tried to open this from the CWP:
http://xxx.stratoserver.net/roundcube/
error_log:
Is there something wrong with the CWP install script or is it me or my VPS?
I thought the install script would take care of the directory permissions :/
Maybe it's something easy / stupid, please don't be angry =D
Also the VPS has this option in the VPS control panel, but I am not sure if it's related:
Edit:
Turns out some directories are not owned by root, but by 1000 instead, so maybe it has to do with my VPS after all:
Currently it says CWP version: 0.9.8.11
However there were 2 lines with maroon / red text in them (on the right side of the screen) (not sure if it said error or not) running over the SSH terminal screen when I installed, but it didn't report any errors at the end (also I didn't find any logs of the install yet).
While the CWP PHP pages itself work fine, pages of i.e. phpMyAdmin and roundcube webmail give a 500 Internal Server error.
Here is what if found in the apache logs:
I tried to open this from the CWP:
http://xxx.stratoserver.net/roundcube/
error_log:
Code: [Select]
[Tue Feb 09 20:33:27 2016] [error] [client x.x.x.x] SoftException in Application.cpp:555: Directory / is not owned by nobody, referer: https://xxx.stratoserver.net:2031/index.php
[Tue Feb 09 20:33:27 2016] [error] [client x.x.x.x] Premature end of script headers: index.php, referer: https://xxx.stratoserver.net:2031/index.phpIs there something wrong with the CWP install script or is it me or my VPS?
I thought the install script would take care of the directory permissions :/
Maybe it's something easy / stupid, please don't be angry =D
Also the VPS has this option in the VPS control panel, but I am not sure if it's related:
Quote
With the default setting, you can limit the amount of storage space (quota) for users and groups on your V-Server. For system reasons, this restricts the number of UIDs and GIDs that can be used on your V-Server. Remove the tick to deactivate quota for your V-Server.
Please note: For your changes to take effect, your Server will be rebooted.
Edit:
Turns out some directories are not owned by root, but by 1000 instead, so maybe it has to do with my VPS after all:
Code: [Select]
drwxr-xr-x 23 1000 1000 4096 Feb 9 04:02 .
drwxr-xr-x 23 1000 1000 4096 Feb 9 04:02 ..
...
drwxr-xr-x 67 1000 1000 4096 Feb 8 19:48 etc
...(all others owned by "root")