Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > 95db132860fb986a7e924c8ba5d23525 > files > 9

apache-mod_vhs-1.0.32-9mdv2010.0.i586.rpm

This README file will explain the limits and how mod_vhs will configure
PHP "on the fly".

Introduction
------------

mod_vhs when compiled with -DHAVE_MOD_PHP_SUPPORT, uses zend_alter_ini_entry()
to change on the fly parameters like you can do with php.ini entry.


mod_vhs apache configuration directives
---------------------------------------

There is several directives (see README file from more) :

	vhs_PHPsafe_mode
	vhs_PHPopen_basedir
	with :	vhs_open_basedir_path
		vhs_append_open_basedir

	vhs_PHPdisplay_errors

	and
	
	vhs_PHPopt_fromdb

How are evaluated php configuration directives ?
------------------------------------------------ 

They are evaluated in this order (if they are enabled) :

1- vhs_PHPsafe_mode
2- vhs_PHPopen_basedir (and also vhs_open_basedir_path / vhs_append_open_basedir)
3- vhs_PHPdisplay_errors
4- vhs_PHPopt_fromdb

You have to know this order of evaluation if you don't have brain damage when 
you use vhs_PHPopt_fromdb and security problems that you can have because
of this order of evaluation.


Why there can be a security problem ?
-------------------------------------

vhs_PHPopt_fromdb is evaluated at the end of PHP autoconfiguration. If you
set : 
 vhs_PHPsafe_mode On

And in the field used by vhs_PHPopt_fromdb : safe_mode=Off;

Then the configuration of PHP will be safe_mode=Off. 

vhs_PHPopt_fromdb will ALLWAYS HAVE THE LAST WORD in terms of PHP configuration.

This is NOT a bug, but a feature. So you _need_ to be 100% sure the 
php autoconfiguration from DB will be set to people you trust in terms
of security.

vhs_PHPopt_fromdb format
------------------------

mod_vhs will take his parameters from libhome using 'passwd' field.

The format is :

<parameter>=<value>;<parameter>=<value>;

With <parameter> = php.ini parameter (like safe_mode for example)
     <value>     = php.ini value of this parameter (On for example)

WARNING 1 : you MUST NOT add space or forgot a ";" at the end of ligne
            CR / LF are passed as is to PHP. So double check the entries
            in database.
WARNING 2 : If you don't have anything in you "passwd" entry libhome
            will not return anything from DB because this can be
            a null password. So add an default string when php options are
            not used (like for example "*").
WARNING 3 : If parameter is boolean (eg On / Off) you have to write in DB
            using 1 / 0 instead eg :
		On  = 1
		Off = 0

vhs_PHPopt_fromdb full example
------------------------------

This example uses MySQL but you can adapt it to your system :

MySQL Database :
 
CREATE TABLE `vhost` (
  `ServerName` varchar(100) NOT NULL default 'name.foo.tld',
  `ServerAdmin` varchar(100) NOT NULL default 'root@foo.tld',
  `DocumentRoot` varchar(100) NOT NULL default '/tmp/null',
  `CustomLog` varchar(100) NOT NULL default '/var/log/undefined_apache_host.log',
  `SuexecUserGroup` varchar(100) NOT NULL default 'nobody nogroup',
  `SetEnv` varchar(100) NOT NULL default '/tmp',
  `domain_id` mediumint(9) NOT NULL default '0',
  `owner` varchar(50) NOT NULL default 'me',
  `stats` enum('off','on') NOT NULL default 'on',
  `statsdone` enum('no','yes') NOT NULL default 'no',
  `isalias` enum('0','1') NOT NULL default '0',
  `PointTo` varchar(255) NOT NULL default 'null.foo.tld',
  UNIQUE KEY `ServerName` (`ServerName`)
) TYPE=MyISAM;

INSERT INTO `vhost` VALUES 
	('mrjack.oav.net', 'me@foo.tld', '/usr/local/www/mrjack',
	 '/usr/local/www/mrjack', '/tmp/access.log', 'mrjack ftp',
	 'memory_limit=32M;upload_max_filesize=8M;expose_php=0;', 1, 'mrjack', 'on',
	 'yes', '1', 'mrjack.oav.net');

We have a virtual host 'mrjack.oav.net' with php values :
memory_limit=32M
upload_max_files=8M

libhome configuration :

# more /usr/local/etc/home.conf
mode mysql
myhosts localhost
myuser vhostuser
mypasswd vhostpasswd
mydatabase hosting

[mod_vhs]
log.stderr y
where ServerName
user ServerName
home DocumentRoot
uid "80"
gid "80"
gecos PointTo
passwd SetEnv
shell owner
quota "1000"
table vhost
class ServerAdmin

Apache2 configuration :

Listen 8000
<VirtualHost 1.2.3.4:8000>
  EnableVHS On
  vhs_LogNotFound On
  vhs_Default_Host http://oav.net/
  vhs_Lamer On
  vhs_PHPsafe_mode On
  vhs_PHPopen_basedir On
  vhs_open_basedir_path /tmp:/var/tmp
  vhs_append_open_basedir On
  vhs_PHPdisplay_errors On
  vhs_PHPopt_fromdb On
</VirtualHost>

IMPORTANT NOTE
--------------

Since mod_vhs use Zend functions to change the php ini values, you NEED
to load mod_php *before* mod_vhs otherwise errors like :

Syntax error on line 269 of /etc/apache/httpd.conf:
Cannot load /usr/libexec/apache/mod_vhs.so into server: /usr/libexec/apache/mod_vhs.so: undefined symbol: zend_alter_ini_entry  


Conclusion
----------

vhs_PHPopt_fromdb can only configure php.ini values like foo=value, but it 
cannot configure specific section of php.ini (eg [mysql] for example). So
you'll have to keep that in mind when designing your system.

$Id: README.phpopt,v 1.4 2005/12/14 13:22:52 kiwi Exp $

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional