5106R/5107R YUM updates (suPHP)

Updated base-vsite RPMs were released today that extend the suPHP functionality with support for custom php.ini files.

Our suPHP integration always had been a bit incomplete. It's primary benefit being that PHP scripts run with the UID and GID of the owner of the scripts (instead of user "apache"). While using suPHP is more secure, our implementation had the drawback that only the server wide PHP settings would apply. But not those individually configured for the site. Especially in conjunction with the "open_basedir" directive this caused problems and/or confusion.

To fix this our suPHP integration was extended to support custom php.ini files, which reside inside the home directory of each suPHP enabled sites. These custom php.ini config files contain the PHP related settings applicable for the site in question and are honored when suPHP pages are served.

The following RPMs are now available through YUM for 5106R and 5107R contain the new functionality and should be installed automatically during the next YUM update:

=========
 Package 
=========
Updating:

 base-vsite-capstone
 base-vsite-glue
 base-vsite-locale-da_DK
 base-vsite-locale-de_DE
 base-vsite-locale-en
 base-vsite-locale-en_US
 base-vsite-locale-ja
 base-vsite-ui   

Transaction Summary
============================
Upgrade       8 Package(s)

During the installation of these RPMs a special script is run (/usr/sausalito/sbin/suPHP_fixer.pl) which will check if you have sites with suPHP enabled. If suPHP enabled sites are found and if those sites don't have their own php.ini file yet, then suPHP is briefly turned off for these sites and immediately it's turned on again. That will automatically create the individual php.ini files for the sites with suPHP enabled.

In that case the YUM update will show the following notice on the screen:

Running Transaction
[...]
  Updating       : base-vsite-glue
Shutting down cced: done
Starting cced: [  OK  ]
Running CCE constructors: 
Going through all suPHP enabled Vsites to make sure they all have a custom php.ini: 
Vsite www.yoursite1.net has suPHP enabled, but is missing a custom php.ini. Fixing it!
Vsite www.yoursite31.com has suPHP enabled, but is missing a custom php.ini. Fixing it!
Vsite www.yoursite74.co.uk has suPHP enabled, but is missing a custom php.ini. Fixing it!

Whenever suPHP support for a Vsite is turned off, the custom php.ini files will be deleted automatically.

Please note: For security reasons the custom php.ini config files are root owned and protected with chattrib to prevent that anyone but the BlueOnyx GUI can modify them. And yes: That also means that user "root" cannot edit them without removing the chattrib bit first.