Koozali.org: home of the SME Server

[ANNOUNCE] SME Site Maker (now with full MySQL support)

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« on: April 07, 2007, 01:18:05 AM »
I have finished this script.
This allow you to configure your new web site directory and configuration files automatically.

This is the solution for beginner to make your web sites available on the web,  under /opt directory.

I also create a wiki page where you can download:

http://wiki.contribs.org/SME_Site_Maker

Please, inform any bugs.
Thanks

Offline william_syd

  • ****
  • 1,608
  • +0/-0
  • Nothing to see here.
    • http://www.magicwilly.info
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #1 on: April 07, 2007, 07:43:38 AM »
Great.

Didn't see an option for
Code: [Select]
php_admin_value open_basedir

A large number of questions about php web apps seem to be related to it.
Regards,
William

IF I give advise.. It's only if it was me....

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #2 on: April 07, 2007, 08:13:26 AM »
Quote from: "william_syd"
Great.

Didn't see an option for
Code: [Select]
php_admin_value open_basedir

A large number of questions about php web apps seem to be related to it.


I think about open_basedir option, but searching the default configuration of SME I found it is only necesary for ibays, because SME restricted scripts access within ibay, but not for scripts run under other directorys (ex. /opt).
Then, the script can access any dir. The most importat is /tmp to store sessions.
Well, maybe I wrong. Can you confirm my "thesis"?  :D

The script have a big potential. Adding more functions is possible to create mysql DB automatically, set more variables, etc.
 I think to make two choices at the begining. One is for "Basic" configurations, more adapted for newbyes, and an "Advanced" only for experts.

Well, thank you for your comments. Of course, you can modify and beautify the script

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #3 on: April 07, 2007, 09:37:54 AM »
Quote from: "PicsOne"
I think about open_basedir option, but searching the default configuration of SME I found it is only necesary for ibays, because SME restricted scripts access within ibay, but not for scripts run under other directorys (ex. /opt).
Then, the script can access any dir. The most importat is /tmp to store sessions.
Well, maybe I wrong. Can you confirm my "thesis"?  :D
You are partly right, taht SME Server only configures PHPBaseDir restrictions for ibays. SME Server uses a template snippet (95AddType00PHP2ibays) to configure the basedir restriction for ibays. Have a look at the fragment to see how they do it. Basically it boils down to this:

If PHP is enabled and there is no PHPBaseDir definition for the ibay it is restricted to it's own sandbox, if a PHPBaseDir is defined this value is set .

You should do something analogue like that as you are now compromising the security of the system that the developers have so carefully build in, although I know the PHPBaseDir restriction is not such a watertight security measure.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline judgej

  • *
  • 375
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #4 on: April 07, 2007, 11:12:26 AM »
Quote from: "PicsOne"

Then, the script can access any dir. The most importat is /tmp to store sessions.


Nearly. If PHP uses /tmp to store sessions, then it makes no difference whether base_dir restrictions are in effect or not, since the session saving does not involve your script reading or writing /tmp directly.

Where some applications fall down, is that they try to copy uploaded files directly out of /tmp, instead of using the PHP function that is designed specifically to do that for them.

I've said it many times, and will say it again: opening up the sandbox is a security risk, and should not be done without absoultely knowing what you are doing. No web application should need access to the system global /tmp area. What possible reasons should a common web application have for being able to read *other* applications and system-wide temporary files?

-- JJ
-- Jason

Offline cactus

  • *
  • 4,880
  • +3/-0
    • http://www.snetram.nl
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #5 on: April 07, 2007, 11:19:42 AM »
Quote from: "judgej"
Nearly. If PHP uses /tmp to store sessions, then it makes no difference whether base_dir restrictions are in effect or not, since the session saving does not involve your script reading or writing /tmp directly.
Really, that is news to me as there are some PHP functions that are used for sessiosn and they should apply to the basedir ruleset as they are PHP code.
Quote from: "judgej"
Where some applications fall down, is that they try to copy uploaded files directly out of /tmp, instead of using the PHP function that is designed specifically to do that for them.
These functions fall under the same restriction as before mentioned session functions AFAIK.

Quote from: "judgej"
I've said it many times, and will say it again: opening up the sandbox is a security risk, and should not be done without absoultely knowing what you are doing. No web application should need access to the system global /tmp area. What possible reasons should a common web application have for being able to read *other* applications and system-wide temporary files?
There you have a point, with which I agree, although the PHP BaseDir restriction still improves security it does not exclude all misuse. There is also perl, and perl scripts are not restricted by the PH BaseDir setting, let alone perl not having such a restriction available.
Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #6 on: April 07, 2007, 04:13:52 PM »
Thank for all replies.

Related to open_basedir restriction, there are a lof of posts saying about modify basedir to allow access to the /tmp dir, because PHP set this default directory to store sessions. A really good mesure to avoid security risk is tell to PHP to store sessions in the current directory. Maybe with php_admin_value or flag in an .htaccess file, but I don't know if it is possible

Now I have added open_basedir restriction with option to change in configuration time, but alert about security risk.

This is the code I added:

Code: [Select]
obd="$f_root"
        clear
        echo
        echo "Do you want to modify open_basedir restriction?"
        echo "Default give php access only to local siteroot ($f_root)"
        echo "Use with care, this is a security risk"
        echo "(Y/N/Enter)"
        echo ":"
read YESNO
case "$YESNO" in
"Y" | "y" )
f_obd="1";;
"N" | "n" )
f_obd="0";;
*)
f_obd="0";;
esac

if [ "$f_obd" = "1" ]
then
clear

ANSWER=1
while [ $ANSWER = 1 ]
do
        clear
        echo
        echo "Please enter the directory you want to allow PHP can access."
        echo "If you specify more than one, separate with \":\""
        echo "Example: /dir_one:/dir_two"
        echo ":"

read open_bd
if [  "$open_bd"  != "" ]
then
obd=$open_bd
ANSWER=0
else
    clear
        echo
        echo "You have not provide a directory name. Hit enter to try again"
read x
fi
done
fi


and final step:

Code: [Select]
echo "php_admin_value open_basedir $obd" >> $c_file

Thanks

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #7 on: April 09, 2007, 10:42:07 AM »
I have upload the new version with full MySQL support. (v1.5)
You can now create you DB automatically, and set the use and password. Also added full privileges for the user for the database. If the user or database already axist, then you have the choice of drop and create a new one, or no modify anything. In the case of user, if exist the script only add privileges for the new database you have created.

Please, test and report any bugs.

Thanks

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #8 on: April 10, 2007, 09:34:18 AM »
New version 1.7

# Author: Normando Hall (PicsOne)
# nhall@unixlan.com.ar
#
# Status
# Version: 1.7
# 10/04/2007  (d/m/Y)
#
#
# Changelog
#
# 1.7 (by Normando Hall)
# Fix some bugs with MySQL database and users already exists
# Set debug output to /opt
# Added SME6 support
# Improve some functions
# Stylize prompt
#
# 1.5 (by Normando Hall)
# Fix some bugs with CGI dir
# Added full mysql support
#
# 1.1 (by Normando Hall)
# Added php open_basedir restriction
# Set debug variable
#
# 1.0 (by Normando Hall)
# Initial release

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #9 on: May 09, 2007, 04:19:25 AM »
Am I the only moron that needs more info to get this going? I need some help with this step
Quote
Untar and execute
I've got the untar part fine, but none of the steps that I have found from Google seem to work... I don't know what to do with the SMESiteMaker file that is left after untaring...
Thanks!

Also, I don't know if I understand how this all works. Do you run this script each time that something is to be installed?
Ryan

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #10 on: May 09, 2007, 04:22:49 AM »
:oops: Posted to quick...
Code: [Select]
./SMESiteMakerseems to do the trick...

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #11 on: May 09, 2007, 07:59:57 AM »
Hello hymann.

I have update the wiki to resolve any dude about SMESiteMaker.
Please, visit at http://wiki.contribs.org/SME_Site_Maker
Quote
Also, I don't know if I understand how this all works. Do you run this script each time that something is to be installed?

No, run only one time when you create a site the first time.

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #12 on: May 09, 2007, 08:05:56 PM »
Quote from: "PicsOne"
I have update the wiki to resolve any dude about SMESiteMaker.
Please, visit at http://wiki.contribs.org/SME_Site_Maker
Thank you, that helps those of us that are still learning the command line stuff!
Quote
No, run only one time when you create a site the first time.
I understand now (I think), I tried last night and it looks like you would want to run this every time you are creating a new site. I tried installing roundcube (I know there are a few contribs for this, but I want to access it by domain.name/email instead of domain.name/roundcube...), but I messed something up. It might have been wrong to try to force it to use SSL? Anyway, I'll keep playing, thanks for the handy tool.
Ryan

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #13 on: May 09, 2007, 11:32:24 PM »
Thanks hymann.
I have updated the wiki again  :D

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #14 on: May 10, 2007, 06:20:57 PM »
Thank you for your wiki edit!!!!  :mrgreen:

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #15 on: May 10, 2007, 08:40:53 PM »
You're welcome; I was just going to fix a few typos, but... Very small price to pay for sharing your script!!
Ryan

Offline gixmo

  • **
  • 63
  • +0/-0
    • http://www.gixmo.nl
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #16 on: June 24, 2007, 11:59:20 AM »
when i use SMESiteMaker and made a site with a alias 'families'
i get this error in my httpd_error log :

Quote
[Sun Jun 24 11:57:00 2007] [crit] [client 192.168.1.12] (13)Permission denied: /opt/pgv/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable


where did i go wrong?

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #17 on: June 24, 2007, 08:56:42 PM »
I'm not sure about what make this error, but for the log I suppose you need to set rights permissions for .htaccess file. Ensure you have set permissions to 644 for this file.
And ensure you have choice "YES" for "Allow Override" when the script prompt you.
Another option, set your root directory permissions (in your case /opt/pgv) to 777.
Searching in google I found a tons of information about your error.
For one see http://gallery.menalto.com/node/27986

Offline gixmo

  • **
  • 63
  • +0/-0
    • http://www.gixmo.nl
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #18 on: June 25, 2007, 06:58:01 PM »
No the permissions are ok, the permisions on the dir itself are even 777. But i get still the mentioned error message.

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #19 on: July 26, 2007, 11:13:22 PM »
I need a pointer or two...
I am trying to use this script to install wordpress in /opt/home, but I have not been successful... It doesn't seem to matter what options that I use while going through the script, I get a 403 Forbidden for every /opt directory that I have tried to create...

Here is my most recent custom template
Code: [Select]
Alias /home /opt/wordpress
<Directory /opt/wordpress>
AddType application/x-httpd-php .php .php3 .phtml
Options  Indexes  +Includes  FollowSymLinks
order deny,allow
deny from all
allow from all
php_flag register_globals on
php_admin_flag allow_url_fopen on
php_admin_value eaccelerator.enable 1
php_admin_value open_basedir /opt/wordpress
</Directory>
Is there anything that jumps out as causing a problem? I have tried as many variables as I can think of like /opt/home, opt/wordpress, opt/bob, register_globals on/off, includes on/off, allow override on/off, etc...

I have tried on a 7.2 server as well as a 7.1.3. I have used this before awhile back and didn't have problems so I don't think it is a bug, I think it is me.
Thanks,
Ryan

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #20 on: July 27, 2007, 12:48:28 AM »
Quote from: "haymann"
I am trying to use this script to install wordpress in /opt/home, but I have not been successful... I


I see in your configuration you are use /opt/wordpress directory, and Alias to "home". This signify you must copy your site files under /opt/wordpress directory, and access at http://your_domain/home

I create the same configuration you have post, and work ok for me. Test it in 7.1.3 and 7.2

If you have set FollowSymLinks, becareful with .htaccess file in your site.
Test the donfiguration without any site file, or almost one image, and see if you can access at /home.

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #21 on: July 27, 2007, 04:45:57 AM »
Yeah, I'm not sure what I am doing wrong yet... The problem is that I get the 403 Forbidden message when I try to view mysite.com/home, when I look at mysite/wordpress it is not found so part of it is working for me. It is forbidden if I have files in the directory (/opt/wordpress) or if it is empty. And if I set it up so that there is no alias, mysite.com/wordpress is found, but forbidden... I give up for tonight. I would like to figure out what I am doing wrong though.

Which option sets the FollowSymLinks?
Thanks,
Ryan

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #22 on: July 27, 2007, 05:51:52 AM »
The FollowSymLinks allow sym linking of files httpd can server. I mistake with my explain because I refer to AllowOverride option. Set this last to "All" if you want apache can read .htaccess file.

About your problem, I think you have an ibay named "wordpress" or "home", and apache go to these ibays and not to your alias directory. Check again your ibays names, the directory names after your domains, and all httpd custom-templates. May be you have a conflict with some ibays names or directoyrs after domains same as your alias name.

Offline haymann

  • *
  • 212
  • +0/-0
[ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #23 on: July 27, 2007, 03:03:43 PM »
Quote from: "PicsOne"
The FollowSymLinks allow sym linking of files httpd can server. I mistake with my explain because I refer to AllowOverride option. Set this last to "All" if you want apache can read .htaccess file.
OK, so I'm looking at your script and if I read it correctly (which I don't know anything about coding) then the FollowSymLinks option is set during the "allow includes" part of the script? I just wasn't sure where that was being set because I didn't know what allow includes meant and I didn't see an option for FollowSymLinks...
Quote from: "PicsOne"
About your problem, I think you have an ibay named "wordpress" or "home", and apache go to these ibays and not to your alias directory. Check again your ibays names, the directory names after your domains, and all httpd custom-templates. May be you have a conflict with some ibays names or directoyrs after domains same as your alias name.
No, no ibays by those names, but I did get it working. The directory in /opt was being created with permissions of 644, when I changed that to 755 I now can access the site. It looks like your script sets it to 644 by default. Do I have something wrong that I can only access if I use 755?
Thanks,
Ryan

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
Re: [ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #24 on: October 07, 2007, 10:54:20 AM »
The directory in /opt was being created with permissions of 644, when I changed that to 755 I now can access the site. It looks like your script sets it to 644 by default. Do I have something wrong that I can only access if I use 755?

Sorry for the delay.
You are right, a little bug.
Change line 108 to this:
Code: [Select]
chmod 755 $f_rootI hope this help you.

Offline haymann

  • *
  • 212
  • +0/-0
Re: [ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #25 on: October 08, 2007, 08:00:07 PM »
Sorry for the delay.
You are right, a little bug.
Change line 108 to this:
Code: [Select]
chmod 755 $f_rootI hope this help you.
Cool, I came to ask you another question, and saw your answer to my other one. Fantastic, thanks!!

Now to the real reason I came...
Next time that you are updating your script, I think it might be beneficial to add some description on the "allow includes" step of the script. I think it would be handy for us novices to know what that will allow/disallow by selecting yes or no.

I have used your script several times once I figured out to changed that directory to 755, and it has been a huge help to me!
Thanks,
Ryan

Offline imcintyre

  • *
  • 609
  • +0/-0
Re: [ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #26 on: October 08, 2007, 11:26:41 PM »
Is there a separate web site detailing the virtues of Site Maker?

Offline Normando

  • *
  • 841
  • +2/-1
    • Unixlan
Re: [ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #27 on: October 09, 2007, 12:55:24 AM »
Is there a separate web site detailing the virtues of Site Maker?

Read http://wiki.contribs.org/SME_Site_Maker about SMESM

Offline TTown

  • *
  • 30
  • +0/-0
Re: [ANNOUNCE] SME Site Maker (now with full MySQL support)
« Reply #28 on: October 15, 2007, 04:54:24 PM »
Normando,

I am very fond of your script. I applied it several times and it works reliably. (Even better once you have a clue of what it means what you are doing  :? )
Since I don't know how to do it without a prefabricated script and yours is already very close to the subject, please allow one question:
Is there a way of installing the site(s) so they respond to a specific virtual host/domain name?
(The SME Server-Manager allows to add (virtual) domains. Using dyndns I have two domain names pointing to my server at home. Now I would like it to respond to the different domain names by displaying different websites.)

If you'd prefer me to post this question somewhere else, please advise on how to procede.

Best regards
TTown
(fnord)