RootForum Community

Resources for System-Administrators
https://www.rootforum.org/forum/

Kann php.ini haben fuer jeden Benutzer?

https://www.rootforum.org/forum/viewtopic.php?t=51257

Page 1 of 1

Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-01 11:07
by Anonymous
Ich wollte jeden Benutzer eigene php.ini haben. Deswegen habe ich sowas gemacht z.B

Code: Select all

    $HTTP["host"] =~ "mysite\.com" {
            server.document-root = "/var/www/mysite.com/html"
	      fastcgi.server    = ( ".php" =>
		 ((
                "bin-path" => "/usr/bin/php-cgi -c /var/www/mysite.com/html/php.ini",
                "socket" => "/var/www/mysite.com/html/php-cgi.socket",
		))
		)

    }
leider sowas funktioniert nicht und laesst lightly nicht mehr laufen! gibt es andere Losung?

Danke im voraus

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-01 12:20
by daemotron
Ja, Du kannst mit spawn-fcgi die PHP-Prozesse außerhalb von Lighty starten. Anleitung dafür: http://redmine.lighttpd.net/projects/li ... ermissions

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-01 12:34
by Joe User
mod_setenv sollte ebenfalls funktionieren:

Code: Select all

setenv.add-environment = ( 
    "PHPRC" => "/var/www/domain.tld/html/php.ini"
)
Und seit PHP-5.3 sollte die .user.ini reichen, auch wenn es sicherheitstechnisch nicht wirklich empfehlenswert ist.

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-02 01:51
by Anonymous
Danke euch,
@ Joe user , Leider deinen Weg hat nicht funktioniert. ist wird ignoriert
2010-06-02 02:01:10: (server.c.1503) server stopped by UID = 0 PID = 17737
2010-06-02 02:01:14: (log.c.166) server started
2010-06-02 02:01:14: (server.c.954) WARNING: unknown config-key: etenv.add-environment (ignored)

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-02 07:41
by Roger Wilco
1. etenv != setenv
2. mod_setenv geladen?

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-02 11:07
by Anonymous
Roger Wilco wrote:1. etenv != setenv
2. mod_setenv geladen?
1. Korrigiert.
2. Ja.
trotzdem funktioniert nicht und die Logs zeigt kein Fehler!

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-02 13:29
by Joe User
Zeige mal den kompletten VHost, oder am Besten die ganze lighttpd.conf.

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 01:22
by Anonymous
Joe User wrote:Zeige mal den kompletten VHost, oder am Besten die ganze lighttpd.conf.
lighttpd.conf

Code: Select all

# lighttpd configuration file
#
# use it as a base for lighttpd 1.0.0 and above
#
# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $

############ Options you really have to take care of ####################

## modules to load
# at least mod_access and mod_accesslog should be loaded
# all other module should only be loaded if really neccesary
# - saves some time
# - saves memory
server.modules              = (
                                "mod_rewrite",
#                               "mod_redirect",
#                               "mod_alias",
                                "mod_access",
#                               "mod_trigger_b4_dl",
#                               "mod_auth",
#                               "mod_status",
                                "mod_setenv",
                                "mod_fastcgi",
#                               "mod_proxy",
#                               "mod_simple_vhost",
#                               "mod_evhost",
#                               "mod_userdir",
#                               "mod_cgi",
#                               "mod_compress",
#                               "mod_ssi",
#                               "mod_usertrack",
#                               "mod_expire",
#                               "mod_secdownload",
#                               "mod_rrdtool",
                                "mod_accesslog" )

## A static document-root. For virtual hosting take a look at the
## mod_simple_vhost module.
# server.document-root        = "/srv/http/"
server.document-root        = "/home/me/public_html/"

## where to send error-messages to
server.errorlog             = "/var/log/lighttpd/error.log"

# files to check for if .../ is requested
index-file.names            = ( "index.php", "index.html",
                                "index.htm", "default.htm" )

## set the event-handler (read the performance section in the manual)
# server.event-handler = "freebsd-kqueue" # needed on OS X

# mimetype mapping
mimetype.assign             = (
  ".pdf"          =>      "application/pdf",
  ".sig"          =>      "application/pgp-signature",
  ".spl"          =>      "application/futuresplash",
  ".class"        =>      "application/octet-stream",
  ".ps"           =>      "application/postscript",
  ".torrent"      =>      "application/x-bittorrent",
  ".dvi"          =>      "application/x-dvi",
  ".gz"           =>      "application/x-gzip",
  ".pac"          =>      "application/x-ns-proxy-autoconfig",
  ".swf"          =>      "application/x-shockwave-flash",
  ".tar.gz"       =>      "application/x-tgz",
  ".tgz"          =>      "application/x-tgz",
  ".tar"          =>      "application/x-tar",
  ".zip"          =>      "application/zip",
  ".mp3"          =>      "audio/mpeg",
  ".m3u"          =>      "audio/x-mpegurl",
  ".wma"          =>      "audio/x-ms-wma",
  ".wax"          =>      "audio/x-ms-wax",
  ".ogg"          =>      "application/ogg",
  ".wav"          =>      "audio/x-wav",
  ".gif"          =>      "image/gif",
  ".jar"          =>      "application/x-java-archive",
  ".jpg"          =>      "image/jpeg",
  ".jpeg"         =>      "image/jpeg",
  ".png"          =>      "image/png",
  ".xbm"          =>      "image/x-xbitmap",
  ".xpm"          =>      "image/x-xpixmap",
  ".xwd"          =>      "image/x-xwindowdump",
  ".css"          =>      "text/css",
  ".html"         =>      "text/html",
  ".htm"          =>      "text/html",
  ".js"           =>      "text/javascript",
  ".asc"          =>      "text/plain",
  ".c"            =>      "text/plain",
  ".cpp"          =>      "text/plain",
  ".log"          =>      "text/plain",
  ".conf"         =>      "text/plain",
  ".text"         =>      "text/plain",
  ".txt"          =>      "text/plain",
  ".dtd"          =>      "text/xml",
  ".xml"          =>      "text/xml",
  ".mpeg"         =>      "video/mpeg",
  ".mpg"          =>      "video/mpeg",
  ".mov"          =>      "video/quicktime",
  ".qt"           =>      "video/quicktime",
  ".avi"          =>      "video/x-msvideo",
  ".asf"          =>      "video/x-ms-asf",
  ".asx"          =>      "video/x-ms-asf",
  ".wmv"          =>      "video/x-ms-wmv",
  ".bz2"          =>      "application/x-bzip",
  ".tbz"          =>      "application/x-bzip-compressed-tar",
  ".tar.bz2"      =>      "application/x-bzip-compressed-tar",
  # default mime type
  ""              =>      "application/octet-stream",
 )

# Use the "Content-Type" extended attribute to obtain mime type if possible
#mimetype.use-xattr        = "enable"


## send a different Server: header
## be nice and keep it at lighttpd
# server.tag                 = "lighttpd"

#### accesslog module
accesslog.filename          = "/var/log/lighttpd/access.log"

## deny access the file-extensions
#
# ~    is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
#      of the document-root
url.access-deny             = ( "~", ".inc" )

$HTTP["url"] =~ "\.pdf$" {
  server.range-requests = "disable"
}

##
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

######### Options that are good to be but not neccesary to be changed #######

## bind to port (default: 80)
#server.port                = 81

## bind to localhost (default: all interfaces)
#server.bind                = "127.0.0.1"

## error-handler for status 404
#server.error-handler-404   = "/error-handler.html"
#server.error-handler-404   = "/error-handler.php"

## to help the rc.scripts
server.pid-file            = "/var/run/lighttpd/lighttpd.pid"


###### virtual hosts
##
##  If you want name-based virtual hosting add the next three settings and load
##  mod_simple_vhost
##
## document-root =
##   virtual-server-root + virtual-server-default-host + virtual-server-docroot
## or
##   virtual-server-root + http-host + virtual-server-docroot
##
#simple-vhost.server-root   = "/srv/http/vhosts/"
#simple-vhost.default-host  = "www.example.org"
#simple-vhost.document-root = "/htdocs/"


##
## Format: <errorfile-prefix><status-code>.html
## -> ..../status-404.html for 'File not found'
#server.errorfile-prefix    = "/usr/share/lighttpd/errors/status-"
#server.errorfile-prefix    = "/srv/http/errors/status-"

## virtual directory listings
dir-listing.activate       = "enable"
## select encoding for directory listings
#dir-listing.encoding        = "utf-8"

## enable debugging
#debug.log-request-header   = "enable"
#debug.log-response-header  = "enable"
#debug.log-request-handling = "enable"
#debug.log-file-not-found   = "enable"

### only root can use these options
#
# chroot() to directory (default: no chroot() )
#server.chroot              = "/"

## change uid to <uid> (default: don't care)
server.username            = "http"

## change uid to <uid> (default: don't care)
server.groupname           = "http"

#### compress module
#compress.cache-dir         = "/var/cache/lighttpd/compress/"
#compress.filetype          = ("text/plain", "text/html")

#### proxy module
## read proxy.txt for more info
#proxy.server               = ( ".php" =>
#                               ( "localhost" =>
#                                 (
#                                   "host" => "192.168.0.101",
#                                   "port" => 80
#                                 )
#                               )
#                             )

#### fastcgi module
## read fastcgi.txt for more info
## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini
fastcgi.server             = ( ".php" =>
                               ( "localhost" =>
                                 (
                                   "socket" => "/var/run/lighttpd/php-fastcgi.socket",
                                   "bin-path" => "/usr/bin/php-cgi"
                                 )
                               )
                            )

#### CGI module
#cgi.assign                 = ( ".pl"  => "/usr/bin/perl",
#                               ".cgi" => "/usr/bin/perl" )
#

#### SSL engine
#ssl.engine                 = "enable"
#ssl.pemfile                = "/etc/ssl/private/lighttpd.pem"

#### status module
#status.status-url          = "/server-status"
#status.config-url          = "/server-config"

#### auth module
## read authentication.txt for more info
#auth.backend               = "plain"
#auth.backend.plain.userfile = "lighttpd.user"
#auth.backend.plain.groupfile = "lighttpd.group"

#auth.backend.ldap.hostname = "localhost"
#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
#auth.backend.ldap.filter   = "(uid=$)"

#auth.require               = ( "/server-status" =>
#                               (
#                                 "method"  => "digest",
#                                 "realm"   => "download archiv",
#                                 "require" => "user=jan"
#                               ),
#                               "/server-config" =>
#                               (
#                                 "method"  => "digest",
#                                 "realm"   => "download archiv",
#                                 "require" => "valid-user"
#                               )
#                             )

#### url handling modules (rewrite, redirect, access)
#url.rewrite                = ( "^/$"             => "/server-status" )
#url.redirect               = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )
#### both rewrite/redirect support back reference to regex conditional using %n
#$HTTP["host"] =~ "^www\.(.*)" {
#  url.redirect            = ( "^/(.*)" => "http://%1/$1" )
#}

#
# define a pattern for the host url finding
# %% => % sign
# %0 => domain name + tld
# %1 => tld
# %2 => domain name without tld
# %3 => subdomain 1 name
# %4 => subdomain 2 name
#
#evhost.path-pattern        = "/srv/http/vhosts/%3/htdocs/"

#### expire module
#expire.url                 = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")

#### ssi
#ssi.extension              = ( ".shtml" )

#### rrdtool
#rrdtool.binary             = "/usr/bin/rrdtool"
#rrdtool.db-name            = "/var/lib/lighttpd/lighttpd.rrd"

#### setenv
#setenv.add-request-header  = ( "TRAV_ENV" => "mysql://user@host/db" )
#setenv.add-response-header = ( "X-Secret-Message" => "42" )

## for mod_trigger_b4_dl
# trigger-before-download.gdbm-filename = "/var/lib/lighttpd/trigger.db"
# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
# trigger-before-download.trigger-url = "^/trigger/"
# trigger-before-download.download-url = "^/download/"
# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
# trigger-before-download.trigger-timeout = 10

#### variable usage:
## variable name without "." is auto prefixed by "var." and becomes "var.bar"
#bar = 1
#var.mystring = "foo"

## integer add
#bar += 1
## string concat, with integer cast as string, result: "www.foo1.com"
#server.name = "www." + mystring + var.bar + ".com"
## array merge
#index-file.names = (foo + ".php") + index-file.names
#index-file.names += (foo + ".php")

#### include
#include /etc/lighttpd/lighttpd-inc.conf
## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf"
#include "lighttpd-inc.conf"

#### include_shell
#include_shell "echo var.a=1"
## the above is same as:
#var.a=1

# Include custom rewrite rules
# include "/etc/lighttpd/rewrite_rules.conf"
#include for Vhost
include "/etc/lighttpd/XXX.com.conf"
und das ist XXX.com.conf

Code: Select all

$HTTP["host"] =~ "XXX\.com" {
	server.document-root = "/home/me/public_html/XXX.com/html"
	setenv.add-environment = (
    	"PHPRC" => "/home/me/public_html/XXX.com/html/php.ini"
)
}

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 10:26
by Joe User
Das alte Wiki läuft wieder.

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 10:41
by Anonymous
Ich wollte wissen ob sowas ueberhaupt geht. wenn nichts dann lass ich alles auf homedir laufen.
Danke fuer alles
Joe User wrote:Das alte Wiki läuft wieder.
Konvertierung dukowiki >> mediawiki waere eine gute Idee!

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 11:36
by Joe User
Es geht, aber etwas anders als ich es in Erinnerung hatte. Hier mal eine vollständige lighttpd.conf inklusive der richtigen Lösung (bitte Pfade und Co selbst anpassen):

Code: Select all

server.username = "lighttpd"
server.groupname = "lighttpd"
server.stat-cache-engine = "fam"
server.event-handler = "linux-sysepoll"
server.pid-file = "/var/run/lighttpd.pid"
server.errorlog = "/var/log/lighttpd/error_log"
server.document-root = "/var/www/localhost/htdocs"
server.name = "www.domain.tld"
server.max-fds = 2048
server.modules = (
    "mod_rewrite",
    "mod_redirect",
    "mod_alias",
    "mod_access",
    "mod_auth",
    "mod_setenv",
    "mod_expire",
    "mod_fastcgi",
    "mod_cgi",
    "mod_ssi",
    "mod_compress",
    "mod_accesslog",
)
server.indexfiles = (
    "index.html",
    "index.htm",
    "index.php",
)
mimetype.assign = (
    ".pdf"     => "application/pdf",
    ".sig"     => "application/pgp-signature",
    ".spl"     => "application/futuresplash",
    ".class"   => "application/octet-stream",
    ".ps"      => "application/postscript",
    ".torrent" => "application/x-bittorrent",
    ".dvi"     => "application/x-dvi",
    ".pac"     => "application/x-ns-proxy-autoconfig",
    ".swf"     => "application/x-shockwave-flash",
    ".tgz"     => "application/x-tgz",
    ".mp3"     => "audio/mpeg",
    ".m3u"     => "audio/x-mpegurl",
    ".wma"     => "audio/x-ms-wma",
    ".wax"     => "audio/x-ms-wax",
    ".ogg"     => "application/ogg",
    ".wav"     => "audio/x-wav",
    ".xbm"     => "image/x-xbitmap",
    ".xpm"     => "image/x-xpixmap",
    ".xwd"     => "image/x-xwindowdump",
    ".asc"     => "text/plain",
    ".c"       => "text/plain",
    ".h"       => "text/plain",
    ".cc"      => "text/plain",
    ".cpp"     => "text/plain",
    ".hh"      => "text/plain",
    ".hpp"     => "text/plain",
    ".conf"    => "text/plain",
    ".log"     => "text/plain",
    ".text"    => "text/plain",
    ".txt"     => "text/plain",
    ".diff"    => "text/plain",
    ".patch"   => "text/plain",
    ".ebuild"  => "text/plain",
    ".eclass"  => "text/plain",
    ".rtf"     => "application/rtf",
    ".bmp"     => "image/bmp",
    ".tif"     => "image/tiff",
    ".tiff"    => "image/tiff",
    ".ico"     => "image/x-icon",
    ".mpeg"    => "video/mpeg",
    ".mpg"     => "video/mpeg",
    ".mov"     => "video/quicktime",
    ".qt"      => "video/quicktime",
    ".avi"     => "video/x-msvideo",
    ".asf"     => "video/x-ms-asf",
    ".asx"     => "video/x-ms-asf",
    ".wmv"     => "video/x-ms-wmv",
    ".tbz"     => "application/x-bzip-compressed-tar",
    ".tar.bz2" => "application/x-bzip-compressed-tar",
    ".tar.gz"  => "application/x-tgz",
    ".bz2"     => "application/x-bzip",
    ".gz"      => "application/x-gzip",
    ".tar"     => "application/x-tar",
    ".zip"     => "application/zip",
    ".jpeg"    => "image/jpeg",
    ".jpg"     => "image/jpeg",
    ".png"     => "image/png",
    ".gif"     => "image/gif",
    ".xhtml"   => "text/html",
    ".html"    => "text/html",
    ".htm"     => "text/html",
    ".dtd"     => "text/xml",
    ".xml"     => "text/xml",
    ".css"     => "text/css",
    ".js"      => "text/javascript",
    ".php"     => "application/x-httpd-php",
    ""         => "text/plain",
)
static-file.exclude-extensions = (
    ".pl",
    ".cgi",
    ".fcgi",
    ".php",
)
dir-listing.activate = "disable"
dir-listing.hide-dotfiles = "enable"
dir-listing.encoding = "utf-8"
dir-listing.exclude = (
    "^\.",
    "~$",
    "favicon.ico",
    "robots.txt",
)
url.access-deny = (
    "~",
    ".ini",
    ".inc",
    ".cfg",
    ".tpl",
    ".bak",
    ".dist",
    ".orig",
    ".htaccess",
    ".htpasswd",
    ".example",
    ".sample",
    ".lang",
)
cgi.assign = (
    ".pl" => "/usr/bin/perl",
    ".cgi" => "/usr/bin/perl",
)
ssi.extension = (
    ".shtml",
)
compress.filetype = (
    "text/javascript",
    "text/plain",
    "text/html",
    "text/css",
)
accesslog.filename = "/var/log/lighttpd/access_log"
accesslog.format = "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
$HTTP["url"] =~ "\.pdf$" {
    server.range-requests = "disable"
}
$SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.use-sslv2 = "disable"
    ssl.ca-file = "/etc/ssl/lighttpd/cacert.pem"
    ssl.pemfile = "/etc/ssl/lighttpd/server.pem"
    server.document-root = "/var/www/localhost/htdocs-secure"
    accesslog.filename = "/var/log/lighttpd/ssl_access_log"
    auth.backend.htpasswd.userfile = "/etc/lighttpd/auth_htpasswd.user"
    auth.backend = "htpasswd"
    auth.require = (
        "/" => (
            "method" => "basic",
            "realm" => "restricted area",
            "require" => "valid-user",
        ),
    )
}
$SERVER["socket"] == ":80" {
    $HTTP["host"] =~ "(^|\.)domain\.tld$" {
        $HTTP["host"] != "www.domain.tld" {
            url.redirect = (
                "^/(.*)" => "http://www.domain.tld/",
            )
        }
        $HTTP["host"] == "www.domain.tld" {
            server.name = "www.domain.tld"
            server.document-root = "/var/www/localhost/htdocs"
            fastcgi.server = (
                ".php" => (
                    "localhost" => (
                        "socket" => "/var/run/lighttpd/php-fastcgi.socket",
                        "bin-path" => "/usr/bin/php-cgi",
                        "bin-environment" => ( 
                            "PHP_FCGI_CHILDREN" => "16",
                            "PHP_FCGI_MAX_REQUESTS" => "500",
                            "PHPRC" => "/etc/php5/cgi/",
                        ),
                        "bin-copy-environment" => (
                            "PATH", "SHELL", "USER",
                        ),
                    ),
                ),
            )
        }
    }
}

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 12:42
by Anonymous
Nein das geht nichts, und hier geht es nicht um doamin.tld Konfigurationen in lighttpd.conf. außerdem dein Konfigurationen sind derselbe wie Defaultwert mit paar Änderungen die unter Debian so aussehen müssen.


Danke trotzdem

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 13:26
by Joe User
Wie die Pfade unter Debian aussehen interessiert mich nicht, da ich grundsätzlich kein Debian oder dessen Derivate einsetze. Desweiteren ist es immer ratsam auch die Defaultwerte in der Konfiguration explizit zu setzen, so vermeidet man Überraschungen bei unangekündigten Änderungen der Defaultwerte und erkennt etwaige Konfigurationsfehler deutlich schneller.

Zurück zum Thema: Den fastcgi.server Abschnitt im VHost hast Du beachtet?

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 13:36
by Anonymous
Wie du siehst, ich hab domain.tld.conf am ende der Konfiguration inkludiert. und drin stehen folgende cods:

Code: Select all

    $HTTP["host"] =~ "XXX\.com" {
       server.document-root = "/home/me/public_html/XXX.com/html"
       setenv.add-environment = (
           "PHPRC" => "/home/me/public_html/XXX.com/html/php.ini"
    )
    }
Da sollte gesamte config von homedir nehmen ausser server.ducoment-root. dazu gehoert auch die fastcgi.server Abschnitt.

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 13:43
by Joe User
Das funktioniert aber nicht, wenn Du jedem VHost/Benutzer eine eigene php.ini zuweisen willst. Dazu muss nunmal der globale fastcgi.server verschwinden und jeder VHost seinen eigenen fastcgi.server bekommen.
Das setenv.add-environment kannst Du wieder löschen, funktioniert mit PHP nicht.

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-03 14:01
by Roger Wilco
Sia wrote:Wie du siehst, ich hab domain.tld.conf am ende der Konfiguration inkludiert. und drin stehen folgende cods:
Und wie bereits erwähnt darf in PHPRC nur ein Verzeichnis, aber keine Datei stehen. :roll:

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-04 00:12
by Anonymous
@ Roger Wilco
??

Re: Kann php.ini haben fuer jeden Benutzer?

Posted: 2010-06-04 10:52
by Anonymous
matzewe01 wrote:http://www.rootforum.org/forum/viewtopi ... 57#p317571

Hier steht wieder der volle Pfad zu php.ini.

Das ist falsch.
Achso, ich wollte nur Joe zeigen, was ich gemacht habe.
All times are UTC+01:00
Page 1 of 1