[Typo3-linux] Typo3 3.8.1 (installation) and phpSUEXEC
Dimitri Tarassenko
mitka at mitka.us
Mon Nov 28 23:48:41 CET 2005
Torsten,
On 11/28/05, Torsten Feichtinger <torsten at feichtinger.de> wrote:
> >>First, how can I install Typo3 3.8.1 with the symlinks like the normal
> >>installation routine for linux describe - I understand that phpSUEXEC
> >>can not work with symlinks to .php files (right?).
> > Right.
> Is there a solution or workaround to this? I am not really sure, but to
> make a symlink to a .php file could not be a big security issue, or?
There are some security implications. For example, let's imagine that
a symlink points to /one/two/three/a.php. In this case, anyone who has
write permissions to /one, /one/two will be able to substitute your
a.php for their own. Just too many things to take into account.
Basically, the same logics as behind the decision to disallow
setUID/setGID shell scripts.
> > You can try converting symlinks to hardlinks for files. I had an
> > impression that phpsuexec CAN execute files in symlinked directories,
> > so it's only symlinks to the files that are a problem. If that's not
> > the case, I don't think you can do what you are planning to do.
> If I am converting the symlinks to hardlinks:
> - for which files? (I think a lot, or? is there a list?)
> - what is with the updates later to other version?
I think there are just couple of them - index.php and index_ts.php, if
I am not mistaken. The updates should be fine.
> > Not really, but you may run into permissions problems when executing
> > ImageMagick/GraphicsMagic and maybe in the extensions that send out
> > email (this depends on your mailserver setup).
> Ok, this I have to check - it seems, that I cound not run ImageMagick
> etc. with this server...
This on its own may be unrelated to phpsuexec - there are other
PHP.INI parameters that may restrict the locations of external
programs that your php scripts can execute.
> I have not really space problems, but I though and read that the symlink
> method is "THE" method for linux systems - special if you update your
> typo3 installation... in the beginning with my own page a made a mistake
> in the installation (I choose the windows/zip version) and now I have
> problems to update to the next typo3 version (backup etc. does not
> really work)...
It is "THE" method, with several "IF"s ;). I would say the "IF"s are:
- shell access, or, better yet, dedicated server
- somewhat loose security settings in Apache (followsymlinks + couple of other)
- lower security settings in PHP and phpsuexec / mod_suphp
For backing up / restoring the complete installations you could try a
script I did sometime ago:
http://typo3.mitka.us/filez/typopack-0.1.tgz - this was done to
prepare packages like "dummy" and "quickstart" based on working
installations, but you could try backing up your 3.7 site with this,
unpacking 3.8 dummy zip with sources, then unpacking your backup into
the same place and running the installer.
Bottom line - if updates are all you are worried about I would not
mess with symlinked/hardlinked workarounds under suphpexec.
> Greetings and thanks... :-)
You're welcome.
--
Dimitri Tarassenko
More information about the TYPO3-linux
mailing list