Hello,

I have PHP5.2 running as cgi and whenever a user tries to upload file via Webform, the following error appears:



It works fine, when I disable mod_security or run PHP 5.3 as a module.

The files in /tmp are created as user:psacln.

Anyone know, how to solve this?

kind regards

-Stephan

I figured it out (looks good so far..):

We had two problems: mod_security not being able to create subdirs in /var/asl/data/audit... and file-uploads not working.

I had to do this (found in the thread about mod_ruid2):

new file /etc/httpd/conf.d/01_mod_security_changes.conf:


Created /var/lib/php/tmp and set it to chmod 777 and removed the sticky bit (chmod -t).



aaaand....file uploads work (temporary files are created and removed again in /var/lib/php/tmp) and directories and files are created in /var/asl/data..

regards

-Stephan

Those are some potentially dangerous permissions, you are making everything world writable and readable by default with apache, which isnt something you want to do with a shared environment. Especially making it all world writable.

Thanks for the feedback. I realize it's world read-/writeable, but assumed that since they are only temporary files that get deleted right away, it would be ok.

Do you know how I can set the permissions to be safe and still use mod_security with suexec php?

regards -Stephan

So that means all the files apache we create, ever, not just the tmp files will be worldwritable and worldreadable:

[mshinn@unit emails]$ umask 0
[mshinn@unit emails]$ touch foo
[mshinn@unit emails]$ ls -al foo
-rw-rw-rw- 1 mshinn mshinn 0 Jun 13 10:38 foo

You probably dont want that if you have a shared user environment.

Ouch! No, I definitely did not want that! I removed 'umask 0' from the configuration, restarted apache and corrected the file permissions.

It seems it wasn't necessary and mod_security still works fine with the other changes.

Thanks for your support and feedback. Greatly appreciate it. Also thanks for ASL, btw.. I'm just slowly starting to grasp, just how great it really is, now that we finished migration and it's been running in a production environment for a couple of days.

kind regards -Stephan

actually, I spoke too soon regarding mod_security.. I had forgotten that I had set 'SecRequestBodyAccess Off' because uploads didn't really work, even with /var/lib/php/tmp set to chmod 777.

When I uploaded a file it reported:

[Thu Jun 14 00:30:08 2012] [error] [client x.x.x.x] ModSecurity: Failed to open temporary file for reading: /var/lib/php/tmp/20120614-002956-T9kUY1BKms4AAHPzdgAAAAAJ-request_body-fPuWHQ [hostname "###"] [uri "/cgi-bin/php.fcgi/form.php"] [unique_id "T9kUY1BKms4AAHPzdgAAAAAJ"]

So, back to square 1.5, I guess. mod_security works, but only without scanning uploads.

regards -Stephan

Any particular reason you are running php as cgi?

yes, to have PHP 5.2 and PHP 5.3 in parallel.

We just migrated from old centos4.5-servers which had PHP 5.2.

On the new servers I have PHP 5.2 as php-cgi and PHP 5.3 as apache module (installed regularely via yum).

We have some hostings with very old stuff (joomla 1.0, osCommerce and some others that get warnings from 5.3) and wanted to offer our customers a way to test their stuff in 5.3 first.

regards -Stephan