Ok, so I have a network of about 20 sites which all share same database and, more important for this topic, images. All websites are on a same server so to avoid duplicating folder with images (and maintaining all those images) I have created symlinks from all websites to point to first domain’s “images” folder, which contains all the images.
The server is WHM-powered one so most of you who have worked on such servers should know at least part of it’s configuration. I will make an example with two domains (domain1.com and domain2.com) but settings for domain2.com (should) apply to all other domains.
So I have images available on domain1.com/images/ (local path /home/user1/public_html/images/)
Then on domain2.com I have created a symlink in /home/user2/public_html/ named “images” and pointing to /home/user1/public_html/images
Apache is set to follow symlinks so when I open domain2.com/images/ I get a list of images from /home/user1/public_html/images/ - that’s cool, just what I wanted.
Now, the problem I have is suPHP which changes PHP process user ID to the php file owner ID, so the scripts from domain2.com are executed as user2 and they can not even check if some of the images exist (the image thumbnail creation functions first check if image thumbnail exists, then if not they should create thumbnail).
I have tried various combinations of file/folder ownerships and permissions and none of them worked. As with standard WHM setup user1 belongs to group user1 and user2 to group user2. I have created additional group (“shared”), and added both users to this group, then I’ve set permissions like this:
root@server1 [/home/user1/public_html]# ls -l total 72 drwxr-x--- 9 user1 nobody 4096 Jan 12 07:32 ./ drwx--x--x 11 user1 user1 4096 Jan 12 08:35 ../ -rw-r--r-- 1 user1 user1 852 Jan 12 07:31 htaccess-example.txt drwxrwxrwx 5 user1 shared 4096 Jan 12 09:47 images/ -rw-r--r-- 1 user1 user1 5924 Jan 12 10:52 index.php -rw-r--r-- 1 user1 user1 5 Jan 12 08:36 license.txt
root@server1 [/home/user1/public_html/images]# ls -la total 32 drwxrwxrwx 5 user1 shared 4096 Jan 12 09:47 ./ drwxr-x--- 9 user1 nobody 4096 Jan 12 07:32 ../ -rw-rw-r-- 1 user1 shared 135 Jan 12 09:46 htaccess.old -rw-rw-r-- 1 user1 shared 114 Jan 12 05:15 index.html drwxrwxr-x 2 user1 shared 4096 Jan 12 05:15 logos/ -rw-rw-r-- 1 user1 shared 4039 Jan 12 05:15 profile-empty.jpg drwxrwxr-x 3 user1 shared 4096 Jan 12 11:29 properties/
root@server1 [/home/user2/public_html]# ls -la total 68 drwxr-x--- 8 user2 nobody 4096 Jan 12 10:09 ./ drwx--x--x 11 user2 user2 4096 Jun 23 2014 ../ -rw-r--r-- 1 user2 user2 852 Jan 12 09:49 htaccess-example.txt lrwxrwxrwx 1 user2 shared 32 Jan 12 09:51 images -> /home/user1/public_html/images/ -rw-r--r-- 1 user2 user2 5917 Jan 12 09:49 index.php -rw-r--r-- 1 user2 user2 6 Jan 12 10:04 license.txt
As you can see, all files and folders in /images/ have group permissions set to read/write so I don’t know why PHP scripts executed as user2 can’t access them Maybe because “shared” is not their primary group?
I have tried to trick it and change owner of php files in /home/user2/public_html/ to user1, but I get “internal server error” when trying to access them with my web browser. Damn suPHP!
Again, loading images directly works across all domains, but PHP scripts can not access them. Therefore I think the problem is suPHP so my question is can I fix this issue by setting correct permissions (and how) or I’ll have to turn suPHP off (which I wouldn’t really like)?
Warning: readfile(images/profile-empty.jpg) [function.readfile]: failed to open stream: Permission denied in /home/user2/public_html/index.php on line 25