PHP programmer here. Boss wants me to create multiple wordpress websites that are symlink'ed back to a single parent wordpress directory. Each website resides in a separate Linux user account. In other words, one parent, many children copies, all residing in different /home/ accounts. I need help with my symlink strategy...
So far, for each new linux web account,
install the database
sed replace config values into a temp config file
mysql insert some config data
symlink????
a. every wordpress file ??
b. the entire public_html directory ??
If I alter the parent wordpress PHP code, I can place a "real" copy of the config file in the child user directory, above the symlinked public_html. So, I need only use one child symlink to the parent's public_html directory. BUT, apache returns a 500 error. How do I set up the permissions?
Permissions are the issue. Would chgrp work? Which group? What file mode? Or would I need to create a special group to accommodate the apache user, nobody?
Any help would be greatly appreciated. Code samples welcome :)
Problem's Cause (paranoid security, "switch-user" blocking):
PHP 5 Handler suphp
Suexec on
Problem's solution (DSO):
PHP 5 Handler dso
Suexec off
Performance optimization, added +FollowSymLinks at httpd.conf LINE 75:
<Directory "/">
Options All +FollowSymLinks
AllowOverride All
</Directory>
Each linux user must have a wp-content directory and a wp-config.php file. Don't forget to set writing permissions to the wp-content directory.
You can symlink the rest of the wordpress files to the global wordpress ones.
The global wordpress files must not be writable by the linux users.
This is very possible to do. I have actually written a detailed post explaining the process of symlinking the WordPress directory.
Basically the idea is to replace the wp-config.php file.
Download the repo for WordPress from github with this you can switch to newer or older version of WordPress with a simple command. "git checkout 3.7-branch"
Here is the complete set of instructions:
http://www.htmlgraphic.com/symlinking-wordpress-core-files-wordpress-skeleton/
Related
Is there any need for .htaccess files in directories higher than that where index.html is placed?
I found such a file one level higher after a FileZilla accident (my fault; not Filezilla's) and suspect it should be deleted.
The .htaccess file has an effect on the directory it's in and all the descendent directories. You would need another .htaccess in a sub-folder if it was altering rules or adding new ones to what was inherited from its parent directory.
To expand on this based on more info from below: If the .htaccess files are in directories above your hosting dir, they will have an effect. However you should not amend or delete files on shared servers that you don't have direct authorization to. Check with your host or sysadmin - maybe those files need to be there, or perhaps they can be tidied up. In any case you can override .htaccess rules with a .htaccess file in the subdirectory.
I read moodles documentation where it says that if the data root directory has to be in the site's public html folder ( Please see that i can not create it outside it since i dont have sufficient privileges as i am using a free account ). then you have to chmod it to 770 and also use htaccess to protect it.
Now i am creating the moodle inside my domain at folder /moodle/
and moodle uploads folder is /moodle-uploads/uploads/
and i have an .htaccess setup in /moodle-uploads/.htaccess
where its contents are
order deny,allow
deny from all
as specified on
http://docs.moodle.org/20/en/Creating_Moodle_site_data_directory
But still when i run the auto installer script it says the data root directory is not secure
This is not the best way of doing it but coding hack to just get rid of this error if you like try it..,
in moodle root go the install.php and if you are using 2.6 in line 341 or others versions search for is_dataroot_insecure() function and change it to false in the else if condition and try to install again,and that it..,
By default its going to give you warning for having it in the public html folder as according to the docs in the link you also provided.
Remember that by default moodle will issue a warning about moodle data
directories created inside the web directory, but otherwise this
directory can be located where you wish. You can later move or change
the location of this directory, but if you do, be sure to edit the
setting in the config.php file that sets this; e.g. if moodledata is
under a directory called data, then it would look like this:
As long as you have configured the dataroot location with the moodle data directory and placed your .htaccess file in that folder it should be fine.
i'm using moodle 2.4.1 and had a some problem. the solution open install.php file and search for statment
} else if (is_dataroot_insecure()) {
and disabled.
it's work for me
In my application I have separate spaces for user and admin like
if www.example.com is my website, then www.example.com/admin is my admin URL.
I am using a .htaccess file in my root, and it affects some of the functionality in my admin folder, which I don't want to.
For example, consider below is my folder structure
..
.htaccess
index.php
admin
So if I don't want the .htaccess rules to apply within the admin folder, is there any way?
For people that don't have direct access to httpd.conf (shared hosting for example), just put another .htaccess file in the subfolder and set to the desired behavior.
You should be able to do this, but it does require write access to the httpd.conf configuration.
If you have access to the httpd.conf file, something like
<Directory /admin>
AllowOverride None
</Directory
should do the trick.
Also, note that using .htaccess files in the root directory (as you said you did) is not a recommended approach. You'd be better off moving the contents of the htaccess file into the proper contexts of the httpd.conf file.
More information can be found at http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
Ola there
I run several domains under the same shared hosting account, so I have the following files:
/home/joe/domain1.com/.htaccess
/home/joe/domain2.com/.htaccess
/home/joe/domain3.com/.htaccess
Each file contains duplicate data (stuff like deny from stupid.web.bot).
Is there any way to have a single file that's shared across multiple .htacess files? (something like bash's source command)
Use httpd.include vhost configuration files (as found in /etc/httpd/conf.d/vhosts.conf on RHEL systems) - these are preferable to .htaccess as they are loaded at server start and not dynamically, allowing .htaccess to be disabled and one less filesystem lookup required per directory lookup.
Not all configuration directives can be used in .htacess and httpd.include, check the manual for specifics. Directory commands are fine.
Use the include directive in your httpd.include to include a base config file with common rules.
If they just need to have exactly the same contents you could make a master.htaccess and just symlink it into each folder?
Specify the settings for all domains in your Apache configuration
<Directory /home/joe>
deny from stupid.web.bot
</Directory>
You can put a common .htaccess file in their parent directory: /home/joe.
I recently ran some penetration testing software on my web site and was surprised for it to report that one of my directory listings was publicly accessible.
It is the directory of the root user which is available.
http://www.example.com/~root/
Results in this page content:
Index of /~root
* Parent Directory
* cgi-bin/
Platform: I am creating PHP websites, with Symfony on Linux with Apache.
Is this something that I can configure through Apache?
You could create a .htaccess file in that directory, or have a <directory>...</directory> block in your Apache configuration that specifies:
Options -Indexes
See the Apache options directive documentation for more details.
There is a command in Apache that will make it show indexes.
Options +Indexes
Remove this, restart. This will make that url show a 403 Forbidden.