I'm stumped on a shared install

[jdc]

That Smarty error means that PHP cannot access the "templates_c" or "templates" directory of either the local or shared install. Can you check the permissions and ownerships of those directories? Maybe you also need to include them specifically to your safe_mode include listing?

What should the file system permissions be? I've tried setting the files to owership being the user and group that apache runs under, as well as chmodding them to 777, neither one made it work like it is supposed to.

[garvinhicking]

Hi!

Smarty complains about not being able to read the 'index.tpl' file, so let's go from there.

The index.php file of s9y issues this:

Code: Select all

$serendipity['smarty']->display(serendipity_getTemplateFile($serendipity['smarty_file'], 'serendipityPath'));

(Tthe smarty_file variable is usually set to 'index.tpl').

That means, a function call to getTemplateFile tries to detect the full path of 'index.tpl'. The function is in include/functions_config.inc.php.

Usually it should return a path like "/path/to/your/user/install/templates/default/index.tpl". Since in your case that doesn't happen, it seems the alternate return of the function happens:

Code: Select all

    if (preg_match('@\.(tpl|css|php)@i', $file) && !stristr($file, 'plugin')) {
        return $file;
    }

So it seems that all the file_exists() checks in the function fail.

Please check your user's serendipity_config DB table and see what the 'serendipityPath' variable is set to?

Regards,
Garvin

[jdc]

Ok, I have added the following to the vhost config for the user:

Code: Select all

php_value include_path .:/usr/lib/php/:/server/web/:/server/web/s9y/:/server/web/s9y/bundled-libs/:/home/user/public_html/blog/
php_admin_value open_basedir /usr/lib/php/:/server/web/:/server/web/s9y/:/home/user/public_html/blog/
php_admin_value safe_mode_include_dir /usr/lib/php/:/server/web/:/server/web/s9y/:/home/user/public_html/blog/

With the safe_mode_include_dir, I am able to reach the initial setup page, however, there are many errors. For example:

Code: Select all

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(serendipity_config_local.inc.php) is not within the allowed path(s): (/usr/lib/php/:/server/web/:/server/web/s9y/:/home/user/public_html/blog/) in /server/web/s9y/serendipity_config.inc.php on line 33

Removing the "php_admin_value open_basedir" removes the errors, but the template is apparently not being read as the setup screen is text only.

Continuing on, after clicking submit, I get the following errors:

Code: Select all

Installing default plugins... Error: serendipity_event_s9ymarkup:3ad8f23ca645129c54c5d87e53680428 ()
Error: serendipity_event_emoticate:11e6ef5f40902ea51d6cb1de66bc18d7 ()
Error: serendipity_event_nl2br:4d56ed3785da89340822aebdc393afa0 ()
Error: serendipity_event_browsercompatibility:720d155ac3a7330d09d2ab4bb9737f72 ()
Error: serendipity_event_spamblock:0b639481b09f606365e83d15ba34164a ()

Continuing on, I get the "Smarty error: unable to read resource: "index.tpl" error. Checking the variable in the DB, the serendipityPath is set for /home/user/public_html/blog.

[garvinhicking]

Hi!

Phew. Safe_mode, open_basedir and include_path settings are not that easy to configure and tame. I'd need to have access to the machine to figure out things for myself.

I know that it can work, though.

The template not showing up and the error about index.tpl lead all to the same thing: Smarty is not allowed/able to read/get the template files (because CSS files lie there also and are also accessed using the mentioned serendipity_getTemplateFile() command.

So I suggest to debug that function to see why file system access fails there. All must be solvable with appropriate php.ini settings and proper path permissions/privileges. Sadly I can't give examples, because I don't have it running.

Best regards,
Garvin

[jdc]

That's the thing, I removed virtually all restrictions from PHP short of turning off safe mode (which I'm not crazy about).

include_path: this is obvious as to what this does for PHP

open_basedir: From the PHP manual:

Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

So, by turning this off, the open_basedir limits go away. And as I understand it, subdirectories of a directory specified by the open_basedir are included.

safe_mode_include_dir: UID/GID checks are bypassed when including files from this directory and its subdirectories (directory must also be in include_path or full path must including).

So by including what I did, there shouldn't be any permissions problems.

I've given up for now and just installed the software into a subdirectory of the users web space directory.

I also had to add a new vhost entry in the SSL settings to get the SSL login working correctly. Previously to doing this, when I tried to log into the SSL protected login page, a different SSL protected vhost would show up.

I am willing to help test things on the shared install, however. It's trivial for me to get another user setup for testing.

What version of PHP is Serendipity developed against anyway? I have seen enough scripts that worked under 4.x that broke under 5.x...

[garvinhicking]

Hi!

That's really strange. Which PHP version are you using? I know there have been buggy PHP releases where open_basedir did not work properly.

I am always using the latest PHP5 version to check my s9y version under. But s9y does not contain any code that breaks on 4.x or 5.x per se...

Regards,
Garvin

[jdc]

Hi!

That's really strange. Which PHP version are you using? I know there have been buggy PHP releases where open_basedir did not work properly.

PHP Version 5.2.3, which is the latest according to the website.

I am always using the latest PHP5 version to check my s9y version under. But s9y does not contain any code that breaks on 4.x or 5.x per se...

The only thing I can think that may be impacting this is how PHP was installed. I'm guessing most do it from a pre-built package vs mine is a compiled from source install. I have to wonder what functions Serendipity makes use of that might be disabled/enabled in a given install.

The only things I can see that might cause failures are "enable-fastcgi", "enable-force-cgi-redirect" and "enable-force-cgi-redirect", but looking at the docs on those options, they shouldn't affect anything.

[garvinhicking]

Hi!

Hm, 5.2.3 should be alright, yes. As I mentioned, I have little experience with SafeMode and don't use shared install for myself.

I have to wonder what functions Serendipity makes use of that might be disabled/enabled in a given install.

s9y only uses default settings and requires only 'session', 'xml/libxml' modules.

s9y runs with fastcgi, but I don't know about those redirect options and what they do.

It must be something in the SafeMode checks from PHP that don't work with the privileges/permissions on your system.

Best regards,
Garvin

[jdc]

s9y only uses default settings and requires only 'session', 'xml/libxml' modules.

*checks the PHP config*

Session support is enabled, as is the libxml stuff.

s9y runs with fastcgi, but I don't know about those redirect options and what they do.

enable-force-cgi-redirect:
This compile-time option prevents anyone from calling PHP directly with a URL like http://my.host/cgi-bin/php/secretdir/script.php. Instead, PHP will only parse in this mode if it has gone through a web server redirect rule.

enable-discard-path:
If this is enabled, the PHP CGI binary can safely be placed outside of the web tree and people will not be able to circumvent .htaccess security

It must be something in the SafeMode checks from PHP that don't work with the privileges/permissions on your system.

It's something with PHP safe mode and the way s9y makes it's calls, I'm sure. Permissions on the filesystem don't enter into it as I tried setting the owner and group to the user who has the blog, the user apache runs under, and even tried setting it to 777 with no sucess.