Softaculous

Topic : WordPress MU in Softaculous


Page 2 of 2<<<12All

Posted By: alons on November 30, 2009, 1:16 pm | Post: 15
Hi,

All plugins run CRON as root.
Its required as all the folders are either owned by ROOT or admin.
The ownership varies as per various panels.
Its root in cPanel and admin in Direct Admin and so on.

Sir if you think that CRON should run as a different user then please suggest which user should it run as ?

Regards,
Alons


-----------------------
For immediate support please email us at our Support email address. PMs sent to any Softaculous Team member or posting in the forums is not the official way to get support.

Virtualizor - The Next Generation VPS Panel
Webuzo - It is Softaculous Standalone for Enterprises, SMB, Developers. Deploy it on Dedicated Servers, VPS, Virtual Appliances or the Cloud
Pinguzo - Server and Domain Monitoring tool
PopularFX - Marketplace of WordPress, Drupal, Joomla, Bootstrap themes
Remote Installer - Use Softaculous over FTP/FTPS/SFTP

Posted By: andser on November 30, 2009, 2:59 pm | Post: 16
I'm using DirectAdmin as the CP.
There are threads in this forum that some scripts can not be updated/upgraded.

Lets look a bit closer in to the chain of the events -
Scenario 1:
  1. Cron job is being fired as root.
  2. Cron downloads a script.
  3. For some reason will not populate (unzip) in the /var/softaculous directory
  4. Cron job sends a failure report to the administrator.
  5. Admin logs in and tries to update the script.
  6. Update will fail as there is a zipped script already owned by root and can not be overwritten by the admin user.
Scenario 2:
  1. Cron job is being fired as root.
  2. Cron downloads a script.
  3. Cron populates (unzip) a sript in the /var/softaculous directory
  4. Cron job sends a success report to the administrator.
  5. Admin logs in and tries to apply a new update latter on for the same script but never version.
  6. Update will fail as the target directory is owned by root and can not be overwritten by the admin user.


As a precautionary measure I wrapped cron job to do the following:
1. Remove exiting zip files from /var/softaculous
2. Change ownership permissions on all directories and files to the admin user inside the /var/softaculous directory.

Hope this helps.



Edited by andser : November 30, 2009, 3:01 pm

Posted By: alons on November 30, 2009, 3:14 pm | Post: 17
Hi,

Sir you have a good knowledge of the Process.
And you are right on the problems you have pointed.

Please read some points I make as follows:
1) You are right on the Direct Admin bug and we have provided a solution for it in 2.3
When the CRON is run it will update the ROOT Folders to the user 'admin' . This will remove the Upgrade failures from the Admin Panel.

There is no Security Threat if the CRON runs as ROOT. Some aspects require ROOT Privilieges as well.

2.3 is scheduled for release in this week.

If you want any further clarifications i would be glad to help.

Regards,
Alons

Edited by alons : November 30, 2009, 3:21 pm

-----------------------
For immediate support please email us at our Support email address. PMs sent to any Softaculous Team member or posting in the forums is not the official way to get support.

Virtualizor - The Next Generation VPS Panel
Webuzo - It is Softaculous Standalone for Enterprises, SMB, Developers. Deploy it on Dedicated Servers, VPS, Virtual Appliances or the Cloud
Pinguzo - Server and Domain Monitoring tool
PopularFX - Marketplace of WordPress, Drupal, Joomla, Bootstrap themes
Remote Installer - Use Softaculous over FTP/FTPS/SFTP

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.