HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


A different way to install

Login / Search

 [ Join | More ]
 Add topic 
Posted
Rating:
#49770 (In Topic #10850)
Avatar

Fan in action

not a silly question but I cannot find a better place...

Encouraged by fast and friendly reactions from Chris Graham to my first questions (both on the forum and by email) I decided to install ocP on my server to try it out. The problem there is that the installation instructions (in teh Basic Installation Tutorial: ocPortal Tutorial: Basic Installation - ocPortal.com) although clear by themselves, make assumptions about the target system that don't apply in my case. For instance that the software will be installed on shared hosting, and that FTP is available one way or another.

Neither are the case for me: I have a VPS (CentOS, with full shell and root access), and run a pretty secured system. That means, among other things, that FTP, being inherently insecure is not allowed at all. SSH and SFTP are, but there is no root login either, and login is allowed from a very few specific IP addresses. Of course, having root access to the system, downloading a package to my local computer, extracting all files, and then uploading them one by one - even over SFTP - is rather silly, and would indeed take a long time. So I'll describe what I did so far:
  • logged in and changed to the super user
  • I download software into /usr/local/src so I changed to that directory
  • then I did

    Code (bash)

    wget http://ocportal.com/site/dload.php?id=246
    that went pretty fast because the server has a fast connection and I only need to download the archive, not all files individually
  • that gave me a file called 'dload.php?id=246' so I renamed it to what you'd get when downloading with the browser:

    Code (bash)

    mv 'dload.php?id=246' ocportal_manualextraction_installer-4.1.9.zip
  • next, I created a directory for the target virtual host to install ocP into:

    Code (bash)

    mkdir /home/<user>/domains/<domain>/public_html/ocp
    and changed to that directory
  • the next step was to unzip the downloaded archive:

    Code (bash)

    unzip /usr/local/src/ocportal_manualextraction_installer-4.1.9.zip
  • all files in place, the next task was to get the permissions right; I had a look at the provided fixperms.sh. Now I'm no expert at bash scripting (or not yet ;)) but it looked as if it was going to change everything that needed permissions set to 777 (write permissions for all); but I run Apache with suexec and PHP as an Apache module, so permissions 744 and 644 as described in the Basic Installation Tutorial should apply, and I don't like to give more permissions than needed. So I decided to edit fixperms.sh, and came up with the following variant: (attached - I cannot get code to display in a multi-line box - at least not within a list :() The main code here sets permissions to 744 (instead of a+w giving write permission to all), but an added command sets 644 for files as mentioned in the tutorial, and another sets 600 for info.php (which I removed from the long list for 744); I saved the result as fixperms2.sh
  • that seemed to have worked but I found I could not run it: the script needs to be executable as well:

    Code (bash)

    chmod o+x fixperms2.sh
    for owner only, because I'm still super user and am going to run it as superuser
  • I then could run the script
  • one important final step: the files need to be owned by the virtual host user, not root; still in the ocp source directory:

    Code (bash)

    chown -R <user>:<group> .
That's how far I am - it all worked, and I hope I interpreted the tutorial correctly for my situation. I have not tried running the installer wizard yet!

If anyone can spot any major flaws in my thinking, I'd appreciate to hear from you!



(BTW, I found two other shell scripts in the ocp directory decache.sh and roadsend.sh: they will, of course, also have to be made executable in order to be able to run them.)

P.S formatting a numbered list with blocks of code inside it too hard - quite a bit of room for improvement here! There should one numbered list with 10 steps above. Several times teh list, or bits of it, reverted to an unordered list. I give up trying to get ti back to a numbered list!

Attachment
fixperms2.sh
» Download: fixperms2.sh.txt (1.24 Kb, 213 downloads so far)

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49772
Avatar

Thanks for sharing :). That all looks good.

The info.php permission setting is good. I don't think the other lines are actually necessary – most Linux set ups will have a "umask" that already has these permissions, and your chown will make them work.

P.S formatting a numbered list with blocks of code inside it too hard - quite a bit of room for improvement here! There should one numbered list with 10 steps above. Several times teh list, or bits of it, reverted to an unordered list. I give up trying to get ti back to a numbered list!

For this case the 'list' tag is needed instead of the compressed syntax. That's in the docs but you'd have to read them all to see that, so I'll clarify.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#49773
Avatar

Fan in action

Chris Graham said

Thanks for sharing :). That all looks good.

The info.php permission setting is good. I don't think the other lines are actually necessary – most Linux set ups will have a "umask" that already has these permissions, and your chown will make them work.
Thanks, Chris.

So… I took the next step: trying to actually install. But now I'm running into problems!

First, I went to http://<domain>/ocp/ - yes, I know the doc says to go to http://<domain>/ocp/install.php but I wanted to see what would happen. Would it redirect me to the installer? (that's what I would expect, since that's what some apps do: if they detect the installer hasn't run yet, they redirect to the installer). Well, it didn't redirect but gave me an error message:

ocPortal error

The top-level configuration file (info.php) is either not-present, empty, or corrupt. This file is created upon installation, and the likely cause of this error is that ocPortal files have been placed, yet installation not completed. To install ocPortal, run the installer.

Details here are intended for the website/system-administrator, not for regular website users. If you are a regular website user, please let the website staff deal with this problem.

Depending on the error, and only if the website installation finished, you may need to edit the installation options (the info.php file).

ocProducts maintains full documentation for all procedures and tools. These may be found on the ocPortal website. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.

All right… so I went to http://<domain>/ocp/install.php - but instead of the installer starting, I now get a different error message:

ocPortal error

This is a relayed critical error, which means that this less-critical error has occured during startup, and thus halted startup.

Details here are intended for the website/system-administrator, not for regular website users. If you are a regular website user, please let the website staff deal with this problem.

Depending on the error, and only if the website installation finished, you may need to edit the installation options (the info.php file).

ocProducts maintains full documentation for all procedures and tools. These may be found on the ocPortal website. If you are unable to easily solve this problem, we may be contacted from our website and can help resolve it for you.

(in fact, it seems it quickly redirected me to http://<domain>/ocp/install.php?skip_disk_checks=1 but with the same result.)

Inside the error message, "edit the installation options" is a link to http://<domain>/ocp/config_editor.php - so I tried that. Yes, I know it says "only if the website installation finished" but it did give me a clue, because now I got a very different error message: not from ocP but from PHP:

Warning: require_once(/home/opensite/domains/ooosite.nu/public_html/o
cp/info.php) [function.require-once]: failed to open stream: Permission denied in /home/opensite/domains/ooosite.nu/public_html/ocp/config_edi
tor.php on line 44

Fatal error: require_once() [function.require]: Failed opening required '/home/<user>/domains/<domain>/public_html/ocp/info.php' (include_path='.:/usr/local/lib/php') in /home/<user>/domains/<domain>/public_html/ocp/config_editor.
php on line 44

So, apparently config_editor.php cannot open info.php but:

  • info.php is chowned by the virtual server's <user>:<group>
  • the permission is 600 (-rw——-)
  • Apache 2 runs for the virtual server with SuexecUserGroup <user> <group> (the same user and group)

It all matches (I just double checked).

I suspect the installer install.php ran into the same problem, it just didn't tell me exacty what the problem was. I just don't understand why there is a permissions problem at all.

Just for laughs, I (temporarily) set permissions for info.php to 777. Strangely, install.php gives me still the same error (permissions problem on another file??), but config_editor.php no longer complains and starts, showing a form asking for a master password.

It would help if install.php gave me a more specific error message. Not so easy to find how to make it do that - it's quite a large script, and the text "This is a relayed critical error" doesn't occur in that file. :(

Chris Graham said

P.S formatting a numbered list with blocks of code inside it too hard - quite a bit of room for improvement here! There should one numbered list with 10 steps above. Several times teh list, or bits of it, reverted to an unordered list. I give up trying to get ti back to a numbered list!

For this case the 'list' tag is needed instead of the compressed syntax. That's in the docs but you'd have to read them all to see that, so I'll clarify.
Thanks - noted. Although I'm an RTFM person, I did admittedly not read all of the Comcode docs.  :$

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49775
Avatar

Hi,

I think the installer is failing to read at least something, probably fundamental and needed to display proper errors.

The info.php write situation is a big clue.

This simple PHP script will tell you what the user ID PHP is running as:

Code

<?php
echo posix_getlogin();
?>
it's worth running because evidence suggests it's not what you think.

I have put this down for us to investigate, to see if we can produce a proper error message for the situation.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#49783
Avatar

Fan in action

Chris Graham said

This simple PHP script will tell you what the user ID PHP is running as:

Code

<?php
echo posix_getlogin();
?>
it's worth running because evidence suggests it's not what you think.
Oh, what fun! That little script returned exactly nothing! It's now grown to this:

Code

<?php
// current error reporting
echo 'error reporting: '.error_reporting().'<br />';
// Report all PHP errors
error_reporting(E_ALL);
echo 'error reporting now: '.error_reporting().'<br />';

// show user PHP runs as
echo 'login name: '.posix_getlogin().'<br />';
echo 'real userid: '.posix_getuid().'<br />';
?>
(The error reporting stuff is there because with the new stuff they put on my VPS, basic PHP config might have been changed as well…)

Even with error reporting set to E_ALL there was no output for posix_getlogin(). The posix_getuid() did produce output: user ID 48.

I looked that up, and found it was - just as I feared! - user Apache. Which has shell /sbin/nologin which explains why posix_getlogin() did not produce any output!

I don't know why the SueexecUserGroup directive doesn't work (apparently) but I'm not going to dig into that now. I should be able to solve it for now by setting permissions at group level - or so I thought. Nope.

I ended up running the original fixperms.sh (after making it executable) so everything I'd set at 744 would now be writeable by all. Still no joy. My next step was to set everything writeable by all … and still I got the same error message from install.php.

Final desperate step: chmod everything to 777 (not good, but!). And now, finally, I get the startup-screen from the installer. And it tells me (in red):
An important PHP function, exec, has been intentionally disabled on this web server. This essentially means the PHP language isn't fully available on this server - you may not be able to use ocPortal on it, depending on how the specific function is used.

Now what? Does ocPortal really need exec()?

I don't even understand how it's been disabled, because PHP docs tell me:
Runtime Configuration

This extension has no configuration directives defined in php.ini.
… and it's part of PHP core. Maybe at the Apache level (I really hate suddenly having to deal with a different Apache version that I didn't ask for!).

I'll dig some more…

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49786
Avatar

Fan in action

OpenSite said

I don't even understand how it's been disabled, because PHP docs tell me:
Runtime Configuration

This extension has no configuration directives defined in php.ini.
… and it's part of PHP core. Maybe at the Apache level (I really hate suddenly having to deal with a different Apache version that I didn't ask for!).

I'll dig some more…
Well, that part about php.ini is misleading. I went yahooing and found many references to "hosts" disabling exec(). And finally found that it is done in php.ini - by means of the disable_functions directive.

So was that in my php.ini? Yup. And I didn't put it there: my original version had just

Code

disable_functions =
Checking to see what else needs to be changed back…

New Apache, new PHP config - no wonder I'm a bit lost! This is going to be a "need more coffee" day  O_o

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49787
Avatar

'Exec' isn't "really" needed, but might be used if there's no PHP ZIP support or PSPELL support. If it is used, it's only in certain circumstances.

The PHP "disable_functions" (or "disabled_functions" – not sure off hand) option sets these.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#49798
Avatar

Fan in action

Chris Graham said

'Exec' isn't "really" needed, but might be used if there's no PHP ZIP support or PSPELL support. If it is used, it's only in certain circumstances.
Thanks, Chris, good to know.

The PHP "disable_functions" (or "disabled_functions" – not sure off hand) option sets these.
I've disabled disable_functions by removing the whole string of function names. ;) It might cause problems with other software (including my own) as well.

Meanwhile I've now managed to install ocP (yay!) and I'm at the Setup Wizard.  :thumbs:

Still running with too-generous file permissions though, because I haven't yet found out why Apache suEXEC doesn't kick in. I did a bit of reading, found that suexec needs to be present, owned by root, and have the setuid bit set - but all that is true!

In conclusion, it seems my install method was correct if suexec is active, and if exec is available - the problems I ran into had nothing to do with ocPortal (apart from a more precise error message), only with server configuration which actually surprised me (hmm). So, positive overall (just a little frustrating). :cool:

For now, I just want to go through the Setup and then see what a nice new toy I have. :D I may have some really silly questions then!

Marjolein Katsma
follow me on identi.ca
Back to the top
 
Posted
Rating:
#49801
Avatar

Glad it's working now. I'd explain why suexec wasn't working if I knew anything, but I'm afraid I have no personal experience configuring that by hand.


Become a fan of ocPortal on Facebook or add me as a friend. Add me on on Twitter.
Was I helpful?
  • If not, please let us know how we can do better (please try and propose any bigger ideas in such a way that they are fundable and scalable).
  • If so, please let others know about ocPortal whenever you see the opportunity.
  • If my reply is too Vulcan or expressed too much in business-strategy terms, and not particularly personal, I apologise. As a company & project maintainer, time is very limited to me, so usually when I write a reply I try and make it generic advice to all readers. I'm also naturally a joined-up thinker, so I always express my thoughts in combined business and technical terms. I recognise not everyone likes that, don't let my Vulcan-thinking stop you enjoying ocPortal on fun personal projects.
  • If my response can inspire a community tutorial, that's a great way of giving back to the project as a user.
Back to the top
 
Posted
Rating:
#49847
Avatar

Community saint

Opensite what do you think of the idea of having an auto proceed in the quick installer?
I mean after you put in all the info and it just has several screen where it it just tells you what it installed and you have to hit proceed to go to the next thing.

I honestly think it would be awesome to have it auto proceed like other scripts.
So after seeing this thread I thought I would ask you what you thought of my idea.

Oh and as far as I know Chris is not going to add it as I have requested it and probably more then once.
 :(

I run http://otakuplayground.com and am hopping to make themes and other things for ocportal even though I no longer use it for otakuplayground.com I still love it and feel it could go far with the right help. It needs themes and needs people to advertise for it.
Back to the top
 
There are too many online users to list.
Control functions:

Quick reply   Contract

Your name:
Your message: