Question

Virtualmin - post installation

Hi all, Just installed the Virtualmin module into my Webmin. First thing I want to do is disable BIND DNS and mail (for now). However …

… when I click save I get “Failed to save enabled features : Apache configuration file /etc/apache2/mods-enabled/php5.conf contains SetHandler lines that prevent PHP from running with domain owner permissions. These lines must be removed.”

I’m trying to be security conscious here so would appreciate a little help on giving Virtualmin the minimum privileges it needs in order to do what it does. My current php5.conf has these FilesMatch entries <pre>

As far as I understand it, this directive channels requests for PHP files via to PHP engine.

<FilesMatch “.+.ph(p[345]?|t|tml)$”> SetHandler application/x-httpd-php </FilesMatch>

#Not sure what this one is doing <FilesMatch “.+.phps$”> SetHandler application/x-httpd-php-source # Deny access to raw php sources by default # To re-enable it’s recommended to enable access to the files # only in specific virtual host or directory Order Deny,Allow Deny from all </FilesMatch>

#Comment seems self-explanatory

Deny access to files without filename (e.g. ‘.php’)

<FilesMatch “^.ph(p[345]?|t|tml|ps)$”> Order Deny,Allow Deny from all </FilesMatch> </pre> Has anyone got two minutes to give me a steer on what these entries are currently doing and how I should give Virtualmin the necessary minimum privileges. Looks like my issue is with the second block, right?

Thanks Mark


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi Mark!

Your understanding of what the two FilesMatch blocks are doing is correct. The first one is directing the php files to be executed and the second keeps people from downloading the raw php source. Virtualmin adds its own Apache configuration to each “Virtual Server” it creates, so you can comment these out and it should work.

Though this illustrates exactly why I don’t like to recommend panels. They try to take over large parts of the server, and they are sometimes very difficult to properly audit.