Virtualmin - post installation

Posted June 7, 2014 4.6k views
Hi all, Just installed the Virtualmin module into my Webmin. First thing I want to do is disable BIND DNS and mail (for now). However ... .. when I click save I get "Failed to save enabled features : Apache configuration file /etc/apache2/mods-enabled/php5.conf contains SetHandler lines that prevent PHP from running with domain owner permissions. These lines must be removed." I'm trying to be security conscious here so would appreciate a little help on giving Virtualmin the minimum privileges it needs in order to do what it does. My current php5.conf has these FilesMatch entries
# As far as I understand it, this directive channels requests for PHP files via to PHP engine.
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler application/x-httpd-php

#Not sure what this one is doing
<FilesMatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Order Deny,Allow
    Deny from all

#Comment seems self-explanatory
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(p[345]?|t|tml|ps)$">
    Order Deny,Allow
    Deny from all
Has anyone got two minutes to give me a steer on what these entries are currently doing and how I should give Virtualmin the necessary minimum privileges. Looks like my issue is with the second block, right? Thanks Mark

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer
Hi Mark! Your understanding of what the two FilesMatch blocks are doing is correct. The first one is directing the php files to be executed and the second keeps people from downloading the raw php source. Virtualmin adds its own Apache configuration to each "Virtual Server" it creates, so you can comment these out and it should work. Though this illustrates exactly why I don't like to recommend panels. They try to take over large parts of the server, and they are sometimes very difficult to properly audit.