Sunday, 2 March 2008

Manage webspace with Hostsharing

I am a member of Hostsharing eG, which is a German company owned by its members with the aim to take the idea of Open Source to Webhosting. You don't need to worry about backups or availability, because the webmasters do it all for you. But you still have SSH access and many other powerful tools to manage your applications that are running on the server.

Recently I had to fight off an intruder who had used a security leak in one of my php applications. He had added 700 MB somewhere, the quota command showed it, but all calls of du did not show the files. Finally I realised I have to run find / -group pac00 which shows all files that belong to my own user or my subusers, who all belong to the group e.g. pac00.

Another issue that I often have is that some files are created with PHP and they belong to user httpd. That means they don't show up at all on the quota command, which is not fair for the other users, because everyone has to pay for the used webspace.
The first step is to actually find those files. I have written the script pac-du-httpd, which goes through all the users' directories and prints the filenames that are owned by httpd to a file, and also prints the overall sum size of those files. You can find the file here: pac-du-httpd.sh

The next step is to change the ownership of those files. On the support mailing list (yes, Hostsharing eG has as much open communication as any other Open Source project) there is a very useful explanation of how to delete such files:
Support Anleitung
The basic idea is: first run the script as normal PHP with user httpd, and change the file permissions so that everybody can change them, and then to run the script again, to delete the file.
In my situation though I don't want to delete the file, but would like to change the permission. I finally got this solution to work:
<?php
# first run as php file with httpd, to give permissions (chmod 0666) then run with cgi to recopy the file

$dh = opendir('./');

while( ($file = (readdir($dh))) !== FALSE )
{
if ($_SERVER["ORIG_SCRIPT_NAME"] == '/cgi-bin/phpstub')
{
copy ($file, $file.".tmp");
unlink ($file);
copy ($file.".tmp", $file);
unlink ($file.".tmp");
}
else
{
chmod($file, 0666);
}
}
?>

I first run the script to change the file permissions, and then I run it again via CGI so that it runs for the user that the files should belong to. I make a copy of the file, delete the original, and rename the copy back. This works perfectly. And for the future, I will let the PHP always run via CGI (see also Hostsharing documentation on PHP via CGI)

Another useful tool is pac-du-quota, which is referenced from the Hostsharing Documentation on Webspace.
I have extended it to also list the size of the MySQL databases, which is in my case also quite a bit of data...
Insert this in the function collectSpace just before "#Wenn User exisiteren aufsammeln":
# Mysql Datenbanken
for DB in /var/lib/mysql/${PAC}_*; do
let COUNTER=COUNTER+1
TEMP=`du -s "$DB"`
SPACE[$COUNTER]=`echo $TEMP | sed -e 's/\([^ ]*\).*/\1/g'`
NAME[$COUNTER]="Mysql_`basename $DB`"
done

No comments: