Blog

Extending PHP Selector - Part II: Pecl modules

If you have decided that you want to build your own PHP extension for your customers to use, you might want to do it for each and every supported version of PHP that you have installed. While you donít have to do that, by installing it for all versions will remove questions that might come up from someone who wants to switch from one version of PHP to another.

The PHP module installation process for alt-php is the same as you would do for standard PHP installation. The only difference is that you have to explicitly use correct version of phpize. Like for PHP 5.2, you would use alt-phpize command /opt/alt/php52/usr/bin/phpize instead of system one, and after compilation finished:
- add ini files for modules to /opt/alt/php52/etc/php.d.all
- add so files to /opt/alt/php52/usr/lib/php/modules
- execute cagefsctl --setup-cl-selector

And do the same for every php version this module should be available.

There is an alternative to that process: Contact our support department at helpdesk.cloudlinux.com, and in most cases we will package that PHP extension into alt-php within one or two weeks.

Updates for alt-php released to production

New version of PHP5.3 that includes security fix for XML parser had been released. Other changes includes updates to various PHP extensions.

Changelog:
  • Symfony 2.3.1
  • radius - 1.2.7
  • XCache - added 3.0.3 version as xcache_3
  • PHPUnit/DbUnit - 1.2.3
  • PHPUnit/FinderFacade - 1.1.0
  • PHPUnit/hphpa - 1.3.0
  • PHPUnit/PHP_CodeCoverage - 1.2.12
  • PHPUnit/phpcpd - 1.4.1
  • PHPUnit/PHPUnit - 3.7.22
  • PHPUnit/PHPUnit_Selenium - 1.3.1
  • PHPUnit/PHPUnit_SkeletonGenerator - 1.2.1
  • PHPUnit/PHPUnit_Story - 1.0.2
  • PHPUnit/Version - 1.0.1
  • PHP Version 5.3.27
  • Core:
    • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
    • Fixed bug #64960 (Segfault in gc_zval_possible_root).
    • Fixed bug #64934 (Apache2 TS crash with get_browser()).
    • Fixed bug #63186 (compile failure on netbsd).
  • DateTime:
    • Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
  • PDO_firebird:
    • Fixed bug #64037 (Firebird return wrong value for numeric field).
    • Fixed bug #62024 (Cannot insert second row with null using parametrized query).
  • PDO_pgsql:
    • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
  • pgsql:
    • Fixed bug #64609 (pg_convert enum type support).
  • SPL:
    • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
  • XML:
    • Fixed bug #65236 (heap corruption in xml parser).

To update:

$ yum groupupdate alt-php

Beta: kernel-2.6.32-458.6.2.lve1.2.30

The new beta version of the kernel includes everything in lve1.2.29 version as well as rebase to upstream 042stab078.28. We are planning to release this version to production later this week.

To update CL6 servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.30.el6 kmod-lve-1.2-30.el6 --enablerepo=cloudlinux-updates-testing

To update Hybrid servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.30.el5h kmod-lve-1.2-30.el5h --enablerepo=cloudlinux-hybrid-testing

helpdesk.cloudlinux.com will be down on July 16, 2013 from 3 to 4am EST.

CloudLinux HelpDesk will be under maintenance 3:30-4.00 EDT 07.16.2013.

Beta: CageFS 5.0-7

The new release fixes issued introduced in previous CageFS beta 5.0-6 where php.ini wasn't moved correctly for all users into a new location.

Changelog:
  • Bugfix: install-cagefs-plugin.py: correctly move php.ini to new location

To update:
$ yum update cagefs --enablerepo=cloudlinux-updates-testing

Beta: alt-php PHP53 updated to 5.3.27

New version of PHP5.3 is available for testing. It includes security fix for XML parser.

Changelog:
  • Core:
    • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC).
    • Fixed bug #64960 (Segfault in gc_zval_possible_root).
    • Fixed bug #64934 (Apache2 TS crash with get_browser()).
    • Fixed bug #63186 (compile failure on netbsd).
  • DateTime:
    • Fixed bug #53437 (Crash when using unserialized DatePeriod instance).
  • PDO_firebird:
    • Fixed bug #64037 (Firebird return wrong value for numeric field).
    • Fixed bug #62024 (Cannot insert second row with null using parametrized query).
  • PDO_pgsql:
    • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error).
  • pgsql:
    • Fixed bug #64609 (pg_convert enum type support).
  • SPL:
    • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems).
  • XML:
    • Fixed bug #65236 (heap corruption in xml parser).


How to update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Extending PHP Selector - Part I

PHP Selector packages wide number of PHP extends, but sometimes you might want to add one more.

You can install additional PEAR packages serverwide by running /opt/alt/phpXX/usr/bin/pear command line tool, where XX is php version you need a package for. For example to install Auth package for php52 you would do:
/opt/alt/php52/usr/bin/pear install Auth

Checking if the package is installed from the user side is also easy - enter int cagefs for that user:
cagefsctl --enter USER

and check if package is visible:
/opt/alt/php52/usr/bin/pear list | grep Auth

By default, PEAR packages are installed to /opt/alt/phpXX/usr/share/pear directory. To make sure that those packages are available to web applications the path should be included with your php.ini. You can check include_path from phpinfo() page. If path is not there, you may need to edit /opt/alt/phpXX/etc/php.ini and add something like:
include_path = ".:/usr/share/pear:/opt/alt/phpXX/usr/share/php:/opt/alt/phpXX/usr/share/pear"

Beta: alt-php updates: xcache3, radius 1.2.7, PHPUnit, Symfony2.3.1,

New updates for alt-php extensions had been pushed to beta .

Changelog:
  • Symfony 2.3.1
  • radius - 1.2.7
  • XCache - added 3.0.3 version as xcache_3
  • PHPUnit/DbUnit - 1.2.3
  • PHPUnit/FinderFacade - 1.1.0
  • PHPUnit/hphpa - 1.3.0
  • PHPUnit/PHP_CodeCoverage - 1.2.12
  • PHPUnit/phpcpd - 1.4.1
  • PHPUnit/PHPUnit - 3.7.22
  • PHPUnit/PHPUnit_Selenium - 1.3.1
  • PHPUnit/PHPUnit_SkeletonGenerator - 1.2.1
  • PHPUnit/PHPUnit_Story - 1.0.2
  • PHPUnit/Version - 1.0.1


How to uodate:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

Beta: CL6 & hybrid kernel 2.6.32-458.6.2.lve1.2.29.el6

New beta kernel is available. The kernel fixes performance issue for servers with 1000+ clients on it. The performance improvement might be especially pronounced on servers with 5,000+ clients.
It also fixes the issue introduced in lve1.2.17.1 kernel that would allow some heavy IO usage customers to burst & use more than allocated limit.

Changelog:
  • Scheduler no longer calls update_h_load
  • iolimits latency value is now configurable and off by default


To update CL6 servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.29.el6 --enablerepo=cloudlinux-updates-testing

To update Hybrid servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.29.el5h --enablerepo=cloudlinux-hybrid-testing

CLN Scheduled Maintenance on July 11, 3am to 7am EDT

We are planning to upgrade our CLN server on July 11. The CLN server will be unavailable from 3am to 7am EDT. At that time you will not be able to register new servers as well as update or install any new packages.

Sorry for the inconvenience.

Beta: CageFS 5.0-6

New beta verison of CageFS is out.


Changelog:
  • Bugfix: cagefsctl --remove-cl-selector, cagefsctl --cl-selector-reset-versions, cagefsctl --cl-selector-reset-modules: do not fail when /etc/cl.selector/defaults.cfg does not exist (bugfix)
  • cagefsctl: write all uncaught exceptions to syslog
  • Plesk Bugfix: cagefsctl --enter: mount CageFS for the user when needed
  • cPanel: speed up cagefsctl --force-update: mount additional directories for cPanel instead of copying them to cagefs-skeleton. Added /usr/local/cpanel/3rdparty/bin/php*, /usr/local/cpanel/3rdparty/bin/perl*, /usr/local/cpanel/3rdparty/bin/python to CageFS
  • cPanel: added /usr/local/cpanel/3rdparty/bin/php to CageFS
  • cPanel: register CageFS plugin via appconfig in cPanel 11.38.1+ (CAG-171)
  • Bugfix: cagefsctl: do not aquire lock when executing --remount, --enable, --disable, --mount-skel, --unmount-skel
  • native php.ini has been moved from /usr/share/cagefs-skeleton/selector/php.ini to /usr/share/cagefs-skeleton/selector.etc/php.ini (required for ability to substitute php.ini via custom.etc)
  • ISPManager: API bugfix
  • Bugfix: properly handle write errors to user directory when user is over quota, so files will not be truncated
  • Bugfix: always write setting of socket for rsyslog
  • Added spelling packages to CageFS
  • Bugfix: litespeed configuration failed (CAG-169)
  • Added hooks for CageFS in DirectAdmin (CAG-141)
  • Added conflict with LVE Manager < 0.6-18


To update:
$ yum update cagefs --enablerepo=cloudlinux-updates-testing

Beta: LVE Manager 0.6-18, lve-stats 0.10-4

Updated versions of LVE Manager and LVE Stats are available:

Changelog
  • cPanel: fixed incorrect time parameter which is passed to lveps by lvetop
  • added stub file for phpinfo
  • added base64 encoding key-value pairs of php.ini options
  • fixed truncation of files when it is impossible to write to them (when account over the quota)
  • Plesk: fixed incorrect system user picking
  • Plesk: fixed unsetting array in the whole instead of first element and attempt to find a key in string in selectUserOpt.php
  • lvechart: get lve version from databse (do not call lvectl)


To update:
$ yum update lvemanager --enablerepo=cloudlinux-updates-testing

PHP Selector and restricting PHP functions

We are often asked how to prevent particular php function from being used by all clients. This is especially true about functions like exec, passthru, etc... This is something that can be easily done with php-selector. Your customers are only allowed to modify directives listed in /etc/cl.selector/php.conf file. For example if you want to block system command like 'exec' for php53 you have to add 'disable_functions=exec' in /opt/alt/php53/etc/php.ini file. As long as this directive is absent in /etc/cl.selector/php.conf file, users will not be able to use 'exec' in their scripts.

Do you want a quick check of what directives your users may customize? Execute the following command as root on your server:
# grep Directive /etc/cl.selector/php.conf

Yet, trying to secure your hosting with php.ini is wrong approach. It might work for php processes, but it will not work for CGI scripts. The secure environment is already established by CageFS which limits what processes can see or do to only safe actions.

CL6 and Hybrid kernel 2.6.32-458.6.2.lve1.2.28

This kernel is re-base to latest upstream kernel 042stab078.27, that includes similar fix as the one in the kernel released yesterday. If you have already updated to that kernel yesterday, there is no need to update.

If you are still running lve1.2.17.1 or older kernel, update is highly recommended.

To update:
$ yum update kernel

Security Advisory: CloudLinux 5.x kernel 2.6.18-448.4.1.el5.lve0.8.69.1 is out

The new kernel provide a fix for recently found DoS vulnerability found by Patrick H. from SYN Hosting and Steven Ciaburri from Rack911.com.

Changelog:

To update:
$ yum update kernel

Security Advisory: CL 6 and Hybrid kernel kernel-2.6.32-458.6.2.lve1.2.26.1

The new kernel provide a fix for recently found DoS vulnerability found by Patrick H. from SYN Hosting and Steven Ciaburri from Rack911.com.

Changelog:

To update:
$ yum update kernel

PHP Selector: How to adjust php values and where they are stored

Do you have questions about how php-selector works or how to customize php for your needs? We will try to answer them in next few posts.

PHP Selector is a CloudLinux component that sits on top of CageFS and allows each user to select PHP version & modules based on the customer's needs

Global PHP defaults for PHP Selector - php version and enabled modules are configured in /etc/cl.selector/defaults.cfg .

Default values are one applied for all users and are active as long as they are not changed by use. They are set in /opt/alt/phpXX/etc/php.ini file, where XX is the php version. For example, default php.ini for php 5.3 will be /opt/alt/php53/etc/php.ini . The settings from that file will not be overwritten with the next update, so that is the place where you should set your customized values like timezone or disable_functions, etc...

Users can change php values using control panel interface. By doing that, new /etc/cl.php.d/alt-php52/alt_php.ini file will be generated (path accessible only from inside of CageFS and will have different file for each user). Settings in that file will overwrite settings from php.ini . The exhaustive list of directives and values that customers are allowed to change are set in /etc/cl.selector/php.conf file.

The command cagefsctl --rebuild-alt-php-ini rebuilds customers alt_php.ini files, based on custom values from /home/USER/.cl.selector/alt_phpXX.cfg.

Checking current PHP version for any specific customer could be done with /usr/bin/cl-selector --current=php --user=USERNAME command.

Administrator may force update of any individual php.ini settings using /usr/bin/piniset tool.

Example command to change upload maximum filesize value would be:

/usr/bin/piniset -r 'upload_max_filesize:16M' -u USERNAME

You may find more information in our documentation at http://docs.cloudlinux.com/index.html?php_selector.html

PHP Selector -- new versions of alt-php released

We have moved updated version of alt-php to production. This includes update to PHP 5.5 stable


Changelog:
  • alt-php53 - updated to 5.3.26
  • alt-php54 - updated to 5.4.16
  • alt-php55 - updated to 5.5.0
  • add alt-php44 - 4.4.9
  • added ZendGuardLoader 6.0.0 for alt-php54
  • Libraries added: alt-libxml2 - 2.9.1, alt-pcre - 8+, alt-libharu - 2.2.1
  • Extensions added: haru, radius
  • Extensions updated:
  • gender - 1.0.0
  • timezonedb - 2013.3
  • xdebug - 2.2.3
  • zendopcache - 7.0.2
  • mongo - 1.4.1
  • ioncube-loaders - 4.4.1



To update:
$ yum groupupdate alt-php

Beta: alt-php with PHP 5.5 stable support

I am happy to announce beta of alt-php with PHP5.5 support. If testing goes well, we plan to move it to production tomorrow.


Changelog:
  • alt-php55 updated to 5.5.0 stable
  • ioncube-loaders updated to 4.4.1
  • PECL radius updated to 1.2.6


To update:
$ yum groupupdate alt-php --enablerepo=cloudlinux-updates-testing

beta: lve-utils 1.2-12

New beta version of lve-utils is available.


Changelog:
  • Added sys.stdout.flush() for error exception on lvectl list | head(tail) (bugfix).
  • cldetect --set-nagios. Automatically detect/whitelist nagios when installing lve-utils.
  • lvectl delete does not delete LVE configuration from ve.cfg when lve_id not in /proc/lve/list (bugfix).
  • Performance optimization for DirectAdmin user package functions.


To update:
$ yum update lve-utils --enablerepo=cloudlinux-updates-testing

Beta: CL6/Hybrid kernel-2.6.32-458.6.2.lve1.2.27.el6

New beta kernel for CL6/Hybrid is available. The kernel is rebase to latest stable kernel from upstream provider 2.6.32-042stab078.26

The is no other changes in the kernel - but we want to make sure there is no side effects before we push it into production.

To update CL6 servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.27.el6 --enablerepo=cloudlinux-updates-testing

To update hybrid servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.27.el5h --enablerepo=cloudlinux-hybrid-testing

Beta: lve-stats 0.10-1

New beta version of LVE stats is available. The version changes the way compacting done in multi-server setup which is needed by companies logging LVE statistics to central server.

Changelog:
  • lvechart: changed shebang construction to work with new cpanel panels
  • edirect errors to /dev/null on install to prevent messages about wrong kernel being loaded
  • New compacting algorithm for multi-server setup
  • Changed everywhere username field from TEXT to CHAR(64)
  • Added redis support for LVE to username resolution

To update:
$ yum install lve-stats --enablerepo=cloudlinux-updates-testing

Beta: MySQL Governor 1.0-8

New version of MySQL Governor available from our beta repository. This release has multiple bug fixes and minor improvements.


Changelog:
  • Added SHOW FULL PROCESSLIST instead SHOW PROCESSLIST on restrict
  • Fix error on service mysql restart when mysql wouldn't restart
  • Fix for dbctl unrestrcted-all command
  • Fix for dbctl restrict command
  • Added symlink /etc/init.d/mysqld to /etc/init.d/mysql
  • Added check for mysql from file on mysqlclient install
  • Added support of mariadb 5.5.30-17
  • Fixed MySQL version for cPanel
  • Added "Database backup" instruction
  • Fixed db-update for Plesk

To install:
$ yum install governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/mysqlgovernor.py --install


To upgrade:
$ yum update governor-mysql --enablerepo=cloudlinux-updates-testing
$ /usr/share/lve/dbgovernor/db-update.py

CageFS 5.0-5 - security release

The new version provides security update for two security vulnerabilities. One of the vulnerabilities is for WHM/cPanel, and requires Reseller access to the server. Special thanks to Patrick H. from SYN Hosting and Steven Ciaburri from Rack911.com for discovering the vulnerability

Changelog:
  • security fix for cPanel preventing privilege escalation by reseller.
  • fix permissions and ownership of suphp/suexec binaries for InterWorx


To update:
$ yum update cagefs

Beta: New CL6 kernel 2.6.32-458.6.2.lve1.2.26

New kernel features rebase to upstream 042stab078.22 kernel. As this kernel is based on latest stable upstream kernel, we will try to push it to production within the next couple of days. Please, make sure you have tested in your environment.


To update CL6 servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.26.el6 --enablerepo=cloudlinux-updates-testing


To update Hybrid servers:
$ yum install kernel-2.6.32-458.6.2.lve1.2.26.el5h --enablerepo=cloudlinux-hybrid-testing

Pages: Prev. | 1 | ... | 4 | 5 | 6 | 7 | 8 | ... | 19 | Next