Please just all stop it. Now. D'ya hear? Fed up with stupid sniping.

I switch off my "let's interpret the tone" sensor and just read the words. I strongly recommend you do too.

I value Lee's posts always. If I knew as much as he did, then maybe I'd feel able to criticise his input. But I don't. So I read his stuff and I learn.

Your support query landed on my plate. Checked it quickly and it looks like it is a server configuration problem. The CGI user doesn't have permission to open the file. I would suggest instead of the permissions check the effective users and groups on the server.

Hi,

These are the ownerships on the website;

public_html 0755 : owner <username> group <nobody>

that has been confirmed as correct by cPanel

cgi-bin 0755 : owner <username> group <username>

acatalog 0777 : owner <username> group <username>

all the files in the cgi-bin are 0755 : owner <username> group <username>

The server runs the scripts as 'nobody' this is standard when using DSO as the PHP handler.

Does actinic require Suexec/SuPHP to be enabled for it to run properly?
I have been told by support that it doesnt, which is why I havent enabled it.

But I received this advice from cPanel;
So I'm starting to think that Suexec/SuPHP do need to be enabled on the server for actinic to run. I'd like to have a definate answer to that before I do, as enabling them will doubtlessly break other sites on the server and there will be a lot of fixing to be done.


Thanks

AFAICS the problem is that the script created files are owned by the "apache" user from the "apache" group. But other files have different users and groups. At least that's what I have seen running the site explorer script on your site.

The "Thanks" capability has only been on the forum for a few months so Lee's prior 5 years of helpful posts make any posts / thanks ratio meaningless. Actually he's the second most thanked member since "thanking" began.

Now I dont post on here much, but I do read many posts, I think that many people that ask questions here forget the fact that this whole forum is provided completely free, with many of the top posters having a long history with Actinic and how it works, having spent time on courses that they in some case may even pay for to help both themselves and others on this forum when they need the help.....again free!

When I read through posts here, often you find very similar questions raised in many different posts, sure it may take time to look, but there are 2 search options and I have found 99% of my answers by being patient with my searches and finding the answers. Perhaps the knowledge driven members of the forum get tired of the same thing, or in some cases when someone has the knowledge it can be difficult to explain the possible solutions without comming accross as abrupt, at times you can not do it any other way than to the point.

Some posts on here have 5+ pages, 4 of these are often argumentative banter, surly rather than taking offence and griping, you should concentrate on what you all came here for in the first place, that way a post could be cut back by 4+ pages of irrelavent moaning, ending up with the whole post virtually useless to anyone else with the same or smilar issues.

Ignor any "tone" that YOU take as personal and read the answer, most of the time if you implement what is said, it will solve your problem, there was an issue some time ago with people getting upset, and this forum lost some very good posters for a while, please dont let it get this way again, this place is one of the most valuable assets to trading with Actinic.

If you ask a question and dont like a single answer, be patient and get another, please dont get rolled up in pointless arguments, the fact is you never know when you may need there help again in the future.

The majority of files that are written by the Actinic software are session files and order files all of which are created and written to by the same process. The stock.fil is one of the few if only file that is created and uploaded from the Actinic software on your PC, but also needs to be written to by the Actinic web server processes.

If you are running the web server as nobody and as you say that is the norm, then the fact that it cannot write to the file during the checkout process (to update stock) is due to the file being owned by another process for which 'nobody' does not have permission. This is confirmed by your changes to file permissions that allowed the system to work. 'Nobody' is usually part of the other group as this set of permissions is effectively passed to the client side of a web server - web browser process. The normal settings thus do not allow users of the web site to write to files, when you log on to ftp (as Actinic does) then you log on with owner permissions and can therefore write files.

From the above I hope it is clear that you need to run the Actinic web server process so that it can have write access to the files and I believe the only way is to correctly configure suexec/suphp to allow this but still keep the maximum security you can.

The majority of Actinic sites run on web servers without any problems for example 1and1, pinbrook et al. Pinbrook confirmed to you in post 47 that they run with suexec/suphp enabled and in your place I would take their advice, they have been hosting Actinic sites for many years and clearly know what is needed.

I still cant get actinic to work on my server for the same reasons..
Not without seriously lowering permissions and ownership as sendmore has..and thats not acceptable. Sendmopre.. Did actinic get back and tell you that was ok??

BTW What exactly does this mean?
YES the scripts are owned by the apache user, but servers dont runa s a particular user unless you use suexec.. The only way to force the webserver access to execute the files as the file owner rather than the webserver owner is to implement suexec.

Actinic have said you dont need to run suexec..??they may be wrong. Try it.

THere needs to be some definate advice about this from actinic, there must be someone there who knows servers. ive seen a few threads where people have just given up on either actinic or their host and it could well be down to this isssue!!
Despite Lee bieng 'bored' by the thread..I'm pleased to see its not being swept under the carpet,.theres someting wrong here that needs to be cleared up

Whilst i havent looked into the way stockcontrol works with v10, I can confirm that actinic up to v10 will run on both suexec enabled servers and non suexec enable servers.

v10 will work with suexec and stock control on v10.01 (i've tested our shared servers here). I havent tested v10.01 with stock control on a non suexec server.

it seems that actinic are saying that for stock control to work with max security you need to configure suexec/suphp on your server config. cPanel themselves are saying you need suPHP to run as acct user and group rather than nobody

FWIW i uploaded a testsite to a non suexec server, online stock control seems fine with v10.01, site takes orders, depletes stock control, uploads and refreshes.

Thanks very much for that information Pinbrook.

Hi Rollerboy and Feemish
I have sent several days testing the site and the previous solution was not a secure one. The permmsions for the cgi bin have now been set to allow 'apache' to write but not 'nobody'. setfacl was used to make this change.This seems to have worked. Any comments would be welcome.

Hi,

sendmore Id ont really understand that I'm afraid.

I think we may be thr first of a long line of vps users who are gonna find they cant make actinic v10 work with CPanel. I think this is a cPanel / Actinic incompatability..

Stock.fil is new in v10 yeah? and it needs to be written to by apache..
If you use CPanel see this;

http://docs.cpanel.net/twiki/bin/vie...lossary#WhmUid

CPanel runs Apache as user ‘nobody.’ let me say that again..
Under cPanel the default user and executor of cgi scripts is 'nobody'

As malbro says;
Indeed.. Actinic uploads the cgi scripts as
owner:<username>
group:<username>
and stock.fil the same.. Thats why it cantbe run by Apache.

In a nutshell Actinics stock control doesnt work with cPanel.. and cPanel is huge.. used by loads of vps users.

suexec might fix this I dontknow but suexec has its own issues.. it can be really slow especially on a busy site... and on a vps can cause issues for other accounts.

I bet Pinbrooks servers arent using cPanel to administer accounts.

Actinic use cPanel on our dedicated servers and everything works fine.

I won't attempt to give a detailed explanation of the issue here. Suffice it to say:
- this isn't a bug in Actinic
- in order to operate fast, real time stock and compressed upload both operate in a slightly different way from previous functionality. In order for that to work effectively the web server has to be configured a particular way with regards to file ownership.
- There is no security issue in configuring the server in the way needed.
- Most web servers are cofigured that way already.

Really, when the web server isn't configured that way, the host should engage fully with the issue. After all they are being paid to run the service.

As has been reported on this thread, that's exactly what some do. If they don't, the easiest thing is to switch to a specialist host, be that Actinic ourselves or someone like Pinbrook. It also ensures there won't be problems in the future as all new software releases are tested on both Actinic servers and those of the main Actinic specialists. As far as I'm aware costs are pretty competitive too.

The knee jerk reaction of manynon-specialist Actinic hosts is to blame the software. That may be appropriate when a one off script is being uploaded, but isn't with Actinic, which is used by thousands of companies across hundreds of different hosts.

However, I will admit that the email for sending to hosts wasn't updated to cover this issue, so it's being updated now. Apologies for that.

Hope that helps.

Chris

I don't think I've seen that email recently, does it get sent out automatically each time you change it?

Would you send it to me today please, assuming it is up to date