community.egroupware.org: Community wiki

  
Community wiki
English FAQ

the  German FAQ is more complete, a translation of the missing content would be nice

Table of Contents

1a. - eGroupware and Plesk / files directory outside the document root.

1b. - Filemanager: Base directory does not exist.  Ask adminstrator to check the global configuration.

1c. - eGroupWare and confixx.

1d. - Can't share files in filemanger.

2. - I forgot some of the passwords for /setup. How can I reset it?

3. - eGroupWare gives me a blank screen.

4. - Where do I go in eGW to see my application?

5. - My ip or user is blocked. How can I unblock it?

6. - Sessions never expiring.

7. - Max Upload size - Fileupload and php.ini

8. - Where is TTS gone?


1a. eGroupware and Plesk / files directory outside the document root

This article is similar in some way to 1b.


eGW needs to have its files directory / VFS root outside the document root.

The problem with plesk is that plesk sets an open_basedir restriction on the docroot and /tmp only (in conf/httpd.include of your vhost).

You need to create a conf/vhost.conf file for your vhost:


php_admin_value open_basedir "/home/httpd/vhosts/xxxxxxxxxxx/httpdocs:/home/httpd/vhosts/xxxxxxxxxx/tmp:/home/httpd/vhosts/xxxxxxxxxxx/egw_files"
php_admin_value upload_tmp_dir "/home/httpd/vhosts/xxxxxxxxxx/tmp"


After that, you need to run "/usr/local/psa/admin/sbin/websrvmng -a" that plesk includes your conf/vhost.conf in his own conf/httpd.include.

For security reasons, the above example uses the tmp directory of your vhost as eGW's tmp-dir. You need to make that change in setup >> configuration too!

The egw_files directory needs to be created, chown'ed to the apache user, chmod to 700 and entered into setup >> configuration.

Replace "xxxxxxxxxxxx" with your vhost's name.
Ralf

Update for Plesk 8.0


php_admin_value open_basedir "/usr/share/pear:/var/lib/php/session:/var/www/vhosts/xxxxxxxxxx/backup:/var/www/vhosts/xxxxxxxxxx/httpdocs:/var/www/vhosts/xxxxxxxxxx/tmp:/var/www/vhosts/xxxxxxxxxx/files"

php_admin_value upload_tmp_dir "/var/www/vhosts/xxxxxxxxxx/tmp"

AllowOverride All


I did the "AllowOverride All" in so that the std. .htaccess of egroupware gets executed.
than: /usr/local/psa/admin/sbin/websrvmng -a -v
and: service httpd restart

This article was written as an knowledgebase article and imported to the wiki later. There is a similar article in the german FAQ available 

1b. Filemanager: Base directory does not exist, Ask adminstrator to check the global configuration

This article is similar in some way to 1a.

eGroupWare's VFS (Virtual File System) needs to store its files somewhere.

If the files were stored inside the docroot of the webserver, we could not enforce the ACL: everyone knowing the URL, could download it (*).

Unfortunally not all packages can create a directory outside the docroot automatically, nor can setup detect that directory.

So in short, you need to:

1) create a directory outside the docroot of the webserver (SuSE: /srv/www/htdocs, RH: /var/www/html, Debian: /var/www, ...). That could be eg. a directory named egw_files on the same level as the docroot (SuSE: /srv/www/egw_files, RH: /var/www/egw_file, Debian: /var/egw_files, ...).

2) that directory has to be owned by the webserver user (SuSE: wwwrun, RH: apache, Debian: www-data, ...) and the webserver needs all rights on it (700 permissions). Alternativly you can set the group-ownership to the group of the webserver(SuSE: www, RH: apache, Debian: www-data, ...) and "chmod g+rwx" it. You should always remove the other-rights (chmod o-rwx), specialy if you run on a shared host!

3) If you have open_basedir activated in your php.ini, you need to add that directory to the allowed directories! Confixx or Plesk use open_basedir by default.

4) Log into Setup (upper login), click on Configuration and add the choosen directory under "Enter the full path for users and group files."

That's it :-)

There are 3 more related articles you might want to read:

  • Sharing files with filemanager aka group directories
  • Using eGW with Plesk
  • Using eGW with Confixx

(*) a .htaccess file could archive that too, but they are not portable between different webservers, so we don't rely on that.

paragraph written by Ralf Becker and Oscar Manuel Gómez Senovilla

1c. eGroupWare and confixx

Confixx uses by default open_basedir AND Safe Mode (http://www.php.net/features.safe-mode). This (vhost specific) setting is not in the main /etc/php.ini, but in its vhost configuration-file (in /etc/httpd/confixx_vhost.conf).

You should NOT edit this file, as confixx constantly recreates it.

Log into Confixx as Admin: Perferences -> httpd special -> Customer (select)

php_admin_value open_basedir /home/www/webXXX/

Automatic update of the /etc/httpd/confixx_vhost.conf and the apache restart takes about 2 min.

By setting open_basedir to /home/www/webXXX/ you can access all directories of your home directory. There you should put now the VFS basedirectory.

Confixx also uses safe_mode, which creates further problems, but also security ;-). Under safe_mode PHP checks if the executed script belongs to the same user as the files it accesses. That can be tricky, specialy with the file upload (after the upload the file belongs to the webserver, but the script belongs to the webXXX user)). Either you switch safe_mode off with the following line:

php_admin_flag safe_mode off

or you fiddle with the permissions

paragraph written 2005 by Ralf Becker

1d. Can't share files in filemanger

Filemanager does NOT support sharing of the home-directories of users!

If you want to share files, you need to use group-directories.

To do so, please follow these steps (loged in as an admin):

  1. You have to create a group ACL: Admin >> Manage groups, choose the group and click on the pencil icon behind filemanager: eg. you choose group "Default" and give read+edit+delete for group Default.
  2. Then you go to filemanager and go up one level up to /home, then the Default group-dir will be created and from now on you will see it in the list of directories, you can change to

Further notes

:

 

You don't need to create any directory yourself, this causes only trouble!

 

You have to specify a path (outside your docroot) for the vfs (directory for home and group files) in setup (upper login) >> configuration AND you have to create it and give the webserver user rwx


(700) access to it. There's another article about that "Filemanager:

Base directory does not exist, Ask adminstrator to check the global configuration

" and two more about

Plesk

and

Confixx

problems, check the links tab!

2. I forgot some of the passwords for /setup. How can I reset it? 

The passwords for accessing Setup / Config or Header / Admin are stored in the header.inc.php file that resides in the egroupware root tree of your installation. So, if you forgot the Header / Admin password, your only chance is to reset it. For this, you have to edit that file in the filesystem. The password is encoded, so the best way to reset the password is leaving it empty (about line 36, set $GLOBALS['egw_info']['server']['header_admin_password'] = '';). Once you enter Header / Admin, you can set the new password and, if you forgot any of the Setup / Config passwords, you can directly enter the new one here, too (there's no need modify header.inc.php as long you can enter Header / Admin).

Remember in any case to give ownership (or write permission) to the webserver, and after doing changes in Header / Admin, save the file again.

Another option (drastic but unnecesary) is to delete or move the header.inc.php file, which forces the initial installation process to repeat from the start. This won't delete any data from the database, since you're supposed to enter the same connection data, which will try to reuse the database.

If you forgot the password for the admin account (created in /setup, step 3), the quickest (and safest) way is to go back to step three and create it again, making sure you don't check extra options to delete existing accounts (since you should want to preserve your data).

As a last resort, and taking that you know the password of any another account (you can create a demo account before if you don't know it) and can browse the db, you can try this SQL command that will assign your account the known password of the other account:

UPDATE egw_accounts e1, egw_accounts e2 SET e1.account_pwd=e2.account_pwd WHERE e2.account_lid='known' and e1.account_lid='forgotten'

Of course, replace 'forgotten' with the username you don't remember the password, and 'known' with the username you know the password. After you login with your account, you can change the password.

This paragraph was written by Oscar Manuel Gómez Senovilla as a knowledgebase article

3. eGroupWare gives me a blank screen

A blank screen usually has two causes:

  1. apache crashed:
    You can find out if that's the case by looking in the apache error_log.
    There is not much you can do: try switching off the php cache, if you use one --> get a new php binary
  2. php had a fatal error
    Due to the settings in your php.ini the error is not displayed and maybe even not written to the apache error_log.
    Change your php.ini (Admin >> phpinfo tells you where it is located):
    • log_errors=On
      If On, errors get written to the destination given in the error_log setting, which defaults to the apache error_log.
      This is the recommended setting for a production server.
    • display_errors=On
      Errors and warnings are output to the browser. That's Ok and wanted for a development box, but not recommended for a production server.
    • Dont forget to reload your apache, that the changes in your php.ini get used!

With the error-message you should get now, you can get some help via the lists / forum.

This paragraph was written by Ralf Becker as a knowledgebase article.

4. Where do I go in eGW to see my application?

For an application to be available in a user profile, it must have been enabled by the administrator. To make one application available for one user, it must be enabled in any of the groups the user belongs to, or at the individual user account, by going to administration application, and edit the necessary user and/or group account application list.

When one application is uninstalled for some reason, it stops being available for everyone, even admins. If it's ever reinstalled, it won't be enabled by default, so the administrator has to specifically enable it in each necessary profile

This paragraph was written by Oscar Manuel Gómez Senovilla as an knowlegebase article.

5. My ip or user is blocked. How can I unblock it?

EGroupWare has a security mechanism to prevent attacks. You can tune it in admin -> Site configuration. You have options like the time for retries, number of retries, etc. So, this is the first place you have to take a look at before trying anything else, mostly for further issues. By default the block time is set to 30 minutes, so after some time you will be able to login again, without doing anything.

Even with this in mind, if by chance a trusted user (or ip) gets blocked and you want to unlock that user or ip, you have to browse the egw_access_log table, and search in the session_id field the a value that's not a session_id nor just 'bad login or password'. You'll find it, and check that the row data (user, ip) matches the one you want to unlock (there could be an attacker, too, and you could unlock him), so using your preferred db tool, make sure you delete this record (there isn't a unique id field in this table).

 This paragraph was written by Oscar Manuel Gómez Senovilla as an knowledgebase article

 

6. Sessions never expiring

If you switched the session display on as admin or look at Admin >> List sessions, you notice sessions older then the expiration time you set in Admin >> Site configuration. How is that possible?

PHP does not check the expiration time off all existing sessions on each session creation (for performance reasons).

First you need to find out the location for your php.ini file.  The easiest and most accurate way is to look inside eGroupWare at Admin >> phpinfo.  Be warned!  PHP can use multiple configuration files, eg. one in /etc/php.ini and another one by the vhost configuration of the webserver!

There are two php.ini settings which influence how often PHP does that check / expires sessions:

 

session.gc_probability

session.gc_probability in conjunction with session.gc_divisor is used to manage probability that the gc (garbage collection) routine is started. Defaults to 1.

session.gc_divisor

session.gc_divisor coupled with session.gc_probability defines the probability that the gc (garbage collection) process is started on every session initialization. The probability is calculated by using gc_probability/gc_divisor, e.g. 1/100 means there is a 1% chance that the GC process starts on each request. session.gc_divisor defaults to 100.

That means (with default settings) every hundred session creations, PHP checks and deletes expired sessions. For a site with little traffic, that can be a quite long time. You might want to set session.gc_probability eg. to 10, 25 or 50, to check on every 10, 4 or 2 request. Setting it too high and the performance of your site will suffer!

After you make the necessary changes in your php.ini, you need to at least reload your webserver (unless you run php as a CGI) AND you should check if Admin >> phpinfo shows your changed values.

An other problem can be using the (default) filesystem based sessions handler on a filesystem without access-times (eg. windows with FAT). In that case there will be no session expiration at all.

this paragraph was written by Ralf Becker 2005

7. Max Upload size/Fileupload and php.ini

The maximum size of upload files is limited by certain php.ini settings.

Fileuploads are done in many parts of eGroupWare:

If the limits are to small, you will usualy get a message like max. memory size or sometimes max. execution time exhaused. Sometimes you get no error message at all ;-)

First you need to find out the location for your php.ini file. Easiest and most accurate way is to look inside eGroupWare at Admin >> phpinfo.  Be warned that php can use multiple configuration files, eg. one in /etc/php.ini and an other one by the vhost configuration of the webserver!

Locate and check the following settings:

; Whether to allow HTTP file uploads.
file_uploads = On

; Maximum allowed size for uploaded files. (default 2M)
; size has to be double the size of the file you want to upload, file-uploads get base64 encoded!
upload_max_filesize = 8M

; Maximum amount of memory a script may consume (default 8MB)
; eGroupWare requires a minimum of 16M!
; for fileuploads the uploaded file has to fit in there too (plus eGroupWare)!
memory_limit = 24M

; Maximum execution time of each script, in seconds (default 30)
max_execution_time = 60
; Maximum amount of time each script may spend parsing request data (default 30)
max_input_time = 60
; both settings can limit the maximum size of an upload, as the php-script gets terminated before the file is completly processed

The above values should allow you upload up to 4MB, you might increase them further to suite your needs.

After you make the necessary changes in your php.ini, you need to at least reload your webserver (unless you run php as a CGI) AND you should check if Admin >> phpinfo shows your changed values.

this paragraph was written by Ralf Becker 2005

8. Where is TTS gone?

Down the drain. Since 1.6, TTS is not supported anymore. It has been replaced by Tracker. If you used TTS before, you can convert all items to Tracker following these instructions.



You are here