My status

My backup memory

Thứ Tư, ngày 25 tháng 7 năm 2012

Install Joomla on Plesk 9.5.5 for Windows

Sau vài ngày tìm hiểu cuối cùng đã xử lý xong. Tóm tắt như sau:
+ Cài đặt Joomla từ Web Application Vault luôn cài vào một thư mục con ví dụ domain\joomla chứ không cài trên root
+ Lỗi khi cài đặt joomla ở step 2 (nếu dùng với Firefox hoặc Chrome). Mặc dù chuyển sang IE có thể cài đặt được nhưng sau khi hoàn thành bước cuối -> lại trở lại ban đầu. Kiểm tra thấy file configuration.php không được tạo ra
+ Khắc phục lỗi sesion.save path bằng cách sửa lại trong php.ini
session.save_path = "c:\tmp"
Thông tin thư mục  PHP and php.ini in Plesk tại http://kb.parallels.com/en/1770
Tạo một thư mục tmp tại C: và gán quyền truy xuất cho nhóm psacln đối với thư mục này -> xong
+ Sau khi xử lý lỗi session.save -> sau khi cài xong joomla xảy ra lỗi không tạo ra được file configuration.php -> Thông báo lỗi "No configuration file found and no installation code available. Exiting..." -> biết rằng liên quan đến permission nhưng...???

Đã tham khảo thông tin tại link dưới nhưng ko có ích lắm:

[FIX] Custom permissions on subfolders in httpdocs get reset to default
http://kb.parallels.com/en/1147


----------------------
Write Permissions on Plesk Windows Servers Get Removed
A problem with permissions being lost / reset on Plesk 9.x for Windows Servers have been noticed by customers with sites requiring special write permissions, such as DotNetNuke (DNN) and other CMS applications (ASP.NET / MS-SQL and PHP / MySQL). The problem is that the write permissions on the folder(s) get removed own its own without any changes being made by us or the client. Further investigation into this issue reveal the source of the problem to be Plesk itself, when the write permissions were originally set outside of Plesk.

Therein Parallels has stated that custom permissions set on top level folders like httpdocs, statistics, cgi-bin, etc... may get reset by Plesk. The test for this is to manually give write permissions to httpdocs folder and run webservmng.exe to see if the manually set permissions are removed... they are! To resolve this issue permanently...

1. Backup the .Security file and delete it from C:/InetPub/vhosts/domain_name, this file saves all the permissions assigned to that domain from Plesk on Windows. Deleting it will remove all the records.
2. After renaming or deleting the . Security file, run this command below:
"%plesk_bin%/websrvmng.exe" --reconfigure-vhost --vhost-name=domain_name
3. This command will create a new .Security file with all default permissions on that domain. This can also be done from within Plesk via the "Check Permissions" function... just make sure to disable the "Check Only" option.
4. Now login into Plesk >> Click on Domains >> domain_name >> File Manager >> httpdocs >> golden padlock of folder_name to set perm on >> “Advance” Button >> Select users >> Assign permissions >> OK.
These steps will save new permissions in the .Security file and even if you run websrvmng.exe or "Check Permissions" on that domain again, the new permissions that has been set from Plesk will not get removed. There is no need to add any special group or users like ASPNET or NETWORK SERVICE to any folder as those permissions are handled by IUSR_ & IWAM_/IWPD_ users.
Any permissions that has been assigned directly to httpdocs folder outside of Plesk will get reset by Plesk and if you inherit them to sub-folders, permissions of the sub-folders will also get removed. So the means to avoid this issue is to always set your file and folder permissions within Plesk, and avoid doing so via Windows Explorer in an RDP session.
---------------------------
Thông tin này có 2 điểm chú ý: 1/cho biết nếu set permission cho httpdocs ngoài plesk thì permission sẽ bị reset và 2/chỉ cần quan tâm đến các user Plesk Domain User (server\ và Plesk IIS User (server\IUSR_
------------------------------------------------------
http://www.orware.com/blog/tips-and-how-tos/plesk/correct-httpdocs-permissions

When Plesk creates an account for you it will always assign the httpdocs folder to the "psaserv" group, and all files within the httpdocs folder to the "psacln" group.
Sometimes you may run into trouble should you accidentally modify these groups (especially when you change the group of the httpdocs folder from psaserv) so should you need to restore these groupings you may run the following commands in succession:

chown -R your_plesk_username:psacln /your/httpdocs/directory
chown your_plesk_username:psaserv /your/httpdocs/directory

What the first command does is make sure that all of the files and folders within your httpdocs folder are correctly within the "psacln" group. The negative side effect of using the "-R" directive is that it also changes the permissions of the httpdocs directory itself, leading to the second command which only changes the httpdocs folder itself to be part of the "psaserv" group, while leaving the files and folders within with the correct grouping.

--------------------------------------------------------------
Thông tin này cho biết các user tạo ra cho client và domain đều thuộc nhóm psacln. Thông tin từ Plesk

Windows Accounts Used by Parallels Plesk Panel to Manage Windows Objects

The following table describes Windows user accounts and groups used by Parallels Plesk Panel to manage Windows objects on server disks.
Account
Description
psaadm
Used by Parallels Plesk Panel to log on to the system and access files and folders.
psacln
All users created by Parallels Plesk Panel are members of this group.
psaserv
Some auxiliary Internet users are members of this group.

Windows Accounts Used by Parallels Plesk Panel to Manage Hosted Windows Objects

Parallels Plesk Panel administers the server on which it is installed by using a number of Windows user accounts. The user accounts are used by Parallels Plesk Panel or remote users logging in to the Parallels Plesk Panel server. The following table lists several Windows user accounts and groups that are used by Parallels Plesk Panel or remote users specifically to access and manage content hosted on domains, subdomains, and Web user accounts. The default permissions on a domain's \httpdocs folder for each account are also described.
Account
Description
Default Permissions for \httpdocs folder
ftp_subaccounts
A Windows user group. Additional ftp user accounts created on domains or subdomains are assigned membership in this user group.
Deny Delete for this object.
A Windows user account. It is created for domain content management purposes at the time of domain creation. For each domain, a separate Domain FTP user account is created. Remote users can access domain content by logging in to the server by using the domain FTP user credentials. The account is also used by Parallels Plesk Panel to manage hosted domain content.
FileNonRemovable for this object and Full Control for subfolders and files.
A Windows user account. It is used for serving incoming HTTP requests. The account is automatically created during domain creation. For each domain a separate account is created. For security reasons, the user account should not be granted full access rights.
Read for files, Read & Execute for folders.
A Windows user account. It is created during domain creation for managing content hosted on subdomains or Web user folders that belong to the domain. The account is used by Parallels Plesk Panel when the subdomain's or Web user's content is managed by Parallels Plesk Panel users who are logged in to Parallels Plesk Panel as domain owners. Note that a separate domain FTP user account can be enabled for a subdomain to manage its content.
FileNonRemovable for this object and Full Control for subfolders and files.
A Windows user account. It is created during domain creation for serving HTTP requests for subdomains and subdomain Web users. The account is used when the content is requested as part of the domain hosting structure.
Read for files, Read & Execute for folders.
A Windows user account created specifically to use IIS Application Pool. The use of separate user accounts corresponding to dedicated IIS Application Pools ensures the maximum degree of domain isolation. For each domain a separate account can be created. For security reasons, the user account should not be granted full access rights.
Read for files, Read & Execute for folders.


Tiếp theo tập trung tìm hiểu về Customizing Hosting Security không có kết quả
http://download1.parallels.com/Plesk/PPP9/Doc/en-US/plesk-9.3-win-advanced-administration-guide/index.htm?fileName=49496.htm
Cuối cùng phát hiện ra là phải thực hiện Customizing Disk Security -> tức là liên quan đến NTFS permission
http://download1.parallels.com/Plesk/PPP9/Doc/en-US/plesk-9.3-win-advanced-administration-guide/index.htm?fileName=49500.htm
Chi tiết như sau:

+ Chọn Additional write/modify permissions cho domain template và Additional write/modify permissions management cho Client Template
+ Tạo Domain -> Allow domain administrator access. Chọn thông số khác + Additional write/modify permissions management
+ Truy cập đến HTTPDOCS folder của domain đó -> properties -> security -> advanced -> Edit
+ Có 2 user Plesk Domain User (gồm 2 entries Apply To cho This Folder và Sub Folders & Files only) và Plesk IIS User (gồm 2 entries Apply To cho This Folder và Sub folder & Files only)
+ Sao chép permission của Plesk IIS User giống như Plesk Domain User (Apply To This Folder only) tức là thêm 2 quyền Create files/Write data và Create folders/Append data (xem hình)
Sau đó có thể cài đặt Joomla bình thường!!!
Tuy nhiên cần đọc kỹ thêm tại
http://download1.parallels.com/Plesk/PPP9/Doc/en-US/plesk-9.3-win-advanced-administration-guide/index.htm?fileName=49506.htm

Bổ sung link tham khảo
How to change the File or Folder permissions using Plesk Windows
https://manage.grabweb.net/knowledgebase.php?action=displayarticle&id=217

2 nhận xét:

  1. Hi all!!!
    * Em nhận quản trị VPS, quan trị website cho 1 công ty
    * Em cài gói joomla 2.5 lên hosting windows pararel plesk. Nhưng không thể
    upload hình vào bài viết, media manager!
    * Em đã thử set perminsion 777, 755 (các thư mục) file là 644 nhưng không
    thể upload hình đc, em thì không rành về Plesk,
    * Nay nhờ anh support giúm em nhé! có thể gửi file hướng dẫn cho em các set
    perminsion joomla thư mục, file

    Trả lờiXóa
  2. Did you know that you can earn money by locking selected sections of your blog or site?
    All you need to do is to join AdscendMedia and embed their Content Locking tool.

    Trả lờiXóa