You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by fe...@crowfix.com on 2002/04/14 23:55:53 UTC
Trouble with suexec and apache 2.0.35
I must be doing something really senseless. If someone can enlighten
me, I will be eternally grateful :-O
I have been running 1.3.20, and decided it was time to upgrade.
2.0.35 works fine except for suexec. I have worked through various
problems, for instance, configuring with relative paths instead of
absolute, but now I'm stuck, or at least, it's getting too complicated
and I will probably revert to 1.3.20 until 2.0.36 comes out, or beg
for help here.
This is a linux 2.2 system, installing apache 2.0.35 from source. The
suexec config options are
--enable-suexec
--with-suexec-bin=/usr/local/apache/sbin/suexec
--with-suexec-caller=www
--with-suexec-userdir=/home/www
--with-suexec-docroot=/usr/local/apache/share/htdocs
--with-suexec-uidmin=500
--with-suexec-gidmin=100
--with-suexec-logfile=/usr/local/apache/var/log/suexec.log
The suexec -V output is
-D AP_DOC_ROOT="/usr/local/apache/share/htdocs"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www"
-D AP_LOG_EXEC="/usr/local/apache/var/log/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="/home/www"
The error log complains
[2002-04-14 13:54:57]: uid: (501/felix) gid: (100/100) cmd: delwww
[2002-04-14 13:54:57]: command not in docroot (/home/www/felix/cgi-bin/delwww)
Well, it's not supposed to be looking in docroot, it's supposed to
look in /home/www/felix/.... But looking at suexec.c, apparently that
error message means it's not in either the main docroot or in the user
docroot. The decision about which to check depends on a variable
userdir. This is set true only if argv[1] begins with a tilde.
I added some debugging to suexec, and it shows that argv has these
values:
suexec: argv.0 = (/usr/local/apache/sbin/suexec)
suexec: argv.1 = (501)
suexec: argv.2 = (100)
suexec: argv.3 = (delwww)
suexec: argv.4 = (delwww)
No tilde there! This is where I gave up. I'm not looking for a bug
in apache, I'm looking for clues to what I am doing wrong, but I've
dug about as deep as I feel like; it seems more likely I have simply
done something really simply wrong.
Any clues for the weary?
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Apache 2.0.35 suexec -- bug on file already
Posted by fe...@crowfix.com.
OK, no more complaints from me :-) someone has already reported the
exact same symptoms and cause -- (#7810)
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7810
So for now I'll either make up a dummy suexec wrapper workaround, or
revert back to 1.3. I think it should not be a difficult bug to fix,
but it would take someone who knows the internals and change history
to know the right way to fix it.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Apache 2.0.35 suexec -- more investigation
Posted by fe...@crowfix.com.
I wrote a little dummy program which prints out its command line args
to a file and exits with an error code. I substituted this for the
real sbin/suexec under both 1.3.20 and 2.0.35. I think there is
definitely a bug, so I'll send email to some developer's list, I
guess.
Under 1.3.20, these are the args passed to suexec:
argv = (/usr/local/apache/sbin/suexec)
argv = (~felix)
argv = (users)
argv = (delwww)
Here is what 2.0.35 passes to suexec:
argv = (/usr/local/apache/sbin/suexec)
argv = (501)
argv = (100)
argv = (delwww)
argv = (delwww)
The new apache goes out of its way to send the uid and gid, not the
names. Suexec itself is hardly changed from 1.3.20 to 2.0.35, so
there's a lack of communication here. Suexec.c expecially looks to
see if the user arg begins with a tilder, in which case it uses
suexec-uderdir instead of suexec-docroot.
For now, I'm back to 1.3.20. I'll let you know of anything else I
find out.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35 -- More
Posted by Roger Williams <ro...@roger.jp>.
--with-suexec-userdir=public_html is what i meant to say
not --with-suexec-userdir=/home/www/felix/public_html in case I wasnt
clear. this way all users can use their public_html to server webpages and
execute scripts.
Roger
-----Original Message-----
From: felix@crowfix.com [mailto:felix@crowfix.com]
Sent: Sunday, April 14, 2002 11:04 PM
To: users@httpd.apache.org; Hasanuddin Tamir
Subject: Re: Trouble with suexec and apache 2.0.35 -- More
>>In article <Pi...@shinchan.trabas.com>,
Hasanuddin Tamir <sa...@trabas.com> writes:
>> The compile time suexec config options were
>>
>> --enable-suexec
>> --with-suexec-bin=/usr/local/apache/sbin/suexec
>> --with-suexec-caller=www
>> --with-suexec-userdir=/home/www
> The value of this option is the directory where the common directory for
> the users to keep their stuff, to be called with tilde in URL. The
> /home/www should be supplied for --with-suexec-docroot instead
>> --with-suexec-docroot=/usr/local/apache/share/htdocs
> All programs must be somewhere under this directory if the scripts are
> supposed to be called via VH. delwww is obviously out of there.
Not that I can see. This same configuration (well, modified as
necessary for the change from 1.3 to 2.) works fine under 1.3.20.
Delwww is not under DocRoot and hasn't been since my first Apache
setups back around 1995 or so. UserDir is a perfectly good place for
delwww.
Now maybe I am compiling with some bad configuration parameters, and
I'd sure like to know what, but --with-suexec-docroot is not the only
possible location. There's also --with-suexec-userdir.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license
#4933
I've found a solution to Fermat's Last Theorem but I see I've run out of
room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35 -- More
Posted by Roger Williams <ro...@roger.jp>.
My 2 cents worth,
--with-suexec-userdir should be the directory under the users home dir
where he can execute scripts. So in the dir /home/www/ there is the home
dir of felix (/home/www/felix) in there is a folder (his apache doc root)
public_html (/home/www/felix/public_html) this should
be --with-suexec-userdir it is the dir UNDER the user home that suexec can
execute scripts. Thats how i do it anyway..... and I have some 5000 clients
on 7 machines.
Roger
-----Original Message-----
From: felix@crowfix.com [mailto:felix@crowfix.com]
Sent: Sunday, April 14, 2002 11:04 PM
To: users@httpd.apache.org; Hasanuddin Tamir
Subject: Re: Trouble with suexec and apache 2.0.35 -- More
>>In article <Pi...@shinchan.trabas.com>,
Hasanuddin Tamir <sa...@trabas.com> writes:
>> The compile time suexec config options were
>>
>> --enable-suexec
>> --with-suexec-bin=/usr/local/apache/sbin/suexec
>> --with-suexec-caller=www
>> --with-suexec-userdir=/home/www
> The value of this option is the directory where the common directory for
> the users to keep their stuff, to be called with tilde in URL. The
> /home/www should be supplied for --with-suexec-docroot instead
>> --with-suexec-docroot=/usr/local/apache/share/htdocs
> All programs must be somewhere under this directory if the scripts are
> supposed to be called via VH. delwww is obviously out of there.
Not that I can see. This same configuration (well, modified as
necessary for the change from 1.3 to 2.) works fine under 1.3.20.
Delwww is not under DocRoot and hasn't been since my first Apache
setups back around 1995 or so. UserDir is a perfectly good place for
delwww.
Now maybe I am compiling with some bad configuration parameters, and
I'd sure like to know what, but --with-suexec-docroot is not the only
possible location. There's also --with-suexec-userdir.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license
#4933
I've found a solution to Fermat's Last Theorem but I see I've run out of
room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35 -- More
Posted by fe...@crowfix.com.
>>In article <Pi...@shinchan.trabas.com>, Hasanuddin Tamir <sa...@trabas.com> writes:
>> The compile time suexec config options were
>>
>> --enable-suexec
>> --with-suexec-bin=/usr/local/apache/sbin/suexec
>> --with-suexec-caller=www
>> --with-suexec-userdir=/home/www
> The value of this option is the directory where the common directory for
> the users to keep their stuff, to be called with tilde in URL. The
> /home/www should be supplied for --with-suexec-docroot instead
>> --with-suexec-docroot=/usr/local/apache/share/htdocs
> All programs must be somewhere under this directory if the scripts are
> supposed to be called via VH. delwww is obviously out of there.
Not that I can see. This same configuration (well, modified as
necessary for the change from 1.3 to 2.) works fine under 1.3.20.
Delwww is not under DocRoot and hasn't been since my first Apache
setups back around 1995 or so. UserDir is a perfectly good place for
delwww.
Now maybe I am compiling with some bad configuration parameters, and
I'd sure like to know what, but --with-suexec-docroot is not the only
possible location. There's also --with-suexec-userdir.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35 -- More
Posted by Hasanuddin Tamir <sa...@trabas.com>.
On Sun, 14 Apr 2002, felix@crowfix.com <fe...@crowfix.com> wrote,
> Sorry about the confusion. I don't like ~/public_html, I have always
> put personal areas under /home/www/. my login home dir is
> /home/felix, the personal www root is /home/www/felix/. Under there
> are cgi-bin, htdocs, fcgi, etc.
How'd you like to have the URL for the users' personal page, if you don't
like http://www.domain.com/~felix. You want virtual host? Or, mod_rewrite,
perhaps?
> This has worked under 1.* for as long as I can remember, back to 1995
> or so I think. It works for 2.0.35 EXCEPT for suexec. The logged
> complaint in the errors log file is
>
> [2002-04-14 13:54:57]: uid: (501/felix) gid: (100/100) cmd: delwww
> [2002-04-14 13:54:57]: command not in docroot (/home/www/felix/cgi-bin/delwww)
This error has something to do with the --with-suexec-docroot.
> The compile time suexec config options were
>
> --enable-suexec
> --with-suexec-bin=/usr/local/apache/sbin/suexec
> --with-suexec-caller=www
> --with-suexec-userdir=/home/www
The value of this option is the directory where the common directory for
the users to keep their stuff, to be called with tilde in URL. The
/home/www should be supplied for --with-suexec-docroot instead
> --with-suexec-docroot=/usr/local/apache/share/htdocs
All programs must be somewhere under this directory if the scripts are
supposed to be called via VH. delwww is obviously out of there.
--
san->http(www.trabas.com)
{If Linux doesn't have solution, you have the wrong problem}
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35 -- More
Posted by fe...@crowfix.com.
Sorry about the confusion. I don't like ~/public_html, I have always
put personal areas under /home/www/. my login home dir is
/home/felix, the personal www root is /home/www/felix/. Under there
are cgi-bin, htdocs, fcgi, etc.
This has worked under 1.* for as long as I can remember, back to 1995
or so I think. It works for 2.0.35 EXCEPT for suexec. The logged
complaint in the errors log file is
[2002-04-14 13:54:57]: uid: (501/felix) gid: (100/100) cmd: delwww
[2002-04-14 13:54:57]: command not in docroot (/home/www/felix/cgi-bin/delwww)
The compile time suexec config options were
--enable-suexec
--with-suexec-bin=/usr/local/apache/sbin/suexec
--with-suexec-caller=www
--with-suexec-userdir=/home/www
--with-suexec-docroot=/usr/local/apache/share/htdocs
--with-suexec-uidmin=500
--with-suexec-gidmin=100
--with-suexec-logfile=/usr/local/apache/var/log/suexec.log
The suexec -V output is
-D AP_DOC_ROOT="/usr/local/apache/share/htdocs"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www"
-D AP_LOG_EXEC="/usr/local/apache/var/log/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="/home/www"
The httpd.conf directives are
UserDir /home/www/*
<Directory /home/www/*>
AllowOverride AuthConfig FileInfo Indexes Limit
Order deny,allow
Deny from all
Allow from 192.168.1 216.240.38.152/29 207.159.47
</Directory>
<Directory /home/www/*/cgi-bin>
AllowOverride AuthConfig
Options ExecCGI FollowSymLinks
Order deny,allow
Deny from all
Allow from 192.168.1 216.240.38.152/29 207.159.47
SetHandler cgi-script
</Directory>
This is unchanged from 1.3.20. I can stop 2.0.35 and start 1.3.20 and
everything works fine.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by Roger Williams <ro...@roger.jp>.
You might want to try puting :
--enable-suexec
in there and try it again. Cant say it is going to work but worth a try. I
usually dont use ports for apache, there are so many variables to set, it
can be a pain to get it to work correctly.
Good Luck,
Roger
-----Original Message-----
From: Jack L. Stone [mailto:jack@sage-one.net]
Sent: Monday, April 15, 2002 10:56 AM
To: users@httpd.apache.org; users@httpd.apache.org
Subject: RE: Trouble with suexec and apache 2.0.35
hmmmm.... checked the Makefile un the ports and found this reference to
suexec, but nothing gets installed. Any thoughts?:
CONFIGURE_ARGS= --prefix=${PREFIX} \
--server-uid=www \
--server-gid=www \
--with-perl=${PERL} \
--with-layout=FreeBSD \
--suexec-docroot=${PREFIX}/www/data \
--without-confadjust \
--enable-module=most \
--enable-module=auth_db \
--enable-module=mmap_static \
--disable-module=auth_dbm \
--enable-shared=max \
--enable-module=ssl \
--enable-module=define
At 11:14 PM 4.14.2002 -0400, Roger Williams wrote:
>You might want to check the Makefile in the apache dir and see if you can
>enable it and recompile.
>
>Roger
>
>-----Original Message-----
>From: Jack L. Stone [mailto:jack@sage-one.net]
>Sent: Sunday, April 14, 2002 11:06 PM
>To: users@httpd.apache.org; users@httpd.apache.org
>Subject: RE: Trouble with suexec and apache 2.0.35
>
>
>Yes, I compiled this right out of ports... on several machines and none
>have suexec for this version of apache. In machines with apache-1.23, it
>has installed from ports.... strange.
>
>At 11:03 PM 4.14.2002 -0400, Roger Williams wrote:
>>You need to compile it into apache when you build it. IM not real sure
how
>>the ports collections does it but it is almost certain you will need to
>>reconfigure it to fill your needs.
>>
>>Roger
>>
>>-----Original Message-----
>>From: Jack L. Stone [mailto:jack@sage-one.net]
>>Sent: Sunday, April 14, 2002 10:35 PM
>>To: users@httpd.apache.org; users@httpd.apache.org
>>Subject: Re: Trouble with suexec and apache 2.0.35
>>
>>
>>Pardon, me for jumping in on this exchange about suexec, but I've just
>>installed apache-1.24+ssl and noticed that the suexec was not installed
>>with this version. Is this function handled in some other way perhaps....
>>I'm running FBSD 4.5. Thanks!
>>
>>
>>At 06:01 PM 4.14.2002 -0400, Joshua Slive wrote:
>>>felix@crowfix.com wrote:
>>>
>>>> --with-suexec-userdir=/home/www
>>>
>>>I don't think that is right. It should be the same as your UserDir
>>>directive in httpd.conf, which is probably something like public_html.
>>>
>>>> No tilde there! This is where I gave up. I'm not looking for a bug
>>>> in apache, I'm looking for clues to what I am doing wrong, but I've
>>>> dug about as deep as I feel like; it seems more likely I have simply
>>>> done something really simply wrong.
>>>
>>>I have seen a couple other reports of problems with suexec in 2.0, so
>>>there may also be some bugs. I haven't tried it myself.
>>>
>>>Joshua.
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server
Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>
>>.... our website: http://www.sage-one.net/
>>
>>Best regards,
>>
>>Jack L. Stone
>>Server Admin
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>
>.... our website: http://www.sage-one.net/
>
>Best regards,
>
>Jack L. Stone
>Server Admin
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
.... our website: http://www.sage-one.net/
Best regards,
Jack L. Stone
Server Admin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by "Jack L. Stone" <ja...@sage-one.net>.
hmmmm.... checked the Makefile un the ports and found this reference to
suexec, but nothing gets installed. Any thoughts?:
CONFIGURE_ARGS= --prefix=${PREFIX} \
--server-uid=www \
--server-gid=www \
--with-perl=${PERL} \
--with-layout=FreeBSD \
--suexec-docroot=${PREFIX}/www/data \
--without-confadjust \
--enable-module=most \
--enable-module=auth_db \
--enable-module=mmap_static \
--disable-module=auth_dbm \
--enable-shared=max \
--enable-module=ssl \
--enable-module=define
At 11:14 PM 4.14.2002 -0400, Roger Williams wrote:
>You might want to check the Makefile in the apache dir and see if you can
>enable it and recompile.
>
>Roger
>
>-----Original Message-----
>From: Jack L. Stone [mailto:jack@sage-one.net]
>Sent: Sunday, April 14, 2002 11:06 PM
>To: users@httpd.apache.org; users@httpd.apache.org
>Subject: RE: Trouble with suexec and apache 2.0.35
>
>
>Yes, I compiled this right out of ports... on several machines and none
>have suexec for this version of apache. In machines with apache-1.23, it
>has installed from ports.... strange.
>
>At 11:03 PM 4.14.2002 -0400, Roger Williams wrote:
>>You need to compile it into apache when you build it. IM not real sure how
>>the ports collections does it but it is almost certain you will need to
>>reconfigure it to fill your needs.
>>
>>Roger
>>
>>-----Original Message-----
>>From: Jack L. Stone [mailto:jack@sage-one.net]
>>Sent: Sunday, April 14, 2002 10:35 PM
>>To: users@httpd.apache.org; users@httpd.apache.org
>>Subject: Re: Trouble with suexec and apache 2.0.35
>>
>>
>>Pardon, me for jumping in on this exchange about suexec, but I've just
>>installed apache-1.24+ssl and noticed that the suexec was not installed
>>with this version. Is this function handled in some other way perhaps....
>>I'm running FBSD 4.5. Thanks!
>>
>>
>>At 06:01 PM 4.14.2002 -0400, Joshua Slive wrote:
>>>felix@crowfix.com wrote:
>>>
>>>> --with-suexec-userdir=/home/www
>>>
>>>I don't think that is right. It should be the same as your UserDir
>>>directive in httpd.conf, which is probably something like public_html.
>>>
>>>> No tilde there! This is where I gave up. I'm not looking for a bug
>>>> in apache, I'm looking for clues to what I am doing wrong, but I've
>>>> dug about as deep as I feel like; it seems more likely I have simply
>>>> done something really simply wrong.
>>>
>>>I have seen a couple other reports of problems with suexec in 2.0, so
>>>there may also be some bugs. I haven't tried it myself.
>>>
>>>Joshua.
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP Server Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>
>>
>>.... our website: http://www.sage-one.net/
>>
>>Best regards,
>>
>>Jack L. Stone
>>Server Admin
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>
>.... our website: http://www.sage-one.net/
>
>Best regards,
>
>Jack L. Stone
>Server Admin
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
.... our website: http://www.sage-one.net/
Best regards,
Jack L. Stone
Server Admin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by Roger Williams <ro...@roger.jp>.
You might want to check the Makefile in the apache dir and see if you can
enable it and recompile.
Roger
-----Original Message-----
From: Jack L. Stone [mailto:jack@sage-one.net]
Sent: Sunday, April 14, 2002 11:06 PM
To: users@httpd.apache.org; users@httpd.apache.org
Subject: RE: Trouble with suexec and apache 2.0.35
Yes, I compiled this right out of ports... on several machines and none
have suexec for this version of apache. In machines with apache-1.23, it
has installed from ports.... strange.
At 11:03 PM 4.14.2002 -0400, Roger Williams wrote:
>You need to compile it into apache when you build it. IM not real sure how
>the ports collections does it but it is almost certain you will need to
>reconfigure it to fill your needs.
>
>Roger
>
>-----Original Message-----
>From: Jack L. Stone [mailto:jack@sage-one.net]
>Sent: Sunday, April 14, 2002 10:35 PM
>To: users@httpd.apache.org; users@httpd.apache.org
>Subject: Re: Trouble with suexec and apache 2.0.35
>
>
>Pardon, me for jumping in on this exchange about suexec, but I've just
>installed apache-1.24+ssl and noticed that the suexec was not installed
>with this version. Is this function handled in some other way perhaps....
>I'm running FBSD 4.5. Thanks!
>
>
>At 06:01 PM 4.14.2002 -0400, Joshua Slive wrote:
>>felix@crowfix.com wrote:
>>
>>> --with-suexec-userdir=/home/www
>>
>>I don't think that is right. It should be the same as your UserDir
>>directive in httpd.conf, which is probably something like public_html.
>>
>>> No tilde there! This is where I gave up. I'm not looking for a bug
>>> in apache, I'm looking for clues to what I am doing wrong, but I've
>>> dug about as deep as I feel like; it seems more likely I have simply
>>> done something really simply wrong.
>>
>>I have seen a couple other reports of problems with suexec in 2.0, so
>>there may also be some bugs. I haven't tried it myself.
>>
>>Joshua.
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>
>.... our website: http://www.sage-one.net/
>
>Best regards,
>
>Jack L. Stone
>Server Admin
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
.... our website: http://www.sage-one.net/
Best regards,
Jack L. Stone
Server Admin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by "Jack L. Stone" <ja...@sage-one.net>.
Yes, I compiled this right out of ports... on several machines and none
have suexec for this version of apache. In machines with apache-1.23, it
has installed from ports.... strange.
At 11:03 PM 4.14.2002 -0400, Roger Williams wrote:
>You need to compile it into apache when you build it. IM not real sure how
>the ports collections does it but it is almost certain you will need to
>reconfigure it to fill your needs.
>
>Roger
>
>-----Original Message-----
>From: Jack L. Stone [mailto:jack@sage-one.net]
>Sent: Sunday, April 14, 2002 10:35 PM
>To: users@httpd.apache.org; users@httpd.apache.org
>Subject: Re: Trouble with suexec and apache 2.0.35
>
>
>Pardon, me for jumping in on this exchange about suexec, but I've just
>installed apache-1.24+ssl and noticed that the suexec was not installed
>with this version. Is this function handled in some other way perhaps....
>I'm running FBSD 4.5. Thanks!
>
>
>At 06:01 PM 4.14.2002 -0400, Joshua Slive wrote:
>>felix@crowfix.com wrote:
>>
>>> --with-suexec-userdir=/home/www
>>
>>I don't think that is right. It should be the same as your UserDir
>>directive in httpd.conf, which is probably something like public_html.
>>
>>> No tilde there! This is where I gave up. I'm not looking for a bug
>>> in apache, I'm looking for clues to what I am doing wrong, but I've
>>> dug about as deep as I feel like; it seems more likely I have simply
>>> done something really simply wrong.
>>
>>I have seen a couple other reports of problems with suexec in 2.0, so
>>there may also be some bugs. I haven't tried it myself.
>>
>>Joshua.
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>
>.... our website: http://www.sage-one.net/
>
>Best regards,
>
>Jack L. Stone
>Server Admin
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
.... our website: http://www.sage-one.net/
Best regards,
Jack L. Stone
Server Admin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by Roger Williams <ro...@roger.jp>.
You need to compile it into apache when you build it. IM not real sure how
the ports collections does it but it is almost certain you will need to
reconfigure it to fill your needs.
Roger
-----Original Message-----
From: Jack L. Stone [mailto:jack@sage-one.net]
Sent: Sunday, April 14, 2002 10:35 PM
To: users@httpd.apache.org; users@httpd.apache.org
Subject: Re: Trouble with suexec and apache 2.0.35
Pardon, me for jumping in on this exchange about suexec, but I've just
installed apache-1.24+ssl and noticed that the suexec was not installed
with this version. Is this function handled in some other way perhaps....
I'm running FBSD 4.5. Thanks!
At 06:01 PM 4.14.2002 -0400, Joshua Slive wrote:
>felix@crowfix.com wrote:
>
>> --with-suexec-userdir=/home/www
>
>I don't think that is right. It should be the same as your UserDir
>directive in httpd.conf, which is probably something like public_html.
>
>> No tilde there! This is where I gave up. I'm not looking for a bug
>> in apache, I'm looking for clues to what I am doing wrong, but I've
>> dug about as deep as I feel like; it seems more likely I have simply
>> done something really simply wrong.
>
>I have seen a couple other reports of problems with suexec in 2.0, so
>there may also be some bugs. I haven't tried it myself.
>
>Joshua.
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
.... our website: http://www.sage-one.net/
Best regards,
Jack L. Stone
Server Admin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35
Posted by "Jack L. Stone" <ja...@sage-one.net>.
Pardon, me for jumping in on this exchange about suexec, but I've just
installed apache-1.24+ssl and noticed that the suexec was not installed
with this version. Is this function handled in some other way perhaps....
I'm running FBSD 4.5. Thanks!
At 06:01 PM 4.14.2002 -0400, Joshua Slive wrote:
>felix@crowfix.com wrote:
>
>> --with-suexec-userdir=/home/www
>
>I don't think that is right. It should be the same as your UserDir
>directive in httpd.conf, which is probably something like public_html.
>
>> No tilde there! This is where I gave up. I'm not looking for a bug
>> in apache, I'm looking for clues to what I am doing wrong, but I've
>> dug about as deep as I feel like; it seems more likely I have simply
>> done something really simply wrong.
>
>I have seen a couple other reports of problems with suexec in 2.0, so
>there may also be some bugs. I haven't tried it myself.
>
>Joshua.
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
.... our website: http://www.sage-one.net/
Best regards,
Jack L. Stone
Server Admin
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35
Posted by Joshua Slive <jo...@slive.ca>.
felix@crowfix.com wrote:
> --with-suexec-userdir=/home/www
I don't think that is right. It should be the same as your UserDir
directive in httpd.conf, which is probably something like public_html.
> No tilde there! This is where I gave up. I'm not looking for a bug
> in apache, I'm looking for clues to what I am doing wrong, but I've
> dug about as deep as I feel like; it seems more likely I have simply
> done something really simply wrong.
I have seen a couple other reports of problems with suexec in 2.0, so
there may also be some bugs. I haven't tried it myself.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35
Posted by Joshua Slive <jo...@slive.ca>.
Roger Williams wrote:
> Joshua.
> If you look at his email, he is not looking for a "tilde" account he was
> trying to call "/home/www/felix/" not ~felix. He appears to be trying
> virtual hosts not user accounts.
You may be right. In any case, he himself is confused about what he is
doing. Perhaps if he described exactly what his configuration looks
like and what URLs he is trying to access, we might be able to help more.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by Roger Williams <ro...@roger.jp>.
Joshua.
If you look at his email, he is not looking for a "tilde" account he was
trying to call "/home/www/felix/" not ~felix. He appears to be trying
virtual hosts not user accounts.
Roger
System Admin
J-Navi Web Hosting
-----Original Message-----
From: Joshua Slive [mailto:joshua@slive.ca]
Sent: Sunday, April 14, 2002 6:12 PM
To: users@httpd.apache.org
Subject: Re: Trouble with suexec and apache 2.0.35
Roger Williams wrote:
> Hello,
> Suexec looks in its own docroot to execute scripts, so /home/www has to
> be in or below the doc root of suexec. so you can either put the user
dirs
> below the docroot of suexec or make the doc root "/".... which I dont
> suggest, but have seen.
No, that's not right. Requests for UserDir (~) directories do not
need to be under the suexec docroot.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Trouble with suexec and apache 2.0.35
Posted by Joshua Slive <jo...@slive.ca>.
Roger Williams wrote:
> Hello,
> Suexec looks in its own docroot to execute scripts, so /home/www has to
> be in or below the doc root of suexec. so you can either put the user dirs
> below the docroot of suexec or make the doc root "/".... which I dont
> suggest, but have seen.
No, that's not right. Requests for UserDir (~) directories do not
need to be under the suexec docroot.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: Trouble with suexec and apache 2.0.35
Posted by Roger Williams <ro...@roger.jp>.
Hello,
Suexec looks in its own docroot to execute scripts, so /home/www has to
be in or below the doc root of suexec. so you can either put the user dirs
below the docroot of suexec or make the doc root "/".... which I dont
suggest, but have seen.
Roger
-----Original Message-----
From: felix@crowfix.com [mailto:felix@crowfix.com]
Sent: Sunday, April 14, 2002 5:56 PM
To: users@httpd.apache.org
Subject: Trouble with suexec and apache 2.0.35
I must be doing something really senseless. If someone can enlighten
me, I will be eternally grateful :-O
I have been running 1.3.20, and decided it was time to upgrade.
2.0.35 works fine except for suexec. I have worked through various
problems, for instance, configuring with relative paths instead of
absolute, but now I'm stuck, or at least, it's getting too complicated
and I will probably revert to 1.3.20 until 2.0.36 comes out, or beg
for help here.
This is a linux 2.2 system, installing apache 2.0.35 from source. The
suexec config options are
--enable-suexec
--with-suexec-bin=/usr/local/apache/sbin/suexec
--with-suexec-caller=www
--with-suexec-userdir=
--with-suexec-docroot=/usr/local/apache/share/htdocs
--with-suexec-uidmin=500
--with-suexec-gidmin=100
--with-suexec-logfile=/usr/local/apache/var/log/suexec.log
The suexec -V output is
-D AP_DOC_ROOT="/usr/local/apache/share/htdocs"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www"
-D AP_LOG_EXEC="/usr/local/apache/var/log/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="/home/www"
The error log complains
[2002-04-14 13:54:57]: uid: (501/felix) gid: (100/100) cmd: delwww
[2002-04-14 13:54:57]: command not in docroot
(/home/www/felix/cgi-bin/delwww)
Well, it's not supposed to be looking in docroot, it's supposed to
look in /home/www/felix/.... But looking at suexec.c, apparently that
error message means it's not in either the main docroot or in the user
docroot. The decision about which to check depends on a variable
userdir. This is set true only if argv[1] begins with a tilde.
I added some debugging to suexec, and it shows that argv has these
values:
suexec: argv.0 = (/usr/local/apache/sbin/suexec)
suexec: argv.1 = (501)
suexec: argv.2 = (100)
suexec: argv.3 = (delwww)
suexec: argv.4 = (delwww)
No tilde there! This is where I gave up. I'm not looking for a bug
in apache, I'm looking for clues to what I am doing wrong, but I've
dug about as deep as I feel like; it seems more likely I have simply
done something really simply wrong.
Any clues for the weary?
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license
#4933
I've found a solution to Fermat's Last Theorem but I see I've run out of
room o
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org