You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Donald Murray <do...@hotmail.com> on 2004/01/19 22:47:12 UTC
[users@httpd] Cannot get per-user CGI directories to work
Does anyone have per-user CGI directories working?
My initial motivation was to have all user-specific html/CGI in
a separate tree (/opt/www/users), thereby avoiding serving
anything from beneath /home. There are related recipes in the
Apache Cookbook (5.4 and 5.7), so it should be possible. I'm
apparently too stubborn to give up on the idea. ;-)
I have already succeeded in getting users' pages served from
/opt/www/users/mylogin/html, but cannot get CGIs to work in
/opt/www/users/mylogin/html/cgi-bin.
I placed foo.cgi in /var/www/cgi-bin:
#!/usr/bin/perl -w
print "Content-type: text/html\n\n";
print "Hello, World.\n";
This works fine. When I copy foo.cgi to /opt/www/users/mylogin/html/cgi-bin/
and try to run it, I get a 500 error: 'Premature end of script headers'.
Because the CGI works fine in /var/www/cgi-bin, but not in my user
directory /opt/www/users/mylogin/html/cgi-bin, I figured it's something
to do with:
1. my permissions/ownership; or
2. my httpd.conf.
Things I've eliminated:
- all directories above /opt/www/users/mylogin/html/cgi-bin have been
chmod'd o+x
- the /opt/www/users/mylogin/html/ and /opt/www/users/mylogin/html/cgi-bin
have been chmod'd o+rx
- the CGI is executable
- perl does reside in /usr/bin
- the CGI does run correctly from the command-line
- the httpd error_log merely states:
[Mon Jan 19 14:32:14 2004] [error] [client 192.168.0.10] Premature end of
script headers: foo.cgi
So what am I missing?
My abridged httpd.conf is below. I pared it down from ~1000 lines to ~200
using the following:
cat /etc/httpd/conf/httpd.conf | sed -e '/^#/d' | sed -e '/^$/d' | sed -e
'/^BrowserMatch/d' | sed -e '/^AddCharset/d' | sed -e '/^AddLanguage/d' |
sed -e '/^AddIcon/d'
ServerTokens ProductOnly
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 300
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
MaxClients 150
MaxRequestsPerChild 1000
</IfModule>
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
<IfModule perchild.c>
NumServers 5
StartThreads 5
MinSpareThreads 5
MaxSpareThreads 10
MaxThreadsPerChild 20
MaxRequestsPerChild 0
</IfModule>
Listen 80
Include conf.d/*.conf
LoadModule access_module modules/mod_access.so
LoadModule auth_module modules/mod_auth.so
LoadModule auth_anon_module modules/mod_auth_anon.so
LoadModule auth_dbm_module modules/mod_auth_dbm.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imap_module modules/mod_imap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
<IfModule prefork.c>
LoadModule cgi_module modules/mod_cgi.so
</IfModule>
<IfModule worker.c>
LoadModule cgid_module modules/mod_cgid.so
</IfModule>
User apache
Group apache
ServerAdmin root@somedomain
ServerName somebox.domedomain
UseCanonicalName Off
DocumentRoot "/opt/www/html"
<Directory />
Options none
AllowOverride none
Order deny,allow
Deny from all
</Directory>
<Directory "/opt/www/html">
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from 127.0.0.1 192.168.0.0/255.255.255.0
</Directory>
<IfModule mod_userdir.c>
UserDir disable
UserDir enable mylogin
UserDir /opt/www/users/*/html
</IfModule>
<Directory /opt/www/users/*/html>
AllowOverride None
Deny from all
Allow from 127.0.0.1 192.168.0.0/255.255.255.0
</Directory>
<Directory /opt/www/users/*/html/cgi-bin>
AllowOverride None
Options ExecCGI
AddHandler cgi-script .cgi .pl
Deny from all
Allow from 127.0.0.1 192.168.0.0/255.255.255.0
</Directory>
DirectoryIndex index.html index.html.var
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access_log combined
ServerSignature Off
Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Alias /manual "/var/www/manual"
<Directory "/var/www/manual">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_dav_fs.c>
DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<IfModule mod_cgid.c>
Scriptsock run/httpd.cgid
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort NameWidth=*
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ltz ca es sv
tw
ForceLanguagePriority Prefer Fallback
AddDefaultCharset ISO-8859-1
AddType application/x-tar .tgz
AddHandler imap-file map
AddHandler type-map var
AddOutputFilter INCLUDES .shtml
Alias /error/ "/opt/www/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/opt/www/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Order allow,deny
Allow from all
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Cannot get per-user CGI directories to work
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 19 Jan 2004, Donald Murray wrote:
> Does anyone have per-user CGI directories working?
Yes.
> I have already succeeded in getting users' pages served from
> /opt/www/users/mylogin/html, but cannot get CGIs to work in
> /opt/www/users/mylogin/html/cgi-bin.
>
> I placed foo.cgi in /var/www/cgi-bin:
> #!/usr/bin/perl -w
> print "Content-type: text/html\n\n";
> print "Hello, World.\n";
>
> This works fine. When I copy foo.cgi to /opt/www/users/mylogin/html/cgi-bin/
> and try to run it, I get a 500 error: 'Premature end of script headers'.
Are you using suexec? If your answer is "I don't know", then you probably
are using it, but you shouldn't be. Find the suexec binary and delete it.
It impliments some very strict security requirements that you are almost
certainly failing by moving your user directories out of /home.
For info on suexec, see:
http://httpd.apache.org/docs/suexec.html
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Cannot get per-user CGI directories to work
Posted by Rich Bowen <rb...@rcbowen.com>.
On Mon, 19 Jan 2004, Donald Murray wrote:
> Does anyone have per-user CGI directories working?
>
> My initial motivation was to have all user-specific html/CGI in
> a separate tree (/opt/www/users), thereby avoiding serving
> anything from beneath /home. There are related recipes in the
> Apache Cookbook (5.4 and 5.7), so it should be possible. I'm
> apparently too stubborn to give up on the idea. ;-)
Well, we tested our recipes, so it should work. ;-)
> I have already succeeded in getting users' pages served from
> /opt/www/users/mylogin/html, but cannot get CGIs to work in
> /opt/www/users/mylogin/html/cgi-bin.
>
> I placed foo.cgi in /var/www/cgi-bin:
> #!/usr/bin/perl -w
> print "Content-type: text/html\n\n";
> print "Hello, World.\n";
>
> This works fine. When I copy foo.cgi to /opt/www/users/mylogin/html/cgi-bin/
> and try to run it, I get a 500 error: 'Premature end of script headers'.
Well, that means that it is at least *trying* to execute it, so you are
at least halfway there.
> Because the CGI works fine in /var/www/cgi-bin, but not in my user
> directory /opt/www/users/mylogin/html/cgi-bin, I figured it's something
> to do with:
> 1. my permissions/ownership; or
> 2. my httpd.conf.
>
> Things I've eliminated:
> - all directories above /opt/www/users/mylogin/html/cgi-bin have been
> chmod'd o+x
> - the /opt/www/users/mylogin/html/ and /opt/www/users/mylogin/html/cgi-bin
> have been chmod'd o+rx
> - the CGI is executable
> - perl does reside in /usr/bin
> - the CGI does run correctly from the command-line
> - the httpd error_log merely states:
> [Mon Jan 19 14:32:14 2004] [error] [client 192.168.0.10] Premature end of
> script headers: foo.cgi
> <Directory /opt/www/users/*/html/cgi-bin>
> AllowOverride None
> Options ExecCGI
> AddHandler cgi-script .cgi .pl
> Deny from all
> Allow from 127.0.0.1 192.168.0.0/255.255.255.0
> </Directory>
This is ok, and the results above indicate that the configuration is
correct, but that there's something wrong with either the script itself,
or file permissions.
The fact that it works on one directory and not another points to a
suexec-related problem.
Look in the suexec log for a message about mismatched file permissions
or something like that.
--
Who can say where the road goes
Where the day flows
Only time
--Pilgrim (Enya - A Day Without Rain)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org