You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ken Tanzer <ke...@gmail.com> on 2010/11/30 01:10:58 UTC
[users@httpd] Can't get suexec to work on a userdir
Hi. I'm looking for some help with using suexec and userdir (2.2.15 on FC11).
I have this test script running in a userdir (~test44/public_html/test.php):
<?php system('whoami'); ?>
And it keeps reporting apache, not test44.
Suexec is enabled, as shown in error log file.
Per the documentation (http://httpd.apache.org/docs/2.2/suexec.html):
"The only requirement needed for this feature to work is for CGI
execution to be enabled for the user and that the script must meet the
scrutiny of the security checks above."
When I access the test page, no errors are logged to the suexec.log
file, so it doesn't seem to be failing the security checks.
So either CGI execution is not enabled for users (how does one enable
that?), or else it's something else completely I'm missing.
I'll be glad to feel dumb in someone can tell me what it is! :) TIA!
Ken Tanzer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work on a userdir
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 30.11.10 00:29, Ken Tanzer wrote:
> I _think_ that PHP is running as a module (based on this section of my
> php conf file:
>
> <IfModule prefork.c>
> LoadModule php5_module modules/libphp5.so
> </IfModule>
> <IfModule worker.c>
> LoadModule php5_module modules/libphp5-zts.so
> </IfModule>
>
> But not sure of the implications. Do the PHP scripts need to run as
> CGI in order for suexec to work?
Precisely. There was mod_suphp module for apache 2.0 somewhere, you can
search if it sills up your requirements, or you can try using peruser MPM.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work on a userdir
Posted by Ken Tanzer <ke...@gmail.com>.
I _think_ that PHP is running as a module (based on this section of my
php conf file:
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule worker.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>
But not sure of the implications. Do the PHP scripts need to run as
CGI in order for suexec to work?
Ken
On Tue, Nov 30, 2010 at 12:14 AM, Matus UHLAR - fantomas
<uh...@fantomas.sk> wrote:
> On 29.11.10 16:10, Ken Tanzer wrote:
>> Hi. I'm looking for some help with using suexec and userdir (2.2.15 on FC11).
>>
>> I have this test script running in a userdir (~test44/public_html/test.php):
>>
>> <?php system('whoami'); ?>
>>
>> And it keeps reporting apache, not test44.
>
> do you run PHP scripts as CGI?
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Spam is for losers who can't get business any other way.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work on a userdir
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 29.11.10 16:10, Ken Tanzer wrote:
> Hi. I'm looking for some help with using suexec and userdir (2.2.15 on FC11).
>
> I have this test script running in a userdir (~test44/public_html/test.php):
>
> <?php system('whoami'); ?>
>
> And it keeps reporting apache, not test44.
do you run PHP scripts as CGI?
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam is for losers who can't get business any other way.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org