You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jochen Kächelin <jk...@linux.amsjk.de> on 2002/09/29 02:18:51 UTC
Re[2]: [users@httpd] i'am to stupid to configure suexec
Yes, everything there looks right for the configuration you've described.
Mmmmh, sounds good!
Are the /www directories actually there or symlinks?
They are actualla there!
Do you also have the "LoadModule suexec_module modules/mod_suexec.so" line?
No, there's no line in my /etc/httpd/httpd.conf!
/usr/local/apache2/bin/httpd -l shows:
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_setenvif.c
mod_ssl.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_suexec.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
Are you experiencing a problem, or do you just want confirmation that
you have no blatant security hole?
I'am looking for a script to test my configuration!
How can I test under what user a perl-Script is running!
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re[2]: [users@httpd] i'am to stupid to configure suexec
Posted by Jochen Kächelin <jk...@linux.amsjk.de>.
SL> #!/usr/bin/perl
SL> print "Content-type: text/plain\n\n";
SL> print "I am real uid $<, effective uid $>.\n";
SL> print "I am real gid $(, effective gid $).\n";
SL> Real and effective should be the same here, I think.
I get the following when I run your script:
I am real uid 99, effective uid 99.
I am real gid 99 99, effective gid 99 99.
99 ist the uid of nobody, gid 99 is group nobody - exactly under
what apache runs. But in the VirtualHost container there's
SuexecUserGroup jochen jochen // uid = 500, gid = 500
Why must I use this directive?
Ok. Thanks.
--
Jochen Kaechelin
jk@linux.amsjk.de
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] i'am to stupid to configure suexec
Posted by Scott Lamb <sl...@slamb.org>.
Jochen Kächelin wrote:
> Do you also have the "LoadModule suexec_module modules/mod_suexec.so" line?
>
> No, there's no line in my /etc/httpd/httpd.conf!
>
> /usr/local/apache2/bin/httpd -l shows:
>
>
> Compiled in modules:
[...]
> mod_suexec.c
Oh, okay. You don't need it, then.
> I'am looking for a script to test my configuration!
>
> How can I test under what user a perl-Script is running!
There are special variables in perl that describe the current uid and
gid. Take a look at "perldoc perlvar" for details, but this should tell
you what you want:
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
print "I am real uid $<, effective uid $>.\n";
print "I am real gid $(, effective gid $).\n";
Real and effective should be the same here, I think.
If you want to be really sure, be sure to test some failure cases, too -
a user below the minimum number, overly permissive permissions, etc. You
should get an unhelpful error message when viewing the page and
something more useful in suexec_log.
Scott
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org