You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mario Ohnewald <ma...@bortal.de> on 2006/01/24 17:12:42 UTC
[users@httpd] suexec and apache 2.0.54-5 on sarge
Hello List.
I am running apache2 (2.0.54-5) on Sarge.
Where can i go from here? How could i debug this problem a little
further?
Error:
-----------------------------------------
cat /var/log/apache2/suexec.log
[2006-01-24 16:55:55]: too few arguments
Configs and Logs:
----------------------------------------
/etc/apache2# /usr/lib/apache2/suexec2 -V
-D AP_DOC_ROOT="/home/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="html"
/etc/apache2# apache2 -V
Server version: Apache/2.0.54
Server built: Sep 5 2005 11:15:09
Server's Module Magic Number: 20020903:9
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec2"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
/etc/apache2# grep -i suexec /var/log/apache2/*.log
/var/log/apache2/error.log:[Tue Jan 24 16:42:21 2006] [notice] suEXEC
mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
/var/log/apache2/error.log:[Tue Jan 24 16:54:55 2006] [notice] suEXEC
mechanism enabled (wrapper: /usr/lib/apache2/suexec2)
VHost config:
---------------------------------------------------
<Directory "/home/www/user7/html">
Options -FollowSymLinks -SymLinksIfOwnerMatch
<IfModule mod_access.c>
Allow from all
</IfModule>
</Directory>
<Directory "/home/www/user7/html/cgi-bin/">
<IfModule mod_python.c>
<Files ~ "\.py$">
AddHandler python-program .py
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
</Directory>
<VirtualHost 192.168.1.252:80>
ServerName user7.example.org
DocumentRoot /home/www/user7/html
SuexecUserGroup user7 user7
ScriptAlias /cgi-bin/ /home/www/user7/html/cgi-bin/
<IfModule mod_python.c>
<Files ~ "\.py$">
AddHandler python-program .py
PythonHandler mod_python.publisher
</Files>
</IfModule>
php_admin_value
open_basedir /home/www/user7/html/:/home/www/user7/phptmp/:/home/www/user7/files/:/home/www/user7/atd/
php_admin_value file_uploads 1
php_admin_value upload_tmp_dir /home/www/user7/phptmp/
</VirtualHost>
Thanks a lot, Mario
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Posted by Joshua Slive <jo...@slive.ca>.
On 1/25/06, Mario Ohnewald <ma...@bortal.de> wrote:
> The error i get now is the following:
> -------------------------------------------------------------------
> [error] [client 192.168.1.201] Premature end of script headers: test.php
> [error] [client 192.168.1.201] Error in suphp.c on line 256:
> Inappropriate permissions set on script
>
>
> ls -alh /home/www/web7/html/joomla/test.php
> -rwxrwxrwx 1 web7 web7 761 Jan 24
> 18:12 /home/www/web7/html/joomla/test.php
suphp and suexec are *not* the same thing. I don't know anything
about suphp. You might have better luck contacting a support forum
dedicated to this tool.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Posted by Mario Ohnewald <ma...@bortal.de>.
Hi,
On Tue, 2006-01-24 at 13:22 -0500, Joshua Slive wrote:
> On 1/24/06, Mario Ohnewald <ma...@bortal.de> wrote:
>
> > When i tried to write a file to my homedir with php´s fwrite i got
> > permission denied. So i guess its like you already told me.
> > Php is not using the suexec yet.
> >
> > What documentation will i need next?
> > (i found a few, but they are mostly buggy, incomplete or wrong)
>
> It depends on what you want to do. If you want to use php and suexec,
> then you need to use php as a cgi script rather than an apache module.
My documentation source:
http://download1.swsoft.com/Confixx/ConfixxPro3.1/docs/manuals/en/en_install.pdf
(...)
1.1.1 Apache
(www.apache.org)
If you want to permit CGI access to Apache, you should ensure that
suEXEC has been set up accordingly. Without suEXEC, each CGI will be
executed under the Apache user. For this reason, the CGI scripts have
the same privileges as Apache users. Apache has “read only” privileges
for system files/folders and for all user directories. This means that
one Apache user can accesses other users’ data by running a simple CGI
script. If suEXEC has been activated, CGI scripts are executed under the
user who is registered in the Apache configuration file.
(/...)
Thats what i want to acomplish.
(...)
The virtual host entries generated by Confixx contain this information.
If suEXEC is running on your system, you will find an entry in your
Apache error log file similar to the following one:
[notice] suEXEC mechanism enabled
(wrapper: /usr/local/apache/bin/suexec)
(/...)
Thats what i get in my logs.
(...)
If there is no such entry, please check which path has been compiled in
Apache for suEXEC by executing a “httpd -V” command. Please make sure
that suEXEC can be called up using this path.
(/...)
apache2 -V
Server version: Apache/2.0.54
Server built: Sep 5 2005 11:15:09
Server's Module Magic Number: 20020903:9
Architecture: 32-bit
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT=""
-D SUEXEC_BIN="/usr/lib/apache2/suexec2"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
(...)
Furthermore, the SUID bit must be set for the program suEXEC. suEXEC
must be owned by user ’root’.
(/...)
ls -alh /usr/lib/apache2/suexec2
-rwsr-x--- 1 root www-data 11K Jan 15 22:42 /usr/lib/apache2/suexec2
(...)
To enable CGI scripts operation in user directories while suEXEC is
activated, ensure these directories are located in the document root of
suEXEC.
(/...)
/usr/lib/apache2/suexec2 -V
-D AP_DOC_ROOT="/home/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="html"
(...)
If the input is similar, it means that any directory inside /home/www
would be appropriate. If you are unable to move user directories to this
document root, you must re-compile suEXEC. [Wed Jan 25 15:15:08 2006]
[error] [client 192.168.1.201] Premature end of script headers: test.php
[Wed Jan 25 15:15:08 2006] [error] [client 192.168.1.201] Error in
suphp.c on line 256: Inappropriate permissions set on script
(/...)
Okay, so far it looks like i am on track.
The error i get now is the following:
-------------------------------------------------------------------
[error] [client 192.168.1.201] Premature end of script headers: test.php
[error] [client 192.168.1.201] Error in suphp.c on line 256:
Inappropriate permissions set on script
ls -alh /home/www/web7/html/joomla/test.php
-rwxrwxrwx 1 web7 web7 761 Jan 24
18:12 /home/www/web7/html/joomla/test.php
Any further ideas?
Thanks, Mario
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Posted by Joshua Slive <jo...@slive.ca>.
On 1/24/06, Mario Ohnewald <ma...@bortal.de> wrote:
> When i tried to write a file to my homedir with php´s fwrite i got
> permission denied. So i guess its like you already told me.
> Php is not using the suexec yet.
>
> What documentation will i need next?
> (i found a few, but they are mostly buggy, incomplete or wrong)
It depends on what you want to do. If you want to use php and suexec,
then you need to use php as a cgi script rather than an apache module.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Posted by Mario Ohnewald <ma...@bortal.de>.
Hello Joshua,
On Tue, 2006-01-24 at 11:16 -0500, Joshua Slive wrote:
> On 1/24/06, Mario Ohnewald <ma...@bortal.de> wrote:
> > Hello List.
> >
> > I am running apache2 (2.0.54-5) on Sarge.
> >
> > Where can i go from here? How could i debug this problem a little
> > further?
>
> What's the problem exactly? You haven't told us exactly what you are
> trying to do and how it is failing.
I simply restarted apache2, checked the logs, saw that error, googled,
panicked and wrote to the list ;)
That error did not apear since then anymore.
>
> Note that neither php nor python will use suexec when run as an apache
> module. Only scripts run through mod_cgi/mod_include will use suexec.
Okay. I simply followed the docs here:
http://httpd.apache.org/docs/2.0/suexec.html
and it looks i am on track so far.
When i tried to write a file to my homedir with php´s fwrite i got
permission denied. So i guess its like you already told me.
Php is not using the suexec yet.
What documentation will i need next?
(i found a few, but they are mostly buggy, incomplete or wrong)
Thanks, Mario
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Posted by Joshua Slive <jo...@slive.ca>.
On 1/24/06, Mario Ohnewald <ma...@bortal.de> wrote:
> Hello List.
>
> I am running apache2 (2.0.54-5) on Sarge.
>
> Where can i go from here? How could i debug this problem a little
> further?
What's the problem exactly? You haven't told us exactly what you are
trying to do and how it is failing.
Note that neither php nor python will use suexec when run as an apache
module. Only scripts run through mod_cgi/mod_include will use suexec.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org