You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by tom <la...@comcast.net> on 2003/12/08 23:34:47 UTC
[users@httpd] Can't get suexec to work with apache 2
I've attempted to compile httpd-2.0.48 with suexec support with the
following options:
./configure --enable-suexec --with-suexec-userdir=www
--with-suexec-docroot=/www
--with-suexec_logfile=/usr/local/apache2/suexec_log
--with-suexec_caller=www --enable-so
I've created a directory /www, which will contain subdirectories with
each users name, and then created a symlink: /home/username/www ->
/www/username. The scripts are executed from /www/username/cgi-bin
(pointed to by the ScriptAlias in the config file0. In fact, just for
testing purposes, I've even tried eliminating the symlink and putting
everything directly into the /home/username directory (as it would be
normally), but the results are the same.
The User in the configuration file is set to www
The UserDir in the configuration file is set to www
The DocumentRoot in the configuration file is set to /www
When I start apache, the error_log says that suexec has been enabled,but
when I execute a php script (owned by the user, set to mode 755) that
returns the name of the user, I always get www (the user under which
httpd is running), rather than the name of the user executing the
script.
What's particularly odd is that there is no suexec_log, whether or not
it is specified in the configuration.
I'm at a loss here. Anyone with any tips on what I might to do get this
working will be appreciated.
Thanks.
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work with apache 2
Posted by Joshua Slive <jo...@slive.ca>.
On Tue, 9 Dec 2003, tom wrote:
> > But I'm still not sure that you understand exactly what a CGI script is.
> > Running php as a CGI means you do *not* compile the php module into
> > apache. Rather, your php scripts are run through an external php binary,
> > usually using the Action directive to map the .php files to the binary.
> >
> > So are you really running php as a CGI?
>
> No. Php has been compiled as a binary and the module is being loaded via
> the httpd.conf file. As a point of clarification, don't they both
> perform the function of a CGI, the only difference being the method of
> execution?
If PHP is loaded using the LoadModule directive, then you are NOT using a
CGI script.
Both CGI scripts and apache modules can generate dynamic content, but CGI
scripts are run in a separate forked process, while apache modules are run
as part of the apache process. Only the former can use suexec, because
suexec is used to fork processes with different permissions.
Punch line: you can't use suexec with php when loaded as an apache module.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work with apache 2
Posted by tom <la...@comcast.net>.
On Tue, 2003-12-09 at 11:50, Joshua Slive wrote:
> On Tue, 9 Dec 2003, tom wrote:
> > > I assume php is running as a CGI script, right? suexec works ONLY for CGI
> > > scripts.
> >
> > If you mean, "is it being accessed from the cgi-bin," no.
> >
> > I cut out the symlink stuff, created a cgi-bin in the ScriptAliased
> > directory, and put my test script there. Now it appears as though suexec
> > is running at least- there is an suexec_log, and it does indicate that
> > the scripts are being accessed. My only problem at this point seems to
> > be figuring out why the scripts fail with an internal server error,
> > saying that the log file cannot be opened (which log file isn't clear).
>
> Showing exact quotes from the logs is much more helpful.
[Tue Dec 09 13:34:13 2003] [error] [client 127.0.0.1] Premature end of
script headers: test3.php
[Tue Dec 09 13:34:13 2003] [error] [client 127.0.0.1] failed to open log
file
[Tue Dec 09 13:34:13 2003] [error] [client 127.0.0.1] fopen: Permission
denied
>
> But I'm still not sure that you understand exactly what a CGI script is.
> Running php as a CGI means you do *not* compile the php module into
> apache. Rather, your php scripts are run through an external php binary,
> usually using the Action directive to map the .php files to the binary.
>
> So are you really running php as a CGI?
No. Php has been compiled as a binary and the module is being loaded via
the httpd.conf file. As a point of clarification, don't they both
perform the function of a CGI, the only difference being the method of
execution?
Thanks.
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work with apache 2
Posted by Joshua Slive <jo...@slive.ca>.
On Tue, 9 Dec 2003, tom wrote:
> > I assume php is running as a CGI script, right? suexec works ONLY for CGI
> > scripts.
>
> If you mean, "is it being accessed from the cgi-bin," no.
>
> I cut out the symlink stuff, created a cgi-bin in the ScriptAliased
> directory, and put my test script there. Now it appears as though suexec
> is running at least- there is an suexec_log, and it does indicate that
> the scripts are being accessed. My only problem at this point seems to
> be figuring out why the scripts fail with an internal server error,
> saying that the log file cannot be opened (which log file isn't clear).
Showing exact quotes from the logs is much more helpful.
But I'm still not sure that you understand exactly what a CGI script is.
Running php as a CGI means you do *not* compile the php module into
apache. Rather, your php scripts are run through an external php binary,
usually using the Action directive to map the .php files to the binary.
So are you really running php as a CGI?
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work with apache 2
Posted by tom <la...@comcast.net>.
On Mon, 2003-12-08 at 18:08, Joshua Slive wrote:
> On Mon, 8 Dec 2003, tom wrote:
> > I've created a directory /www, which will contain subdirectories with
> > each users name, and then created a symlink: /home/username/www ->
> > /www/username. The scripts are executed from /www/username/cgi-bin
> > (pointed to by the ScriptAlias in the config file0. In fact, just for
> > testing purposes, I've even tried eliminating the symlink and putting
> > everything directly into the /home/username directory (as it would be
> > normally), but the results are the same.
>
> I don't believe that suexec will work with symlinks, although I haven't
> checked in the code lately.
>
> Does suexec appear enabled when you do "./httpd -V"?
No, but it does appear enabled in the error_log.
> What EXACTLY is the URL that you are using to access the scripts?
localhost/~userdir/testscript.php
> What EXACTLY is the filesystem location of the scripts?
/home/userdir/www, with www symlinked to /www/username
>
> I assume php is running as a CGI script, right? suexec works ONLY for CGI
> scripts.
If you mean, "is it being accessed from the cgi-bin," no.
I cut out the symlink stuff, created a cgi-bin in the ScriptAliased
directory, and put my test script there. Now it appears as though suexec
is running at least- there is an suexec_log, and it does indicate that
the scripts are being accessed. My only problem at this point seems to
be figuring out why the scripts fail with an internal server error,
saying that the log file cannot be opened (which log file isn't clear).
Apparently the rules for UserDir-based scripts are a little more strict
than for those for virtual hosts (where you can specify separate
ScriptAliased directories).
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Can't get suexec to work with apache 2
Posted by Joshua Slive <jo...@slive.ca>.
On Mon, 8 Dec 2003, tom wrote:
> I've created a directory /www, which will contain subdirectories with
> each users name, and then created a symlink: /home/username/www ->
> /www/username. The scripts are executed from /www/username/cgi-bin
> (pointed to by the ScriptAlias in the config file0. In fact, just for
> testing purposes, I've even tried eliminating the symlink and putting
> everything directly into the /home/username directory (as it would be
> normally), but the results are the same.
I don't believe that suexec will work with symlinks, although I haven't
checked in the code lately.
Does suexec appear enabled when you do "./httpd -V"?
What EXACTLY is the URL that you are using to access the scripts?
What EXACTLY is the filesystem location of the scripts?
> When I start apache, the error_log says that suexec has been enabled,but
> when I execute a php script (owned by the user, set to mode 755) that
> returns the name of the user, I always get www (the user under which
> httpd is running), rather than the name of the user executing the
> script.
I assume php is running as a CGI script, right? suexec works ONLY for CGI
scripts.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org