You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by up...@3.am on 2006/08/28 15:41:50 UTC
[users@httpd] Apache 2.2 SuExec problem
Hi:
After running Apache 1.3.x with SuExec for many years, I just upgraded to
2.2.3. I installed it from FreeBSD ports with SuExec enabled, but without
specifying much else, figuring I could change that runtime.
After making the neccessary changes in my virtual host users' conf file
(changing User and Group to SuExecUserGroup), I am getting a:
cannot get docroot information (/usr/local/www/data)
Error. Well that isn't the server's doc root, so I tried a simlink to it
from the real one (default FreeBSD ports selected), then the error changed
to this:
command not in docroot (/home/servers/vhost.com/cgi-bin/someform.cgi)
I checked the Apache docs on SuExec and found this:
"--with-suexec-docroot=DIR
Define as the DocumentRoot set for Apache. This will be the only
hierarchy (aside from UserDirs) that can be used for suEXEC behavior. The
default directory is the --datadir value with the suffix "/htdocs", e.g.
if you configure with "--datadir=/home/apache" the directory
"/home/apache/htdocs" is used as document root for the suEXEC wrapper."
I'm not sure I understand this. This is intended for the user of virtual
hosting customers, and their websites are under:
/home/servers/somecustomer.com/pages (their doc root)
/home/servers/somecustomer.com/cgi-bin (their cgi-bin)
If I understand the instructions correctly, Apache is going to append
"htdocs" onto whatever I use? I do have one of our sites running under
/usr/local/www/apache22/data/ (the FreeBSD default), should I just
specify:
/usr/local/www/apache22/ ?
If I do, how will the customers' cgi's work?
Thanks in advance!
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2 SuExec problem
Posted by Joshua Slive <jo...@slive.ca>.
On 8/28/06, up@3.am <up...@3.am> wrote:
> Definitely not all that clear...I don't suppose there's a runtime way to
> fix this...I dread possibly breaking all my module installs by
> recompiling...
The only runtime fix would be moving all your vhosts under the suexec docroot.
But recompiling shouldn't be a big deal. You can use config.nice to
recreate the old settings. And you don't even need to "make install".
You can copy the suexec binary manually.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2 SuExec problem
Posted by up...@3.am.
On Mon, 28 Aug 2006, Joshua Slive wrote:
> On 8/28/06, up@3.am <up...@3.am> wrote:
> >
> > I checked the Apache docs on SuExec and found this:
> >
> > "--with-suexec-docroot=DIR
> > Define as the DocumentRoot set for Apache. This will be the only
> > hierarchy (aside from UserDirs) that can be used for suEXEC behavior. The
> > default directory is the --datadir value with the suffix "/htdocs", e.g.
> > if you configure with "--datadir=/home/apache" the directory
> > "/home/apache/htdocs" is used as document root for the suEXEC wrapper."
> >
> > I'm not sure I understand this. This is intended for the user of virtual
> > hosting customers, and their websites are under:
> >
> > /home/servers/somecustomer.com/pages (their doc root)
> > /home/servers/somecustomer.com/cgi-bin (their cgi-bin)
> >
> > If I understand the instructions correctly, Apache is going to append
> > "htdocs" onto whatever I use?
>
> No. The docs are not all that clear here. The suexec docroot is
> distinct from the apache httpd DocumentRoot. It simply specifies a
> parent directory under which ALL the script that suexec exectures
> (with the expection of those mapped through mod_userdir) must live.
> So in your case, if all your sites are under /home/servers/... you
> should set the suexec docroot to /home/servers/.
Definitely not all that clear...I don't suppose there's a runtime way to
fix this...I dread possibly breaking all my module installs by
recompiling...
TIA,
James Smallacombe PlantageNet, Inc. CEO and Janitor
up@3.am http://3.am
=========================================================================
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache 2.2 SuExec problem
Posted by Joshua Slive <jo...@slive.ca>.
On 8/28/06, up@3.am <up...@3.am> wrote:
>
> Hi:
>
> After running Apache 1.3.x with SuExec for many years, I just upgraded to
> 2.2.3. I installed it from FreeBSD ports with SuExec enabled, but without
> specifying much else, figuring I could change that runtime.
>
> After making the neccessary changes in my virtual host users' conf file
> (changing User and Group to SuExecUserGroup), I am getting a:
>
> cannot get docroot information (/usr/local/www/data)
>
> Error. Well that isn't the server's doc root, so I tried a simlink to it
> from the real one (default FreeBSD ports selected), then the error changed
> to this:
>
> command not in docroot (/home/servers/vhost.com/cgi-bin/someform.cgi)
>
> I checked the Apache docs on SuExec and found this:
>
> "--with-suexec-docroot=DIR
> Define as the DocumentRoot set for Apache. This will be the only
> hierarchy (aside from UserDirs) that can be used for suEXEC behavior. The
> default directory is the --datadir value with the suffix "/htdocs", e.g.
> if you configure with "--datadir=/home/apache" the directory
> "/home/apache/htdocs" is used as document root for the suEXEC wrapper."
>
> I'm not sure I understand this. This is intended for the user of virtual
> hosting customers, and their websites are under:
>
> /home/servers/somecustomer.com/pages (their doc root)
> /home/servers/somecustomer.com/cgi-bin (their cgi-bin)
>
> If I understand the instructions correctly, Apache is going to append
> "htdocs" onto whatever I use?
No. The docs are not all that clear here. The suexec docroot is
distinct from the apache httpd DocumentRoot. It simply specifies a
parent directory under which ALL the script that suexec exectures
(with the expection of those mapped through mod_userdir) must live.
So in your case, if all your sites are under /home/servers/... you
should set the suexec docroot to /home/servers/.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org