You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/07/21 10:07:50 UTC

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





------- Additional Comments From seanpublic@attbi.com  2002-07-21 08:07 -------
I've got the same behavior as Alex, but my error log contains the following 
line:

[Sun Jul 21 02:02:44 2002] [notice] suEXEC mechanism enabled 
(wrapper: /usr/local/apache2/bin/suexec)

Which is exactly where the suexec binary is located with permissions and 
ownership set to:

-rwsr-xr-x    1 root     root        61091 Jul 21 00:46 suexec*

I'm using the source dist httpd-2.0.39.tar.gz. Without modifying any file 
inside the tarball, I use the following configure command, as per the "--help"
 from the configure script, INSTALL doc, and various Apache 2 docs including 
http://httpd.apache.org/docs-2.0/suexec.html:

./configure\
 --enable-auth-dbm=shared\
 --enable-cern-meta=shared\
 --enable-deflate=shared\
 --enable-expires\
 --enable-ext-filter=shared\
 --enable-headers\
 --enable-mime-magic=shared\
 --enable-rewrite=shared\
 --enable-so\
 --enable-ssl\
 --enable-suexec=shared\
 --enable-unique-id\
 --enable-vhost-alias=shared\
 --with-suexec-caller=webuser\
 --with-suexec-docroot=/usr/local/apache2/htdocs\
 --with-suexec-logfile=/usr/local/apache2/logs/suexec_log

BTW, I get the same results whether the suexec mod is shared or static. I've 
commented the LoadModule for all the extension and experimental shared modules 
in httpd.conf, except for suexec. I've tried to force the suexec to fail by 
calling it directly on the command line and found that it couldn't write to 
it's log file. (An error would appear on STDERR.) That's why I've explicitly 
specified the --with-suexec-logfile parameter, which I've set to the default 
according to the suexec.html doc. Now the suexec_log file contains the 
following, when I try calling suexec from command line:

[2002-07-21 02:30:36]: too few arguments

I'm attempting to run a script from a user directory, my own, but it's being 
executed, properly I might add, as though no suexec were running. I've tried 
changing the permissions on the script to violate the suexec rules, but no 
output is every written to the suexec_log. My suexec module is the only one 
that's being loaded in the httpd.conf:

#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule suexec_module modules/mod_suexec.so

And I've confirmed that when I start the server with the LoadModule uncommented 
the suexec mech enabled appears and if it's commented, it doesn't appear.

When I run my CGI from the cgi-bin dir (http://pinky/~sean/cgi-bin/env), which 
is ScriptAliasMatch(ed) so I don't need extensions for cgi, I get the following 
abbreviated results:

<env stuff>
-------------
uid=666(www) gid=666(www) groups=666(www)  COMMENT: id command
www                                        COMMENT: whoami command

Running the strings command on httpd grepping on suexec, I get quite a few 
results, hooks mainly; however, the following would indicate that the server 
knows where to reach the suexec binary:

 -D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
/usr/local/apache2/bin/suexec

The one peculiar item that I've noticed when reading one comment was that the 
suexec mod appeared with the httpd -l command, as mod_suexec.so, but my list 
looks as follows:

root@pinky# ../bin/httpd -l
Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_expires.c
  mod_headers.c
  mod_unique_id.c
  mod_setenvif.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c

Hopefully, this might be a clue to solving the problem. The module seemed to be 
include in the configure and make of the build process, and as I've already 
mentioned, things are being installed where they belong, namely suexec binary, 
and the server's config had a LoadModule directive for it without my assistance.

That's all I could think to include in this plea for help. If more info is 
needed, I'd be glad to fork it over. I'm uploading files through CGI (to my 
giant storage area) and I really need suid functionality to save them as myself 
rather than the web user; otherwise, where else would all my junk go?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org