You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2002/07/21 10:07:50 UTC
DO NOT REPLY [Bug 9038] -
suexec is NOT being called by Apache 2.0.36
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038
suexec is NOT being called by Apache 2.0.36
------- Additional Comments From seanpublic@attbi.com 2002-07-21 08:07 -------
I've got the same behavior as Alex, but my error log contains the following
line:
[Sun Jul 21 02:02:44 2002] [notice] suEXEC mechanism enabled
(wrapper: /usr/local/apache2/bin/suexec)
Which is exactly where the suexec binary is located with permissions and
ownership set to:
-rwsr-xr-x 1 root root 61091 Jul 21 00:46 suexec*
I'm using the source dist httpd-2.0.39.tar.gz. Without modifying any file
inside the tarball, I use the following configure command, as per the "--help"
from the configure script, INSTALL doc, and various Apache 2 docs including
http://httpd.apache.org/docs-2.0/suexec.html:
./configure\
--enable-auth-dbm=shared\
--enable-cern-meta=shared\
--enable-deflate=shared\
--enable-expires\
--enable-ext-filter=shared\
--enable-headers\
--enable-mime-magic=shared\
--enable-rewrite=shared\
--enable-so\
--enable-ssl\
--enable-suexec=shared\
--enable-unique-id\
--enable-vhost-alias=shared\
--with-suexec-caller=webuser\
--with-suexec-docroot=/usr/local/apache2/htdocs\
--with-suexec-logfile=/usr/local/apache2/logs/suexec_log
BTW, I get the same results whether the suexec mod is shared or static. I've
commented the LoadModule for all the extension and experimental shared modules
in httpd.conf, except for suexec. I've tried to force the suexec to fail by
calling it directly on the command line and found that it couldn't write to
it's log file. (An error would appear on STDERR.) That's why I've explicitly
specified the --with-suexec-logfile parameter, which I've set to the default
according to the suexec.html doc. Now the suexec_log file contains the
following, when I try calling suexec from command line:
[2002-07-21 02:30:36]: too few arguments
I'm attempting to run a script from a user directory, my own, but it's being
executed, properly I might add, as though no suexec were running. I've tried
changing the permissions on the script to violate the suexec rules, but no
output is every written to the suexec_log. My suexec module is the only one
that's being loaded in the httpd.conf:
#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule suexec_module modules/mod_suexec.so
And I've confirmed that when I start the server with the LoadModule uncommented
the suexec mech enabled appears and if it's commented, it doesn't appear.
When I run my CGI from the cgi-bin dir (http://pinky/~sean/cgi-bin/env), which
is ScriptAliasMatch(ed) so I don't need extensions for cgi, I get the following
abbreviated results:
<env stuff>
-------------
uid=666(www) gid=666(www) groups=666(www) COMMENT: id command
www COMMENT: whoami command
Running the strings command on httpd grepping on suexec, I get quite a few
results, hooks mainly; however, the following would indicate that the server
knows where to reach the suexec binary:
-D SUEXEC_BIN="/usr/local/apache2/bin/suexec"
/usr/local/apache2/bin/suexec
The one peculiar item that I've noticed when reading one comment was that the
suexec mod appeared with the httpd -l command, as mod_suexec.so, but my list
looks as follows:
root@pinky# ../bin/httpd -l
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_expires.c
mod_headers.c
mod_unique_id.c
mod_setenvif.c
mod_ssl.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
Hopefully, this might be a clue to solving the problem. The module seemed to be
include in the configure and make of the build process, and as I've already
mentioned, things are being installed where they belong, namely suexec binary,
and the server's config had a LoadModule directive for it without my assistance.
That's all I could think to include in this plea for help. If more info is
needed, I'd be glad to fork it over. I'm uploading files through CGI (to my
giant storage area) and I really need suid functionality to save them as myself
rather than the web user; otherwise, where else would all my junk go?
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org