Date: Sun, 20 Feb 2000 15:09:43 -0500 (EST) From: Robert <robert@mail.id.net> To: fjoe@iclub.nsu.ru (Max Khon) Cc: robert@mail.id.net, freebsd-isp@FreeBSD.ORG, robert@id.net Subject: Re: ** Apache 1.3.11 w/FP 2000 Problem ** Message-ID: <200002202009.PAA13616@server.id.net> In-Reply-To: <Pine.BSF.4.21.0002201504420.4818-100000@iclub.nsu.ru> from Max Khon at "Feb 20, 2000 3: 7:17 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Okay.. Either I'm stupid, or I expect entirely way to much from
> > Microsoft.. Here's the scoop. Setting up a new webserver, plan on
> > moving all the old virtuals over to it. We're using NIS for user
> > authentication.
> >
> > /v/website1 owned by owner1.patron
> > /v/website2 owned by owner2.patron
> > ... etc.
> >
> > So when they connect & login using FTP, everything works fine..
> >
> > Configured apache with:
> > --enable-suexec \
> > --suexec-caller=root \
> > --suexec-gidmin=20 \
> > --fpexec-caller=root \
> > --fpexec-logfile=/var/log/fpexec.log \
> > --fpexec-gidmin=20 \
> > --fpexec-user=nobody \
> > --fpexec-group=nogroup
> > ...
> >
> > chown'd -R nobody.nogroup /usr/local/frontpage
> >
> > 1st problem is, if /v/website1 isn't chowned nobody.nogroup, Frontpage
> > doesn't and suEXEC don't work for some reason.. If it is chown'd
> > nobody.nogroup then my users can't write to their directories while
> > FTP'd in, and CGI scripts don't work...
> >
> > Am I missing the point, or what? I need my users to be able to get
> > into their servers via FTP -or- Frontpage, and my Apache needs to be
> > able to access users home directories for websites as well (hence
> > running it as root w/suEXEC).
>
> have you installed apache + fp from ports?
> if yes, what does suexec complain about in logs?
No, I didn't compile from the ports because I needed a kitchen sink build..
Server Version: Apache/1.3.11 (Unix) mod_perl/1.21 PHP/3.0.14 FrontPage/4.0.4.3 AuthMySQL/2.20 mod_ssl/2.5.0 OpenSSL/0.9.4
Server Built: Feb 20 2000 04:25:05
Okay, so far here's what I've got...
* chown'd every virtual website to nobody.nogroup which allows Frontpage to
work fine.
* Got suEXEC setup so CGI scripts in user directories work fine.
* Hack'd ProFTPD so when a virtual website owner logs in it changes their
uid/gid to nobody/nogroup.
Now the only thing left is getting suEXEC to work in the virtual website
directories.
+ If I run the server as root/wheel, then it gives them root permissions.
+ If I run the server as nobody/nogroup, it works fine for the virtual users,
but then my normal user (~user) accounts don't work (No permissions to
read the user directories).
+ If I run the server as root/wheel, then in the <virtual> config area put
the "user nobody" and "group nogroup" commands, the webserver complains
about "Premature end of script headers", which basically means it's failing
because it's expecting to run suEXEC as user 'root', but it's actually
being ran as user 'nobody'.
I can't believe I'm the only one that has had this problem...:(
-- Rob
===
_/_/_/_/_/ _/_/_/_/ _/_/ _/ _/_/_/_/_/ _/_/_/_/_/
_/ _/ _/ _/_/_/ _/ _/ _/ _/_/_/_/ _/
_/_/_/_/_/ _/_/_/_/ _/ _/ _/_/_/_/_/ _/
Innovative Data Services, Inc. Serving The United States
Internet Service Provider / Hardware Sales / Consulting Services
Voice: (248)855-2118 / Fax: (248)855-0696 / Web: http://www.id.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002202009.PAA13616>