Date: Thu, 29 Apr 2004 08:37:22 +0100 From: Peter Risdon <peter@circlesquared.com> To: Mikkel Christensen <mikkel@talkactive.net> Cc: freebsd-questions@freebsd.org Subject: Re: Suexec with Apache 1.3.29 Message-ID: <4090B0B2.70704@circlesquared.com> In-Reply-To: <200404281916.58166.mikkel@talkactive.net> References: <200404262126.36157.mikkel@talkactive.net> <200404270916.42738.mikkel@talkactive.net> <408E2B2F.5050604@circlesquared.com> <200404281916.58166.mikkel@talkactive.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikkel Christensen wrote: >This is about Perl scripts only. > > > > This isn't about php at all. I know that mod_php will never run as > suexec and I'm not trying to do so either. Neither am I trying to get > php to run under suexec as CGI. Ah... I qualified my first post to you in terms of php only. I certainly didn't get this impression from your reply. >>I might have missed this in an earlier post, but when apache starts do >>you get lines in your /var/log/httpd-error.log like this: >> >>[notice] suEXEC mechanism enabled (wrapper: /usr/local/sbin/suexec) >> >> >> > >It don't output the line above. But everything seems to be right. >Apache tells me suexec is there and that it is properly configured to. The suEXEC log-line is not comming but still it's loaded in some way. > > From the apache manual. The wording is identical for versions 1.3 and 2: <quote> Upon startup of Apache, it looks for the file |suexec| in the directory defined by the |--sbindir| option (default is "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured suEXEC wrapper, it will print the following message to the error log: | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) | If you don't see this message at server startup, the server is most likely not finding the wrapper program where it expects it, or the executable is not installed /setuid root/. If you want to enable the suEXEC mechanism for the first time and an Apache server is already running you must kill and restart Apache. Restarting it with a simple HUP or USR1 signal will not be enough. If you want to disable suEXEC you should kill and restart Apache after you have removed the |suexec| file. </quote> I have found this the only valid test for successful installation of apache suexec. The above quote also offers some tests - is the suexec wrapper there? Is it setuid root? Did you already have a running apache when you installed this and if so have you killed it properly prior to a restart? PWR.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4090B0B2.70704>