Date: Thu, 29 Apr 2004 11:03:57 +0000 From: Mikkel Christensen <mikkel@talkactive.net> To: freebsd-questions@freebsd.org Subject: Re: Suexec with Apache 1.3.29 Message-ID: <200404291103.57635.mikkel@talkactive.net> In-Reply-To: <200404291058.44766.mikkel@talkactive.net> References: <200404262126.36157.mikkel@talkactive.net> <200404291041.00879.mikkel@talkactive.net> <200404291058.44766.mikkel@talkactive.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 29 April 2004 10:58, Mikkel Christensen wrote: > On Thursday 29 April 2004 07:37, you wrote: > > Mikkel Christensen wrote: > > > This isn't about php at all. I know that mod_php will never run as=20 > > > suexec and I'm not trying to do so either. Neither am I trying to get= =20 > > > php to run under suexec as CGI. > >=20 > >=20 > > Ah... I qualified my first post to you in terms of php only. I certainl= y=20 > > didn't get this impression from your reply. > >=20 > PHP was discussed because because another user added a post about it. But= it was never part of my original question. >=20 > > > > > >It don't output the line above. But everything seems to be right. > > >Apache tells me suexec is there and that it is properly configured to.= The suEXEC log-line is not comming but still it's loaded in some way. > > > =A0 > > > > >=20 > > =A0From the apache manual. The wording is identical for versions 1.3 an= d 2: > >=20 > > <quote> > >=20 > > Upon startup of Apache, it looks for the file |suexec| in the directory= =20 > > defined by the |--sbindir| option (default is=20 > > "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured= =20 > > suEXEC wrapper, it will print the following message to the error log: > >=20 > > | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) | > >=20 > > If you don't see this message at server startup, the server is most=20 > > likely not finding the wrapper program where it expects it, or the=20 > > executable is not installed /setuid root/. > >=20 > > If you want to enable the suEXEC mechanism for the first time and an=20 > > Apache server is already running you must kill and restart Apache.=20 > > Restarting it with a simple HUP or USR1 signal will not be enough. > >=20 > > If you want to disable suEXEC you should kill and restart Apache after= =20 > > you have removed the |suexec| file. > >=20 > > </quote> > >=20 > >=20 > > I have found this the only valid test for successful installation of=20 > > apache suexec. The above quote also offers some tests - is the suexec=20 > > wrapper there? Is it setuid root? Did you already have a running apache= =20 > > when you installed this and if so have you killed it properly prior to = a=20 > > restart? > >=20 > > PWR. > >=20 >=20 > "httpd -V" outputs this line(among others but I have already posted them = once in my first post): ' -D SUEXEC_BIN=3D"/usr/local/sbin/suexec"' > "ls -l /usr/local/sbin/suexec" outputs "-rws--x--x =A01 root =A0wheel =A0= 10436 Apr 26 15:53 /usr/local/sbin/suexec" > Meaning suexec is located where it is suppose to be and has propper righg= s (the s-flag). >=20 > httpd -l outputs: > "Compiled-in modules: > =A0 http_core.c > =A0 mod_so.c > suexec: enabled; valid wrapper /usr/local/sbin/suexec" >=20 > Mening that it finds the wrapper. So I consider this part to be okay. > There was an existing running apache installation when I compiled and ins= tall the suexec version. > I have killed it nimerous times with "apachectl stop" and I made sure not= hing was running. > The fact that httpd-suexec.log has this entry "[2004-04-26 23:03:48]: ale= rt: too few arguments" written a few times proves to me that suexec is load= ed. > Now i tried killing apache using "killall -9 httpd" and the start it agai= n with "apachectl start". > Now for the first time "[notice] suEXEC mechanism enabled (wrapper: //pat= h/to/suexec/)" is printet to the error log. >=20 > But this leads to another problem. When executing the hellow-world script= under another username execution is refused. > The error "Premature end of script headers:" is printed to the error-log. > This error doen't show if I run the script as the www-user. > Do you have any idea of what is wrong? >=20 >=20 > - Mikkel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" >=20 >=20 I'm sorry about this post ending outside the thread to which it should belo= ng. The last post thould be a reply to this post: http://lists.freebsd.org/pipermail/freebsd-questions/2004-April/045194.html =2D Mikkel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404291103.57635.mikkel>