Date: Mon, 26 Apr 2004 21:26:36 +0000 From: Mikkel Christensen <mikkel@talkactive.net> To: freebsd-questions@freebsd.org Subject: Suexec with Apache 1.3.29 Message-ID: <200404262126.36157.mikkel@talkactive.net>
next in thread | raw e-mail | index | archive | help
Hi
I've tried numerous times but never succeded in getting suexec to work properly.
Compiling Apache from ports with suexec doed not lead to any problems.
But it just never works.
Execution of CGI works perfectly. But it keeps running as the www-user.
My system seems just fine. Just look at the output from theese commands:
# httpd -l
Compiled-in modules:
http_core.c
mod_so.c
suexec: enabled; valid wrapper /usr/local/sbin/suexec
# suexec -V
-D DOC_ROOT="/home/web"
-D GID_MIN=1000
-D HTTPD_USER="www"
-D LOG_EXEC="/var/log/httpd-suexec.log"
-D LOGIN_CAP
-D SAFE_PATH="/bin:/usr/bin:/usr/local/bin"
-D UID_MIN=1000
-D USERDIR_SUFFIX="cgi-bin"
This is an example of a VirtualHost directive:
<VirtualHost [ip]>
DocumentRoot "/home/web/[user1]"
ServerName "[domain]"
ServerAlias "www.[domain]"
ServerAlias "user1.[servername]"
php_admin_value safe_mode_exec_dir "/home/web/{user1]:/var/tmp:/usr/local/lib/php"
php_admin_value open_basedir "/home/web/[user1]:/var/tmp:/usr/local/lib/php"
php_admin_value safe_mode_gid TRUE
ScriptAlias /cgi-bin/ /home/web/[user1]/cgi-bin/
User [user1]
Group [user1]
<Directory /home/web/[user1]/cgi-bin>
AllowOverride All
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
This is the corrosponding user in /etc/master.passwd:
[user1]:*:1004:1004::0:0:Common user; [user1]:/home/web/[user1]:/sbin/nologin
According to the Apache suexec tutorial as http://httpd.apache.org/docs/suexec.html I should get the following notification in httpd-error.log:
"[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)"
But this never shows. On the other hand I don't get any errors regarding the User and Group keywords in my VirtualHost (there will be errors if suexec is not installed).
According to the tutorial at the Apache website the missing notification means that suexec was not loaded because the suexec executable could not be found.
This however is not the case. "httpd -V" shows (among other things) this line " -D SUEXEC_BIN="/usr/local/sbin/suexec"".
Which is exactely where suexec is located.
Also the "suexec: enabled; valid wrapper /usr/local/sbin/suexec" is suppose to mean that suexec is properly configured.
httpd-suexec.log shows absolutely nothing. Neither does httpd-error.log
Now what do I do? There is no error-output at all so I don't have a clue of what is wrong.
I think that the problem might be related to the combination of --suexec-docroot=DIR and --suexec-userdir=DIR since I found the explanation in the tutorial confusing and might have percepted it wrong.
Or maybe the unix user [user1] needs some additional configuration.
I didn't have any luck looking through this mailinglist and google is not as usefull as it was a year ago.
Therefore I do hope that you have some kind of experience regarding this matter that might help solve my problem.
Thanks.
/ Mikkel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404262126.36157.mikkel>