[ic] Run with suexec enabled ?
delionsweb - minivend
Sat, 04 Nov 2000 14:52:38 -0500
I do it.
Many things to check (A friend of mine calls suexec Fascist ;-)) :
1. Check Apache error_log when started for line: [notice] suexec mechanism
enabled (wrapper: /usr/local/Apache/bin/suexec)
Your location may be different but that does not matter as long as you KNOW
where Apache finds it.
2. Now check /usr/local/Apache/bin/suexec (It should be 4711):
-rws--x--x 1 root root 10872 Oct 28 14:15
3. The next thing is to make sure you use a suexec_log. This is not because
it is required but because it helps to find problems which can be VERY
frustrating - trust me, I know!
This can be tricky because it is compiled into suexec. If you compile your
own Apache then these configure options will be useful :
--enable-suexec --suexec-caller=httpd --suexec-docroot=/home
--suexec-userdir=public_html --suexec-uidmin=500 --suexec-gidmin=500
Things to note:
a. uidmin and gidmin: You have to know the values your suexec was compiled
with!!! If shop:shop (UID:GID) is lower than 500:500 in this example then
suexec will refuse to run scripts for shop! Make shop:shop uid:gid > 500!
b. docroot: If the shop scripts are not in sub directory of this then again
- forget it
c. caller: For you it has to be httpd. If your suexec was compiled for
nobody then *your* web server (user=httpd) cannot use it!
d. logfile: This is the one - we want to know where to find it!
e. I recommend downloading Apache source and compiling it JUST to get a
good suexec in src/support. You can then copy that anywhere you want and
throw away all the other Apache stuff!
4. Your script should NOT be suid!!! chmod 0755 <your link script>
(/home/shop/cgi-bin/construct for example)
5. Now you can look in suexec_log when the script still does not work you
can look for error messages like this:
error: target uid/gid (502/503) mismatch with directory (502/502) or
6. Make your shop 'root' directory (/home/shop?) and cgi-bin
(/home/shop/cgi-bin) rwxr-xr-x (chmod 755)
Now it should work or you can find clues to make it work in suexec_log.
At 05:25 AM 11/4/00, you wrote:
>Any ideas , anybody knows how to do it ? or where to find how to do it ?
>I read all the documentation, but there is nothing on that.
> > Does anybody know how to make interchange when suexec is enabled ?
> > I allready tried different things like putting interch in the group of
> > shopowner and in the group of httpd , but nothing ( and the other way
> > arround also nothing)
> > httpd runs as httpd:shadow
> > interch as interch:interch
> > shop as shop:shop ? (I guess)
> > Thank you !
> > Andrei
>Interchange-users mailing list