[ic] Suexec BIG PROBLEMS --PleaseHelp!!

interchange-users@interchange.redhat.com interchange-users@interchange.redhat.com
Thu Mar 7 08:43:01 2002 

On Wed, Mar 06, 2002 at 10:37:17PM -0700, Paul Hoza wrote:
> At 07:33 PM 3/6/2002 -0500, you wrote:

> Apparently, using SUEXEC requires the use of the INET mode for the 
> catalog.  If I understand it right, INET mode basically defaults the 
> catalog to using TLINK... I'm still fresh from the oven with this whole 
> thing, so forgive me if my terminology is off.  I never got a working 
> catalog until I finally answered "INET" instead of "UNIX" in makecat, which 
> coincides with the documentation on IC:
>   http://interchange.redhat.com/cgi-bin/ic/docfly.html?mv_arg=icfaq12.00

Just to clarify this so others don't get mislead....

suexec means the web server runs the called program as the user that
owns it, not as the user running the web server.  For example, our
web server runs nobody:nogroup.  Our vlink is suid minivend, which is
the userid that runs the catalog.

In an suexec web server, the web server would su to minivend before calling
the vlink script.  That script would not have to be suid, but would be
owned by minivend.  I'd guess that the details of suexec might vary from
one web server to another?  Does WN running suexec behave same as Apache?

I don't see how suexec requires INET mode.  Someone correct me if I am
wrong, particularly if makecat does?  We don't use makecat.)

> 
> Additionally, the INET mode solved a problem I had in a different iteration 
> of creating a catalog.. the wonderful "We're sorry, the Interchange server 
> is unavailable..." gem.  I add that bit of info in case someone follows 
> this thread in the future when resolving SUEXEC questions:
>   http://interchange.redhat.com/cgi-bin/ic/docfly.html?mv_arg=icfaq05.02

That's not INET specific.  That is just a working configuration and the fact
that the installer did not die part way through.  You are attributing
success to the wrong factors, eg it was Wed; makecat works on Wed!

> 
> When you choose "INET" mode, you don't get asked about SUEXEC at all, but 
> instead there are two questions specific to INET... I took the defaults for 
> the port and the 'localhost' as the other answer (don't remember specifics 
> right off hand) and it worked great.
> 
> >>>I have not been able to run a catalog under ANY OTHER USER but interch!!
> >>>I NEED to run the catalog under the same user as my virtual server(s)!!
> >>>
> >>>I know that the interchange server runs as interch, and that is fine, 
> >>>but I need each catalog to run under different users.
> 
> This works fine for me, as I set up the permissions for the directories to 
> be owned by 'interch', and then ran makecat logged in as interch.  Then, 
> when the makecat is done, I chown /var/www/cgi-bin/catname.cgi to the site 
> administrator account (owner of the virtual site's admin) and set the chmod 
> 755.
> 
> This may be a kludge, but I had to also temporarily chown interch 
> /var/www/cgi-bin/ in order to finish makecat... then promptly switch it 
> back to owned by site admin.  I'm sure this is hokey, but it 
> worked.  Obviously, I'm not a stellar sysadmin.  *sigh*
> 
> >>>I use Suexec with Apache and everytime I run makecat and tell it that I 
> >>>use suexec I get the following error:
> >>>
> >>>"chown sampledata.xls: No such file or directory"
> >>For one reason or another your system cannot find the user under which 
> >>you are trying to configure it.  Login as the user under which you wish 
> >>to install it; don't su if you can avoid it.
> 
> I actually have success when I su interch and run makecat... please explain 
> why to avoid su?

su
who am i
whoami

Those finer details can easily trip you up.

> 
> I'm sure it's not the best method, but it's worked.  The important step I 
> missed when I was getting the above error was that I didn't have the 
> /usr/lib/interchange tree set to chown interch.interch.   Once I set that, 
> interch was able to run makecat without error.
> 
> I've only barely started the IC learning process, but I had many of your 
> same problems and finally figured it out... hope this helps.
> 
> Regards,
> Paul Hoza
> 
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users

-- 

Christopher F. Miller, Publisher                               cfm@maine.com
MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
1.207.657.5078                                         http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux