From owner-freebsd-questions@FreeBSD.ORG Thu Apr 29 00:36:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42E4B16A4CE for ; Thu, 29 Apr 2004 00:36:50 -0700 (PDT) Received: from dyer.circlesquared.com (host217-45-219-83.in-addr.btopenworld.com [217.45.219.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F92F43D60 for ; Thu, 29 Apr 2004 00:36:45 -0700 (PDT) (envelope-from peter@circlesquared.com) Received: from circlesquared.com (localhost.petanna.net [127.0.0.1]) i3T7bMxs003770; Thu, 29 Apr 2004 08:37:30 +0100 (BST) (envelope-from peter@circlesquared.com) Message-ID: <4090B0B2.70704@circlesquared.com> Date: Thu, 29 Apr 2004 08:37:22 +0100 From: Peter Risdon User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7b) Gecko/20040327 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Mikkel Christensen References: <200404262126.36157.mikkel@talkactive.net> <200404270916.42738.mikkel@talkactive.net> <408E2B2F.5050604@circlesquared.com> <200404281916.58166.mikkel@talkactive.net> In-Reply-To: <200404281916.58166.mikkel@talkactive.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Suexec with Apache 1.3.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Apr 2004 07:36:50 -0000 Mikkel Christensen wrote: >This is about Perl scripts only. > > > > This isn't about php at all. I know that mod_php will never run as > suexec and I'm not trying to do so either. Neither am I trying to get > php to run under suexec as CGI. Ah... I qualified my first post to you in terms of php only. I certainly didn't get this impression from your reply. >>I might have missed this in an earlier post, but when apache starts do >>you get lines in your /var/log/httpd-error.log like this: >> >>[notice] suEXEC mechanism enabled (wrapper: /usr/local/sbin/suexec) >> >> >> > >It don't output the line above. But everything seems to be right. >Apache tells me suexec is there and that it is properly configured to. The suEXEC log-line is not comming but still it's loaded in some way. > > From the apache manual. The wording is identical for versions 1.3 and 2: Upon startup of Apache, it looks for the file |suexec| in the directory defined by the |--sbindir| option (default is "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured suEXEC wrapper, it will print the following message to the error log: | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) | If you don't see this message at server startup, the server is most likely not finding the wrapper program where it expects it, or the executable is not installed /setuid root/. If you want to enable the suEXEC mechanism for the first time and an Apache server is already running you must kill and restart Apache. Restarting it with a simple HUP or USR1 signal will not be enough. If you want to disable suEXEC you should kill and restart Apache after you have removed the |suexec| file. I have found this the only valid test for successful installation of apache suexec. The above quote also offers some tests - is the suexec wrapper there? Is it setuid root? Did you already have a running apache when you installed this and if so have you killed it properly prior to a restart? PWR.