Date: Thu, 29 Apr 2004 10:58:44 +0000 From: Mikkel Christensen <mikkel@talkactive.net> To: freebsd-questions@freebsd.org Subject: Re: Suexec with Apache 1.3.29 Message-ID: <200404291058.44766.mikkel@talkactive.net> In-Reply-To: <200404291041.00879.mikkel@talkactive.net> References: <200404262126.36157.mikkel@talkactive.net> <4090B0B2.70704@circlesquared.com> <200404291041.00879.mikkel@talkactive.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 29 April 2004 07:37, you wrote: > Mikkel Christensen wrote: > > This isn't about php at all. I know that mod_php will never run as=20 > > suexec and I'm not trying to do so either. Neither am I trying to get=20 > > php to run under suexec as CGI. >=20 >=20 > Ah... I qualified my first post to you in terms of php only. I certainly= =20 > didn't get this impression from your reply. >=20 PHP was discussed because because another user added a post about it. But i= t was never part of my original question. > > > >It don't output the line above. But everything seems to be right. > >Apache tells me suexec is there and that it is properly configured to. T= he suEXEC log-line is not comming but still it's loaded in some way. > > =A0 > > >=20 > =A0From the apache manual. The wording is identical for versions 1.3 and = 2: >=20 > <quote> >=20 > Upon startup of Apache, it looks for the file |suexec| in the directory=20 > defined by the |--sbindir| option (default is=20 > "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured=20 > suEXEC wrapper, it will print the following message to the error log: >=20 > | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) | >=20 > If you don't see this message at server startup, the server is most=20 > likely not finding the wrapper program where it expects it, or the=20 > executable is not installed /setuid root/. >=20 > If you want to enable the suEXEC mechanism for the first time and an=20 > Apache server is already running you must kill and restart Apache.=20 > Restarting it with a simple HUP or USR1 signal will not be enough. >=20 > If you want to disable suEXEC you should kill and restart Apache after=20 > you have removed the |suexec| file. >=20 > </quote> >=20 >=20 > I have found this the only valid test for successful installation of=20 > apache suexec. The above quote also offers some tests - is the suexec=20 > wrapper there? Is it setuid root? Did you already have a running apache=20 > when you installed this and if so have you killed it properly prior to a= =20 > restart? >=20 > PWR. >=20 "httpd -V" outputs this line(among others but I have already posted them on= ce in my first post): ' -D SUEXEC_BIN=3D"/usr/local/sbin/suexec"' "ls -l /usr/local/sbin/suexec" outputs "-rws--x--x =A01 root =A0wheel =A010= 436 Apr 26 15:53 /usr/local/sbin/suexec" Meaning suexec is located where it is suppose to be and has propper righgs = (the s-flag). httpd -l outputs: "Compiled-in modules: =A0 http_core.c =A0 mod_so.c suexec: enabled; valid wrapper /usr/local/sbin/suexec" Mening that it finds the wrapper. So I consider this part to be okay. There was an existing running apache installation when I compiled and insta= ll the suexec version. I have killed it nimerous times with "apachectl stop" and I made sure nothi= ng was running. The fact that httpd-suexec.log has this entry "[2004-04-26 23:03:48]: alert= : too few arguments" written a few times proves to me that suexec is loaded. Now i tried killing apache using "killall -9 httpd" and the start it again = with "apachectl start". Now for the first time "[notice] suEXEC mechanism enabled (wrapper: //path/= to/suexec/)" is printet to the error log. But this leads to another problem. When executing the hellow-world script u= nder another username execution is refused. The error "Premature end of script headers:" is printed to the error-log. This error doen't show if I run the script as the www-user. Do you have any idea of what is wrong? =2D Mikkel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404291058.44766.mikkel>