Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Apr 2004 10:58:44 +0000
From:      Mikkel Christensen <mikkel@talkactive.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: Suexec with Apache 1.3.29
Message-ID:  <200404291058.44766.mikkel@talkactive.net>
In-Reply-To: <200404291041.00879.mikkel@talkactive.net>
References:  <200404262126.36157.mikkel@talkactive.net> <4090B0B2.70704@circlesquared.com> <200404291041.00879.mikkel@talkactive.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thursday 29 April 2004 07:37, you wrote:
> Mikkel Christensen wrote:
> > This isn't about php at all. I know that mod_php will never run as=20
> > suexec and I'm not trying to do so either. Neither am I trying to get=20
> > php to run under suexec as CGI.
>=20
>=20
> Ah... I qualified my first post to you in terms of php only. I certainly=
=20
> didn't get this impression from your reply.
>=20
PHP was discussed because because another user added a post about it. But i=
t was never part of my original question.

> >
> >It don't output the line above. But everything seems to be right.
> >Apache tells me suexec is there and that it is properly configured to. T=
he suEXEC log-line is not comming but still it's loaded in some way.
> > =A0
> >
>=20
> =A0From the apache manual. The wording is identical for versions 1.3 and =
2:
>=20
> <quote>
>=20
> Upon startup of Apache, it looks for the file |suexec| in the directory=20
> defined by the |--sbindir| option (default is=20
> "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured=20
> suEXEC wrapper, it will print the following message to the error log:
>=20
> | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) |
>=20
> If you don't see this message at server startup, the server is most=20
> likely not finding the wrapper program where it expects it, or the=20
> executable is not installed /setuid root/.
>=20
> If you want to enable the suEXEC mechanism for the first time and an=20
> Apache server is already running you must kill and restart Apache.=20
> Restarting it with a simple HUP or USR1 signal will not be enough.
>=20
> If you want to disable suEXEC you should kill and restart Apache after=20
> you have removed the |suexec| file.
>=20
> </quote>
>=20
>=20
> I have found this the only valid test for successful installation of=20
> apache suexec. The above quote also offers some tests - is the suexec=20
> wrapper there? Is it setuid root? Did you already have a running apache=20
> when you installed this and if so have you killed it properly prior to a=
=20
> restart?
>=20
> PWR.
>=20

"httpd -V" outputs this line(among others but I have already posted them on=
ce in my first post): ' -D SUEXEC_BIN=3D"/usr/local/sbin/suexec"'
"ls -l /usr/local/sbin/suexec" outputs "-rws--x--x =A01 root =A0wheel =A010=
436 Apr 26 15:53 /usr/local/sbin/suexec"
Meaning suexec is located where it is suppose to be and has propper righgs =
(the s-flag).

httpd -l outputs:
"Compiled-in modules:
=A0 http_core.c
=A0 mod_so.c
suexec: enabled; valid wrapper /usr/local/sbin/suexec"

Mening that it finds the wrapper. So I consider this part to be okay.
There was an existing running apache installation when I compiled and insta=
ll the suexec version.
I have killed it nimerous times with "apachectl stop" and I made sure nothi=
ng was running.
The fact that httpd-suexec.log has this entry "[2004-04-26 23:03:48]: alert=
: too few arguments" written a few times proves to me that suexec is loaded.
Now i tried killing apache using "killall -9 httpd" and the start it again =
with "apachectl start".
Now for the first time "[notice] suEXEC mechanism enabled (wrapper: //path/=
to/suexec/)" is printet to the error log.

But this leads to another problem. When executing the hellow-world script u=
nder another username execution is refused.
The error "Premature end of script headers:" is printed to the error-log.
This error doen't show if I run the script as the www-user.
Do you have any idea of what is wrong?


=2D Mikkel



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404291058.44766.mikkel>