From owner-freebsd-questions@FreeBSD.ORG Mon Apr 26 14:26:38 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19BDC16A4CE for ; Mon, 26 Apr 2004 14:26:38 -0700 (PDT) Received: from mail03.talkactive.net (mail03.talkactive.net [81.19.252.192]) by mx1.FreeBSD.org (Postfix) with SMTP id 0428F43D49 for ; Mon, 26 Apr 2004 14:26:37 -0700 (PDT) (envelope-from mikkel@talkactive.net) Received: (qmail 49315 invoked from network); 26 Apr 2004 21:26:22 -0000 Received: from unknown (HELO ?192.168.1.145?) (80.164.16.222) by mail03.talkactive.net with SMTP; 26 Apr 2004 21:26:22 -0000 From: Mikkel Christensen Organization: Talk|Active To: freebsd-questions@freebsd.org Date: Mon, 26 Apr 2004 21:26:36 +0000 User-Agent: KMail/1.6.1 MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200404262126.36157.mikkel@talkactive.net> Subject: Suexec with Apache 1.3.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2004 21:26:38 -0000 Hi I've tried numerous times but never succeded in getting suexec to work properly. Compiling Apache from ports with suexec doed not lead to any problems. But it just never works. Execution of CGI works perfectly. But it keeps running as the www-user. My system seems just fine. Just look at the output from theese commands: # httpd -l Compiled-in modules: http_core.c mod_so.c suexec: enabled; valid wrapper /usr/local/sbin/suexec # suexec -V -D DOC_ROOT="/home/web" -D GID_MIN=1000 -D HTTPD_USER="www" -D LOG_EXEC="/var/log/httpd-suexec.log" -D LOGIN_CAP -D SAFE_PATH="/bin:/usr/bin:/usr/local/bin" -D UID_MIN=1000 -D USERDIR_SUFFIX="cgi-bin" This is an example of a VirtualHost directive: DocumentRoot "/home/web/[user1]" ServerName "[domain]" ServerAlias "www.[domain]" ServerAlias "user1.[servername]" php_admin_value safe_mode_exec_dir "/home/web/{user1]:/var/tmp:/usr/local/lib/php" php_admin_value open_basedir "/home/web/[user1]:/var/tmp:/usr/local/lib/php" php_admin_value safe_mode_gid TRUE ScriptAlias /cgi-bin/ /home/web/[user1]/cgi-bin/ User [user1] Group [user1] AllowOverride All Options None Order allow,deny Allow from all This is the corrosponding user in /etc/master.passwd: [user1]:*:1004:1004::0:0:Common user; [user1]:/home/web/[user1]:/sbin/nologin According to the Apache suexec tutorial as http://httpd.apache.org/docs/suexec.html I should get the following notification in httpd-error.log: "[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)" But this never shows. On the other hand I don't get any errors regarding the User and Group keywords in my VirtualHost (there will be errors if suexec is not installed). According to the tutorial at the Apache website the missing notification means that suexec was not loaded because the suexec executable could not be found. This however is not the case. "httpd -V" shows (among other things) this line " -D SUEXEC_BIN="/usr/local/sbin/suexec"". Which is exactely where suexec is located. Also the "suexec: enabled; valid wrapper /usr/local/sbin/suexec" is suppose to mean that suexec is properly configured. httpd-suexec.log shows absolutely nothing. Neither does httpd-error.log Now what do I do? There is no error-output at all so I don't have a clue of what is wrong. I think that the problem might be related to the combination of --suexec-docroot=DIR and --suexec-userdir=DIR since I found the explanation in the tutorial confusing and might have percepted it wrong. Or maybe the unix user [user1] needs some additional configuration. I didn't have any luck looking through this mailinglist and google is not as usefull as it was a year ago. Therefore I do hope that you have some kind of experience regarding this matter that might help solve my problem. Thanks. / Mikkel