Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: suexec problem
Top Forums UNIX for Advanced & Expert Users suexec problem Post 302173730 by harrstar on Friday 7th of March 2008 04:32:11 PM
Old 03-07-2008
suexec problem
Hi all,
I am trying to setup apache w/ suexec to avoid permission problems w/ apache user and website user and also to be able to run a second (test) domain on the same server.
So far I got fcgi w/o suexec running perfectly (logs confirm that). But as soon as I enable the suexec statement in the vhost config I get 500's.
Suexec log shows this :
[2008-03-07 10:33:54]: uid: (1002/galac4) gid: (1004/1004) cmd: php5.fcgi
[2008-03-07 10:33:54]: cannot stat program: (php5.fcgi)

After examining the source of suexec I found that that error means, that suexec thinks that there is a symlink to the php5.fcgi, which is not. here the output of stat from console entry done with a copy of the fcgi entry in the vhost definition:

stat /var/www/galactics/fcgi-bin/php5.fcgi
File: `/var/www/galactics/fcgi-bin/php5.fcgi'
Size: 183 Blocks: 8 IO Block: 4096 regular file
Device: 801h/2049d Inode: 1655474 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 1002/ galac4) Gid: ( 1004/ galac4)
Access: 2008-03-06 21:00:35.000000000 -0500
Modify: 2008-03-07 10:32:04.000000000 -0500
Change: 2008-03-07 10:32:04.000000000 -0500

Here is the contens of the php5.fcgi :

#!/bin/sh
#PHPRC=$PWD/../etc
#export PHPRC
#umask 022
#PHP_FCGI_CHILDREN=1
#export PHP_FCGI_CHILDREN
#SCRIPT_FILENAME=$PATH_TRANSLATED
#export SCRIPT_FILENAME
exec /usr/bin/php5-cgi

Have already commented out everything unrelated, still no go (remember, if suexec is not used in the vhost declaration, everything works fine)

Here is the suexec output :
/usr/lib/apache2/suexec2 -V

-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

Site is defined in /var/www/galactics/public_html, all permissions checked, all set to that user.
I already have read everything I could find on the net about suexec, the apache docs, analyzed the suexec code. No success.

here is the vhost config:
I have other servers running with this configuration, quite similar and no probs. It looks like suexec has trouble finding/analyzing that wrapper (php5.fcgi). I quadrupel checked the vhost setup, all correct. here it is (suexec commented out as that otherwise throws that 500 error.:

<VirtualHost *:80>
ServerAdmin webmaster@galactics.org
ServerName GALACTICS Clearwater International F.C. - Home
ServerAlias galactics.org
# SuexecUserGroup galac4 galac4

DocumentRoot /var/www/galactics/public_html
ErrorLog /var/www/galactics/logs/error_log
CustomLog /var/www/galactics/logs/access_log combined
ScriptAlias /cgi-bin/ /var/www/galactics/cgi-bin/
DirectoryIndex index.php index.html index.htm

<Directory /var/www/galactics/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks ExecCGI
allow from all
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /var/www/galactics/fcgi-bin/php5.fcgi .php
FCGIWrapper /var/www/galactics/fcgi-bin/php5.fcgi .php5
</Directory>
RemoveHandler .php
RemoveHandler .php5

<Directory /var/www/galactics/cgi-bin>
allow from all
</Directory>

LogLevel debug

ServerSignature Off
</VirtualHost>

Anybody there with a hint what to do?

Harry
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

SSH Problem auth problem

Hi, Just recently we seem to be getting the following error message relating to SSH when we run the UNIX script in background mode: warning: You have no controlling tty. Cannot read confirmation.^M warning: Authentication failed.^M Disconnected; key exchange or algorithm negotiation... (1 Reply)
Discussion started by: budrito
1 Replies

2. UNIX for Dummies Questions & Answers

Suexec solution

guys here's a section of my program written in perl. This part is used to create directories with 777 mode. Now i know about 777 being a security hole. Could anyone provide me a possible solution to this using suexec????????? Segment system mkdir ".$file_folder", 0777 or die "Can't make... (13 Replies)
Discussion started by: the_last_rites
13 Replies

3. UNIX for Advanced & Expert Users

apache suexec

I compiled apache 1.3.33 with suexec support like ./configure \ "--with-layout=Apache" \ "--prefix=/usr/local/apache" \ "--enable-module=ssl" \ "--activate-module=src/modules/php4/libphp4.a" \ "--activate-module=src/modules/perl/libperl.a" \ "--enable-module=perl" \ "--enable-module=most"... (0 Replies)
Discussion started by: hassan1
0 Replies

4. UNIX for Dummies Questions & Answers

How to use Suexec with Apache2 ?

Hello guys I'm trying to use Suexec in my computer. I've installed apache with default settings (so Suexec is installed with my emerge Apache , Gentoo) . My settings on /etc/conf.d/apache2 # SUEXEC Enables running CGI scripts (in USERDIR) through suexec. # USERDIR Enables /~username... (1 Reply)
Discussion started by: kernings
1 Replies

5. Shell Programming and Scripting

ssh script problem problem

Hi Please help me with the following problem with my script. The following block of code is not repeating in the while loop and exiting after searching for first message. input_file ========== host001-01 host001-02 2008-07-23 13:02:04,651 ConnectionFactory - Setting session state... (2 Replies)
Discussion started by: pcjandyala
2 Replies

6. AIX

user login problem & Files listing problem.

1) when user login to the server the session got colosed. How will resolve? 2) While firing the command ls -l we are not able to see the any files in the director. but over all view the file system using the command df -g it is showing 91% used. what will be the problem? Thanks in advance. (1 Reply)
Discussion started by: pernasivam
1 Replies

7. IP Networking

Problem with forwarding emails (SPF problem)

Hi, This is rather a question from a "user" than from a sys admin, but I think this forum is apropriate for the question. I have an adress with automatic email forwarding and for some senders (two hietherto), emails are bouncing. This has really created a lot of problems those two time so I... (0 Replies)
Discussion started by: carwe
0 Replies

8. UNIX for Dummies Questions & Answers

sed Or Grep Problem OR Terminal Problem?

I don't know if you guys get this problem sometimes at Terminal but I had been having this problem since yesterday :( Maybe I overdid the Terminal. Even the codes that used to work doesn't work anymore. Here is what 's happening: * I wanted to remove lines containing digits so I used this... (25 Replies)
Discussion started by: Nexeu
25 Replies

9. IP Networking

Router problem or ISP problem ?

Hi everyone, I am experiencing discontinuity of Internet service, this started 1 month ago. Everything worked very well for 1 year of intensive use, but now, I have problems reaching my gateway. The gateway is not my router but a node belonging to my ISP and I share the same public IP with... (3 Replies)
Discussion started by: remic
3 Replies

10. Shell Programming and Scripting

SUEXEC with passwordless option

Hi, I am using the below command in suexec -u webuser /local/Tomcat7//0/tc7u/tomcat7.sh status But it prompts for the password of executing user. Let me know if any options available for passwordless or supplying password in script. (0 Replies)
Discussion started by: pravinbtech
0 Replies

LEARN ABOUT DEBIAN

cgi::fast

CGI::Fast(3pm)						User Contributed Perl Documentation					    CGI::Fast(3pm)

NAME

       CGI::Fast - CGI Interface for Fast CGI

SYNOPSIS

	   use CGI::Fast qw(:standard);
	   $COUNTER = 0;
	   while (new CGI::Fast) {
	       print header;
	       print start_html("Fast CGI Rocks");
	       print
		   h1("Fast CGI Rocks"),
		   "Invocation number ",b($COUNTER++),
		   " PID ",b($$),".",
		   hr;
	       print end_html;
	   }

DESCRIPTION

       CGI::Fast is a subclass of the CGI object created by CGI.pm.  It is specialized to work well FCGI module, which greatly speeds up CGI
       scripts by turning them into persistently running server processes.  Scripts that perform time-consuming initialization processes, such as
       loading large modules or opening persistent database connections, will see large performance improvements.

OTHER PIECES OF THE PUZZLE

       In order to use CGI::Fast you'll need the FCGI module.  See http://www.cpan.org/ for details.

WRITING FASTCGI PERL SCRIPTS

       FastCGI scripts are persistent: one or more copies of the script are started up when the server initializes, and stay around until the
       server exits or they die a natural death.  After performing whatever one-time initialization it needs, the script enters a loop waiting for
       incoming connections, processing the request, and waiting some more.

       A typical FastCGI script will look like this:

	   #!/usr/bin/perl
	   use CGI::Fast;
	   &do_some_initialization();
	   while ($q = new CGI::Fast) {
	       &process_request($q);
	   }

       Each time there's a new request, CGI::Fast returns a CGI object to your loop.  The rest of the time your script waits in the call to new().
       When the server requests that your script be terminated, new() will return undef.  You can of course exit earlier if you choose.  A new
       version of the script will be respawned to take its place (this may be necessary in order to avoid Perl memory leaks in long-running
       scripts).

       CGI.pm's default CGI object mode also works.  Just modify the loop this way:

	   while (new CGI::Fast) {
	       &process_request;
	   }

       Calls to header(), start_form(), etc. will all operate on the current request.

INSTALLING FASTCGI SCRIPTS

       See the FastCGI developer's kit documentation for full details.	On the Apache server, the following line must be added to srm.conf:

	   AddType application/x-httpd-fcgi .fcgi

       FastCGI scripts must end in the extension .fcgi.  For each script you install, you must add something like the following to srm.conf:

	   FastCgiServer /usr/lib/cgi-bin/file_upload.fcgi -processes 2

       This instructs Apache to launch two copies of file_upload.fcgi at startup time.

USING FASTCGI SCRIPTS AS CGI SCRIPTS

       Any script that works correctly as a FastCGI script will also work correctly when installed as a vanilla CGI script.  However it will not
       see any performance benefit.

EXTERNAL FASTCGI SERVER INVOCATION

       FastCGI supports a TCP/IP transport mechanism which allows FastCGI scripts to run external to the webserver, perhaps on a remote machine.
       To configure the webserver to connect to an external FastCGI server, you would add the following to your srm.conf:

	   FastCgiExternalServer /usr/lib/cgi-bin/file_upload.fcgi -host sputnik:8888

       Two environment variables affect how the "CGI::Fast" object is created, allowing "CGI::Fast" to be used as an external FastCGI server.
       (See "FCGI" documentation for "FCGI::OpenSocket" for more information.)

       FCGI_SOCKET_PATH
	   The address (TCP/IP) or path (UNIX Domain) of the socket the external FastCGI script to which bind an listen for incoming connections
	   from the web server.

       FCGI_LISTEN_QUEUE
	   Maximum length of the queue of pending connections.

       For example:

	   #!/usr/bin/perl
	   use CGI::Fast;
	   &do_some_initialization();
	   $ENV{FCGI_SOCKET_PATH} = "sputnik:8888";
	   $ENV{FCGI_LISTEN_QUEUE} = 100;
	   while ($q = new CGI::Fast) {
	       &process_request($q);
	   }

CAVEATS

       I haven't tested this very much.

AUTHOR INFORMATION

       Copyright 1996-1998, Lincoln D. Stein.  All rights reserved.

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

       Address bug reports and comments to: lstein@cshl.org

BUGS

       This section intentionally left blank.

SEE ALSO

       CGI::Carp, CGI

perl v5.14.2							    2012-11-24							    CGI::Fast(3pm)
All times are GMT -4. The time now is 10:27 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy