httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Ohnewald <ma...@bortal.de>
Subject Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Date Wed, 25 Jan 2006 14:18:31 GMT
Hi,

On Tue, 2006-01-24 at 13:22 -0500, Joshua Slive wrote:
> On 1/24/06, Mario Ohnewald <mario@bortal.de> wrote:
> 
> > When i tried to write a file to my homedir with php´s fwrite i got
> > permission denied. So i guess its like you already told me.
> > Php is not using the suexec yet.
> >
> > What documentation will i need next?
> > (i found a few, but they are mostly buggy, incomplete or wrong)
> 
> It depends on what you want to do.  If you want to use php and suexec,
> then you need to use php as a cgi script rather than an apache module.

My documentation source:
http://download1.swsoft.com/Confixx/ConfixxPro3.1/docs/manuals/en/en_install.pdf

(...)
1.1.1 Apache
(www.apache.org)
If you want to permit CGI access to Apache, you should ensure that
suEXEC has been set up accordingly. Without suEXEC, each CGI will be
executed under the Apache user. For this reason, the CGI scripts have
the same privileges as Apache users. Apache has “read only” privileges
for system files/folders and for all user directories. This means that
one Apache user can accesses other users’ data by running a simple CGI
script. If suEXEC has been activated, CGI scripts are executed under the
user who is registered in the Apache configuration file. 
(/...)
Thats what i want to acomplish.

(...)
The virtual host entries generated by Confixx contain this information.
If suEXEC is running on your system, you will find an entry in your
Apache error log file similar to the following one:
[notice] suEXEC mechanism enabled
(wrapper: /usr/local/apache/bin/suexec)
(/...)

Thats what i get in my logs.

(...)
If there is no such entry, please check which path has been compiled in
Apache for suEXEC by executing a “httpd -V” command. Please make sure
that suEXEC can be called up using this path. 
(/...)

apache2 -V
Server version: Apache/2.0.54
Server built:   Sep  5 2005 11:15:09
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT=""
 -D SUEXEC_BIN="/usr/lib/apache2/suexec2"
 -D DEFAULT_PIDLOG="/var/run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"

(...)
Furthermore, the SUID bit must be set for the program suEXEC. suEXEC
must be owned by user ’root’.
(/...)

ls -alh /usr/lib/apache2/suexec2
-rwsr-x---  1 root www-data 11K Jan 15 22:42 /usr/lib/apache2/suexec2


(...)
To enable CGI scripts operation in user directories while suEXEC is
activated, ensure these directories are located in the document root of
suEXEC. 
(/...)

/usr/lib/apache2/suexec2 -V
 -D AP_DOC_ROOT="/home/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="html"

(...)
If the input is similar, it means that any directory inside /home/www
would be appropriate. If you are unable to move user directories to this
document root, you must re-compile suEXEC. [Wed Jan 25 15:15:08 2006]
[error] [client 192.168.1.201] Premature end of script headers: test.php
[Wed Jan 25 15:15:08 2006] [error] [client 192.168.1.201] Error in
suphp.c on line 256: Inappropriate permissions set on script
(/...)

Okay, so far it looks like i am on track.



The error i get now is the following:
-------------------------------------------------------------------
[error] [client 192.168.1.201] Premature end of script headers: test.php
[error] [client 192.168.1.201] Error in suphp.c on line 256:
Inappropriate permissions set on script


ls -alh /home/www/web7/html/joomla/test.php
-rwxrwxrwx  1 web7 web7 761 Jan 24
18:12 /home/www/web7/html/joomla/test.php



Any further ideas?


Thanks, Mario


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message