httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mario Ohnewald <>
Subject Re: [users@httpd] suexec and apache 2.0.54-5 on sarge
Date Wed, 25 Jan 2006 14:18:31 GMT

On Tue, 2006-01-24 at 13:22 -0500, Joshua Slive wrote:
> On 1/24/06, Mario Ohnewald <> wrote:
> > When i tried to write a file to my homedir with php´s fwrite i got
> > permission denied. So i guess its like you already told me.
> > Php is not using the suexec yet.
> >
> > What documentation will i need next?
> > (i found a few, but they are mostly buggy, incomplete or wrong)
> It depends on what you want to do.  If you want to use php and suexec,
> then you need to use php as a cgi script rather than an apache module.

My documentation source:

1.1.1 Apache
If you want to permit CGI access to Apache, you should ensure that
suEXEC has been set up accordingly. Without suEXEC, each CGI will be
executed under the Apache user. For this reason, the CGI scripts have
the same privileges as Apache users. Apache has “read only” privileges
for system files/folders and for all user directories. This means that
one Apache user can accesses other users’ data by running a simple CGI
script. If suEXEC has been activated, CGI scripts are executed under the
user who is registered in the Apache configuration file. 
Thats what i want to acomplish.

The virtual host entries generated by Confixx contain this information.
If suEXEC is running on your system, you will find an entry in your
Apache error log file similar to the following one:
[notice] suEXEC mechanism enabled
(wrapper: /usr/local/apache/bin/suexec)

Thats what i get in my logs.

If there is no such entry, please check which path has been compiled in
Apache for suEXEC by executing a “httpd -V” command. Please make sure
that suEXEC can be called up using this path. 

apache2 -V
Server version: Apache/2.0.54
Server built:   Sep  5 2005 11:15:09
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D SUEXEC_BIN="/usr/lib/apache2/suexec2"
 -D DEFAULT_PIDLOG="/var/run/"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="/var/run/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"

Furthermore, the SUID bit must be set for the program suEXEC. suEXEC
must be owned by user ’root’.

ls -alh /usr/lib/apache2/suexec2
-rwsr-x---  1 root www-data 11K Jan 15 22:42 /usr/lib/apache2/suexec2

To enable CGI scripts operation in user directories while suEXEC is
activated, ensure these directories are located in the document root of

/usr/lib/apache2/suexec2 -V
 -D AP_DOC_ROOT="/home/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100

If the input is similar, it means that any directory inside /home/www
would be appropriate. If you are unable to move user directories to this
document root, you must re-compile suEXEC. [Wed Jan 25 15:15:08 2006]
[error] [client] Premature end of script headers: test.php
[Wed Jan 25 15:15:08 2006] [error] [client] Error in
suphp.c on line 256: Inappropriate permissions set on script

Okay, so far it looks like i am on track.

The error i get now is the following:
[error] [client] Premature end of script headers: test.php
[error] [client] Error in suphp.c on line 256:
Inappropriate permissions set on script

ls -alh /home/www/web7/html/joomla/test.php
-rwxrwxrwx  1 web7 web7 761 Jan 24
18:12 /home/www/web7/html/joomla/test.php

Any further ideas?

Thanks, Mario

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message