Suexec with Apache 1.3.29
Mikkel Christensen
mikkel at talkactive.net
Thu Apr 29 03:58:49 PDT 2004
On Thursday 29 April 2004 07:37, you wrote:
> Mikkel Christensen wrote:
> > This isn't about php at all. I know that mod_php will never run as
> > suexec and I'm not trying to do so either. Neither am I trying to get
> > php to run under suexec as CGI.
>
>
> Ah... I qualified my first post to you in terms of php only. I certainly
> didn't get this impression from your reply.
>
PHP was discussed because because another user added a post about it. But it was never part of my original question.
> >
> >It don't output the line above. But everything seems to be right.
> >Apache tells me suexec is there and that it is properly configured to. The suEXEC log-line is not comming but still it's loaded in some way.
> >
> >
>
> From the apache manual. The wording is identical for versions 1.3 and 2:
>
> <quote>
>
> Upon startup of Apache, it looks for the file |suexec| in the directory
> defined by the |--sbindir| option (default is
> "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured
> suEXEC wrapper, it will print the following message to the error log:
>
> | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) |
>
> If you don't see this message at server startup, the server is most
> likely not finding the wrapper program where it expects it, or the
> executable is not installed /setuid root/.
>
> If you want to enable the suEXEC mechanism for the first time and an
> Apache server is already running you must kill and restart Apache.
> Restarting it with a simple HUP or USR1 signal will not be enough.
>
> If you want to disable suEXEC you should kill and restart Apache after
> you have removed the |suexec| file.
>
> </quote>
>
>
> I have found this the only valid test for successful installation of
> apache suexec. The above quote also offers some tests - is the suexec
> wrapper there? Is it setuid root? Did you already have a running apache
> when you installed this and if so have you killed it properly prior to a
> restart?
>
> PWR.
>
"httpd -V" outputs this line(among others but I have already posted them once in my first post): ' -D SUEXEC_BIN="/usr/local/sbin/suexec"'
"ls -l /usr/local/sbin/suexec" outputs "-rws--x--x 1 root wheel 10436 Apr 26 15:53 /usr/local/sbin/suexec"
Meaning suexec is located where it is suppose to be and has propper righgs (the s-flag).
httpd -l outputs:
"Compiled-in modules:
http_core.c
mod_so.c
suexec: enabled; valid wrapper /usr/local/sbin/suexec"
Mening that it finds the wrapper. So I consider this part to be okay.
There was an existing running apache installation when I compiled and install the suexec version.
I have killed it nimerous times with "apachectl stop" and I made sure nothing was running.
The fact that httpd-suexec.log has this entry "[2004-04-26 23:03:48]: alert: too few arguments" written a few times proves to me that suexec is loaded.
Now i tried killing apache using "killall -9 httpd" and the start it again with "apachectl start".
Now for the first time "[notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/)" is printet to the error log.
But this leads to another problem. When executing the hellow-world script under another username execution is refused.
The error "Premature end of script headers:" is printed to the error-log.
This error doen't show if I run the script as the www-user.
Do you have any idea of what is wrong?
- Mikkel
More information about the freebsd-questions
mailing list