Suexec with Apache 1.3.29

Thu Apr 29 03:58:49 PDT 2004

On Thursday 29 April 2004 07:37, you wrote:
> Mikkel Christensen wrote:
> > This isn't about php at all. I know that mod_php will never run as 
> > suexec and I'm not trying to do so either. Neither am I trying to get 
> > php to run under suexec as CGI.
> 
> 
> Ah... I qualified my first post to you in terms of php only. I certainly 
> didn't get this impression from your reply.
> 
PHP was discussed because because another user added a post about it. But it was never part of my original question.

> >
> >It don't output the line above. But everything seems to be right.
> >Apache tells me suexec is there and that it is properly configured to. The suEXEC log-line is not comming but still it's loaded in some way.
> >  
> >
> 
>  From the apache manual. The wording is identical for versions 1.3 and 2:
> 
> <quote>
> 
> Upon startup of Apache, it looks for the file |suexec| in the directory 
> defined by the |--sbindir| option (default is 
> "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured 
> suEXEC wrapper, it will print the following message to the error log:
> 
> | [notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/) |
> 
> If you don't see this message at server startup, the server is most 
> likely not finding the wrapper program where it expects it, or the 
> executable is not installed /setuid root/.
> 
> If you want to enable the suEXEC mechanism for the first time and an 
> Apache server is already running you must kill and restart Apache. 
> Restarting it with a simple HUP or USR1 signal will not be enough.
> 
> If you want to disable suEXEC you should kill and restart Apache after 
> you have removed the |suexec| file.
> 
> </quote>
> 
> 
> I have found this the only valid test for successful installation of 
> apache suexec. The above quote also offers some tests - is the suexec 
> wrapper there? Is it setuid root? Did you already have a running apache 
> when you installed this and if so have you killed it properly prior to a 
> restart?
> 
> PWR.
> 

"httpd -V" outputs this line(among others but I have already posted them once in my first post): ' -D SUEXEC_BIN="/usr/local/sbin/suexec"'
"ls -l /usr/local/sbin/suexec" outputs "-rws--x--x  1 root  wheel  10436 Apr 26 15:53 /usr/local/sbin/suexec"
Meaning suexec is located where it is suppose to be and has propper righgs (the s-flag).

httpd -l outputs:
"Compiled-in modules:
  http_core.c
  mod_so.c
suexec: enabled; valid wrapper /usr/local/sbin/suexec"

Mening that it finds the wrapper. So I consider this part to be okay.
There was an existing running apache installation when I compiled and install the suexec version.
I have killed it nimerous times with "apachectl stop" and I made sure nothing was running.
The fact that httpd-suexec.log has this entry "[2004-04-26 23:03:48]: alert: too few arguments" written a few times proves to me that suexec is loaded.
Now i tried killing apache using "killall -9 httpd" and the start it again with "apachectl start".
Now for the first time "[notice] suEXEC mechanism enabled (wrapper: //path/to/suexec/)" is printet to the error log.

But this leads to another problem. When executing the hellow-world script under another username execution is refused.
The error "Premature end of script headers:" is printed to the error-log.
This error doen't show if I run the script as the www-user.
Do you have any idea of what is wrong?

- Mikkel