Package update chaos - Broke apache / suexec

9 posts / 0 new
Last post
#1 Thu, 04/30/2015 - 11:55
kenshin23

Package update chaos - Broke apache / suexec

Hi all, new around here and with Virtualmin in general.

I'd been working with troubleshooting a WordPress site hosted on our server (empty "fatal error" message upon plugin activation), and when looking around the Virtualmin admin panel, saw that a bunch of packages were listed for upgrade, so I (rather foolishly) selected all of them and clicked on "Update selected".

A little while later, I saw some messages related to apache2 (which was on version 2.2.22 at the time), dpkg and missing dependencies, and sure enough, saw all of the hosted websites return a 500 error, or not load at all.

Trying to frantically fix the issue, I ended up uninstalling apache, then trying to downgrade to the previous version I had (apt insisted on getting 2.4.10), then gave up and installed 2.4.10 again, then installed the modules apache2ctl complained about until the sites worked.

Now, I'm getting all sorts of permissions issues, related to suexec not being properly configured. However, I made sure to install apache2-suexec-custom, edited /etc/apache2/suexec/www-data to point to /home instead of /var/www and restarted apache, but Virtualmin's config check still complains about this and when testing the sites, PHP runs as www-data instead of each virtual server's user.

Can anyone help me sort this out, please? I'm running Virtualmin 4.16.gpl in Debian Linux 7.6

Thu, 04/30/2015 - 12:17
andreychek

Howdy,

Hmm, I'm wondering if maybe apt on your server was incorrectly pointing to the stable Debian sources, rather than pointing to Wheezy specifically.

Debian 8 just became stable, I'm wondering if the package upgrades that were performed upgraded it to Debian 8. Can you take a peek at /etc/issue, and see what version of Debian it thinks is there?

-Eric

Thu, 04/30/2015 - 16:09
kenshin23

Hi, and thanks for the quick reply. Sure, here's the output of # cat /etc/issue, confirming what I mentioned earlier:

Debian GNU/Linux 7.6
 
Linux nsxxxxxx.ip-xxx-xx-xx.net 3.10.23-xxxx-std-ipv6-64 #1 SMP Tue Mar 18 14:48:24 CET 2014 x86_64 GNU/Linux
 
server    : xxxxxx
hostname  : nsxxxxxx.ip-xxx-xx-x.net
eth0 IPv4 : xxx.xx.x.xxx
eth0 IPv6 : xxxx:xxxx:xx:xxxx::/64
Thu, 04/30/2015 - 17:36
andreychek

Howdy,

Hmm, what is the output of this command:

dpkg -l 'apache2*'

Thu, 04/30/2015 - 18:28
kenshin23

Here you go (proof of the mess I've gotten myself into):

# dpkg -l 'apache2*'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                                  Version                 Architecture            Description
+++-=====================================-=======================-=======================-===============================================================================
ii  apache2                               2.4.10-10               amd64                   Apache HTTP Server
un  apache2-api-20120211                  <none>                  <none>                  (no description available)
ii  apache2-bin                           2.4.10-10               amd64                   Apache HTTP Server (modules and other binary files)
un  apache2-common                        <none>                  <none>                  (no description available)
ii  apache2-data                          2.4.10-10               all                     Apache HTTP Server (common files)
ii  apache2-doc                           2.2.22-13+deb7u4        all                     Apache HTTP Server documentation
un  apache2-mpm-event                     <none>                  <none>                  (no description available)
un  apache2-mpm-itk                       <none>                  <none>                  (no description available)
ii  apache2-mpm-prefork                   2.4.10-10               amd64                   transitional prefork MPM package for apache2
un  apache2-mpm-worker                    <none>                  <none>                  (no description available)
rc  apache2-suexec                        2.4.10-10               amd64                   transitional package for apache2-suexec-pristine
ii  apache2-suexec-custom                 2.4.10-10               amd64                   Apache HTTP Server configurable suexec program for mod_suexec
ii  apache2-suexec-pristine               2.4.10-10               amd64                   Apache HTTP Server standard suexec program for mod_suexec
ii  apache2-utils                         2.4.10-10               amd64                   Apache HTTP Server (utility programs for web servers)
un  apache2.2-bin                         <none>                  <none>                  (no description available)
rc  apache2.2-common                      2.2.22-13+deb7u4        amd64                   Apache HTTP Server common files
Thu, 04/30/2015 - 18:33
andreychek

Howdy,

It looks like although /etc/issue still shows Debian 7, you're running at least some of the packages from Debian 8. That Apache 2.4.10-10 package is from Debian 8, for example.

What are the contents of your /etc/apt/sources.list file?

-Eric

Thu, 04/30/2015 - 18:55
kenshin23
deb http://debian.bhs.mirrors.ovh.net/debian/ wheezy main
deb-src http://debian.bhs.mirrors.ovh.net/debian/ wheezy main
 
# deb http://security.debian.org/ wheezy/updates main
# deb-src http://security.debian.org/ wheezy/updates main
deb http://software.virtualmin.com/gpl/debian/ virtualmin-wheezy main
deb http://software.virtualmin.com/gpl/debian/ virtualmin-universal main
deb http://packages.erlang-solutions.com/debian wheezy contrib
 
# Added on 01/22/2015 for Fast-CGI install
deb http://ftp.es.debian.org/debian stable main contrib non-free
deb-src http://ftp.es.debian.org/debian stable main contrib non-free
 
deb http://ftp.debian.org/debian/ wheezy-updates main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy-updates main contrib non-free
 
deb http://security.debian.org/ wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free
 
# Added on 01/26/2015 for NewRelic install
deb http://apt.newrelic.com/debian/ newrelic non-free

(Maybe the added 'stable' repos were the ones that screwed everything up.)

Thu, 04/30/2015 - 20:18
andreychek

Howdy,

Yeah I do suspect some packages from Debian 8 were pulled in, likely from that stable repository you mentioned... that would explain the issue you're seeing.

Can you share the exact error that you're seeing with Apache?

Also, after making the config changes that you made, did you by chance restart Apache?

-Eric

Fri, 05/01/2015 - 10:26
kenshin23

Basically, there's a myriad of errors (and yes, I restart apache after every attempt to fix something):

Old sites that were configured to use Apache 2.2 with FCGI (at least according to virtualmin's panel), and to work under their respective virtual server's users, are no longer doing so. They're being served under www-data, and run into permissions issues because of that. So, suexec seems to be disabled or at least not configured properly.

At least one new site (with basically the same configuration as a similar old one, as in, I copy-pasted it, edited it to point to the site) fails to work at all, outputting raw PHP to the browser instead of interpreting it.

I think that what I'd like is to get them all working under a default configuration (which would be the same as the one virtualmin sets by default), and then configure each site according to its needs.

Topic locked