suexec config

11 posts / 0 new
Last post
#1 Thu, 03/30/2006 - 13:45
PeteLee

suexec config

I am trying to get cgi scripts to work from virtual hosts. I thought is was automatically setup with webmin, but when I try to run a script I am getting an Internal Server Error. When I read the suexec log it says "command not in docroot". The suexec docroot is set to /var/www/ and the virtual servers are set to run under /home/virtualserver. If I edit the directives for the site and remove the SuexecUserGroup "#XXX" "#XXX" line the scripts will work, but I assume that is without suexec. I think this is the problem, but all of the config pages that I find for suexec are very vague to me. Any help is appreciated.

First, I suexec neccessary?

Second, Why is this not working?

Third, How do I change the docroot directory and will that make the suexec work?

Thanks in advance for any help.

Thu, 03/30/2006 - 14:09
Joe
Joe's picture

Hey Pete,

Virtualmin Professional includes a build of Apache that has SuExec configured correctly. If you're using Virtualmin Professional and having this problem, something went wrong during installation and we'll help you fix it. If you're using Virtualmin GPL, then you'll need to rebuild Apache to correctly configure the suexec docroot.

I think suexec is a pretty important feature to have, if you have more than one user on the machine and any of them are not trusted (I don't mean you like them--they can be friends or family and still make stupid mistakes in CGI coding that could lead to serious security holes, without suexec--trust here refers also to your users ability to understand security issues).

There was a thread about rebuilding Apache with suexec not long ago:

http://www.virtualmin.com/forums/message-view?message_id=29366

It is not very hard on RPM-based systems, though it takes a little bit of effort to get all of the dependencies and build environment in place.

--

Check out the forum guidelines!

Sat, 04/01/2006 - 09:53
PeteLee

Joe,
I tried to go through the update and everything seems to go as it should but the doc-root directory does not change. It do not see any errors on the rebuild. Any suggestions?

Thanks,

Sat, 04/01/2006 - 10:00
Mon, 04/03/2006 - 20:57
sciallo

As far as recompiling the suexec, I found a way to simply modify the existing binary. Worked for me....

cd /usr/lib/apache/
cp suexec suexec.save
perl -pe 's//var/www///' suexec.save] suexec
chmod 4555 suexec

This changes the docroot from /var/www to /
Adjust as needed.

Tue, 04/04/2006 - 00:18
PeteLee

Sorry to be so dumb but there are too many / for me to figure out the syntax.
Where would you add in /home

in the
perl -pe 's//var/www///' suexec.save] suexec

i have tried almost every area

Tue, 04/04/2006 - 19:43 (Reply to #6)
sciallo

It does look complicated....

My guess is:
perl -pe 's//var/www//home/' suexec.save] suexec
(I haven't tried since things like mailman and openwebmail don't get installed in /home) You should be able to verify it with suexec -V

Tue, 04/04/2006 - 19:41
Spyro

Here you go. The s/blah/blah/ is you basic syntax. The is an "escape character". I'm terribly rusty, but I'm quite positive that this would do the trick.

perl -pe 's//var/www//home/' suexec.save] suexec

Tue, 04/04/2006 - 19:52
Spyro

There appears to be something of an accord, so that is most likely the solution.

Wed, 04/05/2006 - 18:52
PeteLee

That gave me a segmentation fault when I ran suexec -V

Wed, 04/05/2006 - 20:27
sciallo

Ok, got it and tested it:

perl -pe 's//var/www//home/' suexec.save] suexec.test

I guess the ""s are there to pad a specific length. so you have to take off as many ""s as many chars you add and of course you're limited to the length of "/var/www" so something like /home/vhosts would not work.