dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
410

shdesigns
Powered By Infinite Improbabilty Drive
Premium Member
join:2000-12-01
Stone Mountain, GA
(Software) pfSense
ARRIS SB6121

shdesigns

Premium Member

Apache and suexec

I've been fighting this for about 20 hours straight. I have gotten it to work, but not the way I want.

I have multiple virtual domains, i.e.:
User nobody
Group user
DocumentRoot /home/httpd
ScriptAlias /cgi-bin/ /home/httpd/cgi-bin/

<Virtualdomain shdesigns.org>
DocumentRoot /home/www
</VirtualDomain>

<VirtualDomain webmail.shdesigns.org>
DocumentRoot /home/webmail/public_html
User webmail
Group webmail
</VirtualDomain>

<Directory /home/webmail/public_html>
Allow from all
Options ExecCGI Indexes
SetHandler cgi-script .pl
DirectoryIndex omail.pl
</Directory>

Access to webmail.shdesigns.org tries to open /home/webmail/public_html/omail.pl. The webmail perl script fails with "premature end of script headers". Basically the script does not run.

Scipt is owned by webmail group webmail, is r-xr-x-rx flagged. Same for public_html dir.
Apache 1.3.19 (reports suexec ok on startup.)

If I move the script to /home/http/cgi-bin/ it works fine if called from /cgi-bin/omail.pl in any of the other domains. Funny, it even works with the wrong owner and group.

The problem seems to be having multiple users and cgi script dirs.

I did see one reference that all cgi-scripts had to be in your main tree (default DocumentRoot.)

There is little docs on suexec, and I beleive this is the problem.

I will try upgrading to newer Apache. But it is RH 7.1 and does not have latest glibs etc.

Anyone with experience with multiple User/Group settings and having multiple cgi-scripts?

One of the weird things is the script is run directly from the DocumentRoot dir. I tried setting DefaultHandler cgi-script, with same error.

Also I set Loglevel debug and still no more info in logs.

Any ideas?

BTW, omail-webmail works great with qmail. Nice as it does not remove mail so when I access via regular mail prog, I still get the mail. Funny the docs say "If you are a Linux Guru you MIGHT be able to get this to work." True, as I got just as much info from /dev/nil as from their docs

fritzmp
Biker Tux
Premium Member
join:2001-08-29
Warrenton, VA

fritzmp

Premium Member

ScriptAlias /cgi-bin/ /home/webmail/public_html/

If its just your webmail scripts in that directory or you can add a cgi-bin in /home/webmiail , thus

ScriptAlias /cgi-bin/ /home/webmail/cgi-bin/

And adjust the paths to scripts accordingly.

It's a good idea to run scripts out of the document root.

shdesigns
Powered By Infinite Improbabilty Drive
Premium Member
join:2000-12-01
Stone Mountain, GA
(Software) pfSense
ARRIS SB6121

shdesigns

Premium Member

I already tried:
ScriptAlias /cgi-bin/ /home/webmail/public_html/

I get:
Error trying to execute directory as script.

Note: there is no access to /cgi-bin/ from the URL, so I don't think this really is appropriate.

With more reading it looks like it is a suexec problem. The docs say I have to recompile suexec to fix it, but this is a precompiled rpm install.

I think I'll try rebuilding a new server with RH8+new apache. This system is getting messed up with conflicting libs. I may try a RH upgrade, but that gets scary

fritzmp
Biker Tux
Premium Member
join:2001-08-29
Warrenton, VA

fritzmp to shdesigns

Premium Member

to shdesigns
create a cgi-bin in webmail and

<Directory "/home/webmail/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>

shdesigns
Powered By Infinite Improbabilty Drive
Premium Member
join:2000-12-01
Stone Mountain, GA
(Software) pfSense
ARRIS SB6121

shdesigns

Premium Member

said by fritzmp:
create a cgi-bin in webmail and

<Directory "/home/webmail/cgi-bin">
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
Been there, done that, same problem.

I beleive the problem is suexec was compiled with --with-suexec-docroot=/home/httpd. Of course no source, so I have no clue as to how Red Hat bastardized the install, and they don't document what their defaults are.

So, it will fail with any cgi outside of /home/httpd.

I guess I could change move webmail dir to /home/httpd/webmail. But the idea is to later allow user-specific cgi-bin dirs, outside of /home/httpd.

I'm building Apache 2.0 now, wish me luck
efflandt
join:2002-01-25
Elgin, IL

efflandt to shdesigns

Member

to shdesigns
Read link in your local apache manual or their site for "Using SetUserID Execution for CGI". While suexec for /~username/ links will be automatic, if you want to specify User and Group for vhosts, the dir has to be under main DocumentRoot (or whatever was compiled for suexec) and owned by that user and group.

So put the vhost under main doc root owned by that user/group. And for easy of access, put a symlink to that in their home dir. Then from their home dir they can simply cd symlinkname to access their vhost web dir.