Suexec under Debian apache-ssl, was: how do I use UID setting?

To: Gerard MacNeil <macneil@supercity.ns.ca>
Cc: debian-user@lists.debian.org, debian-isp@lists.debian.org, apache-ssl@lists.aldigital.co.uk
Subject: Suexec under Debian apache-ssl, was: how do I use UID setting?
From: "Chris Evans" <chris@psyctc.org>
Date: Sun, 7 Feb 1999 16:56:38 -0000
Message-id: <[🔎] 199902071656.QAA20216@www.psyctc.org>
In-reply-to: <Pine.LNX.3.96.990207092039.17764A-100000@g.macns.ns.ca>
References: <[🔎] 199902071319.NAA19455@www.psyctc.org>

To debian-user, debian-isp and apache-ssl as I think answers may 
be ssl and debian specific.

On 7 Feb 99, at 10:01, Gerard MacNeil, having pointed me to 
suexec and continuing a correspondence that has been running 
with others' support on debian-user and debian-isp wrote:  

> 
> Ah, gcc.  That's why I like Makefiles.  

Don't understand!

> 
> I checked suexec.c and found the line 
> #include "ap_config.h"

Interestingly, that's definitely not in mine.  All the includes are to 
standard C headers and the one to suexec.h.

> 
> Without getting into C-proramming and all that, you can take this entry to
> mean that "suexec.c" and "suexec.h" MUST be in the same directory as
> "ap_config.h".  I did it, compiled no problem.  You probably need
> apache_ssl-dev to get "ap_config.h".    
> 

Taking me to the edge of my very old C knowledge but yes!...

So I got the apache-dev and libc6-dev packages matching my slink 
libc6, installed them with dpkg and hey presto the compile worked. 
Then I had to work out where apache-ssl expects to find suexec if 
it's going to use it.  That's more tricky.  In httpd.h in 
/usr/include/apache-1.3 I find:

httpd.h:#define SUEXEC_BIN  HTTPD_ROOT "/sbin/suexec"

That has "HTTPD_ROOT" which isn't in the apache suexec html 
documentation but seems to point me to /sbin as the debian 
location for suexec. So I put it there, chown root, chmod 4711 and 
restart apache-ssl.

It _DOESN'T_ print a line saying it's using suexec there or 
anywhere else.

I call a file with owner and group chris (UID=1000 = the minimum I 
set in suexec.h) within the directory tree of apache-ssl, not setuid, 
nor setgid, directory not writable by anyone else.  

I get:
> Forbidden
> 
> You don't have permission to access /cgi-bin/cp on this server.
and error.log shows the same and the suexec log I specified in 
suexec.h isn't created.

So I'm not invoking suexec using apache-ssl on my server.  
Anyone know where I'm going wrong?!

Platform is i386 Debian Hamm, libc6 & libc6-dev updated to slink 
as I'm using sendmail 8.9.1 which forced that.  Apache-ssl is out of 
hamm.  Server running standalone (of course) with four virtual 
hosts, IP based, two http, two https.

TIA,

Chris

PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling
   and Therapeutic Communities; practice, research, 
   teaching and consultancy.
Chris Evans & Jo-anne Carlyle  Tel/fax.:(+44|0)181-671 0868 
http://psyctc.org/ Email: chris@psyctc.org

Reply to:

References:
- Re: how do I use UID setting?
  - From: "Chris Evans" <chris@psyctc.org>

Prev by Date: Re: Newbie problem: can't reach an ftp site
Next by Date: Re: Creating Deb Packages
Previous by thread: Re: how do I use UID setting?
Next by thread: Re: how do I use UID setting?
Index(es):
- Date
- Thread