Suexec under Debian apache-ssl, was: how do I use UID setting?
To debian-user, debian-isp and apache-ssl as I think answers may
be ssl and debian specific.
On 7 Feb 99, at 10:01, Gerard MacNeil, having pointed me to
suexec and continuing a correspondence that has been running
with others' support on debian-user and debian-isp wrote:
>
> Ah, gcc. That's why I like Makefiles.
Don't understand!
>
> I checked suexec.c and found the line
> #include "ap_config.h"
Interestingly, that's definitely not in mine. All the includes are to
standard C headers and the one to suexec.h.
>
> Without getting into C-proramming and all that, you can take this entry to
> mean that "suexec.c" and "suexec.h" MUST be in the same directory as
> "ap_config.h". I did it, compiled no problem. You probably need
> apache_ssl-dev to get "ap_config.h".
>
Taking me to the edge of my very old C knowledge but yes!...
So I got the apache-dev and libc6-dev packages matching my slink
libc6, installed them with dpkg and hey presto the compile worked.
Then I had to work out where apache-ssl expects to find suexec if
it's going to use it. That's more tricky. In httpd.h in
/usr/include/apache-1.3 I find:
httpd.h:#define SUEXEC_BIN HTTPD_ROOT "/sbin/suexec"
That has "HTTPD_ROOT" which isn't in the apache suexec html
documentation but seems to point me to /sbin as the debian
location for suexec. So I put it there, chown root, chmod 4711 and
restart apache-ssl.
It _DOESN'T_ print a line saying it's using suexec there or
anywhere else.
I call a file with owner and group chris (UID=1000 = the minimum I
set in suexec.h) within the directory tree of apache-ssl, not setuid,
nor setgid, directory not writable by anyone else.
I get:
> Forbidden
>
> You don't have permission to access /cgi-bin/cp on this server.
and error.log shows the same and the suexec log I specified in
suexec.h isn't created.
So I'm not invoking suexec using apache-ssl on my server.
Anyone know where I'm going wrong?!
Platform is i386 Debian Hamm, libc6 & libc6-dev updated to slink
as I'm using sendmail 8.9.1 which forced that. Apache-ssl is out of
hamm. Server running standalone (of course) with four virtual
hosts, IP based, two http, two https.
TIA,
Chris
PSYCTC: Psychotherapy, Psychology, Psychiatry, Counselling
and Therapeutic Communities; practice, research,
teaching and consultancy.
Chris Evans & Jo-anne Carlyle Tel/fax.:(+44|0)181-671 0868
http://psyctc.org/ Email: chris@psyctc.org
Reply to: