RE: SuEXEC and CGI to two VirtualHosts
Sorry Bill! Sent off-list by accident again...appipollylogies!
Best Wishes!
Mike Olds www.buddhadust.org
||> I believe I have traced my problem in setting up CGI bins on two
||> VirtualHosts to the fact that SuEXEC is incorrectly configured (it is
||> enabled and I get "suexec: enabled; valid wrapper
||/usr/lib/apache/suexec".)
||> The error I get is: "cannot get docroot information /var/www"
||(the Debian
||> Apache default docroot).
||
||That's typically either a permsissions problem or can chdir to a
||directory.
I do not know what "or can chdir to a directory" means. ?It cannot change
directories?
|| It might be that you have group write perms on a directory.
No. Double checked.
||Look at the suexec docs at what it goes through to before it will run a
||user's script. That might give you ideas where to look.
||
||http://httpd.apache.org/docs/suexec.html Look at "suEXEC Security Model".
||
||
||Another very useful trick is to run httpd -X (single process mode) and
||then use strace -- although I'm not sure if strace will follow the forks.
||You look for a failed system call and that's noramlly the problem.
The above is beyond my understanding.
|| But it might be easier to try and follow the docs carefully.
This I am trying to do.
I have read the suggested documentation a couple few times now, including
the monstrous routine it goes through to get a connection going...! And I
have it open in front of me now and am running down the list.
1. Am I correct in understanding that I can have one account set up (to test
it) that should work under suEXEC while another is not and it should work on
the test account?
if so:
2. How deep does the "no group write thing need to go?" (in other words,
does it apply above the cgi-bin (Well I tried changing it to Group apache
(the apache group) r -- enter, above /public_html with no change)
This is the Virtual Host setup:
<VirtualHost ~>
ServerName name.of.host
DocumentRoot "/www/user2/public_html"
User name2 (a test name belonging to no other group than name2 Group,
with no special privelages at all)
Group name2
ScriptAlias /cgi-bin-2/ "/www/user2/public_html/cgi-bin-2"
<Directory "/www/user2/pulic_html/cgi-bin-2"
AllowOverride None
Order allow,deny
Allow from all
Options ExecCGI
</Directory>
</VirtualHost>
This is the Directory Structure:
Server DocumentRoot /www
/www/user2/public_html/cgi-bin-2/directory/*.cgi
for *.cgi (simple test script that works in the working cgi dir.)
User name2 r r x
Group name2 r - x
World --
For directory
User name2 r r x
Group name2 r - x
World --
For cgi-bin-2
User name2 r r x
Group name2 r - x
World --
Calling the script: I get "Forbidden"
and the suEXEC error is as above:
emerg: cannot get docroot information (/var/www)
info: (target actual) uid: (user2/user2) gid (user2/user2): cmd *.cgi
The VirtualHost works fine just serving html docs.
This looks to me like suEXEC is looking in /var/www which is the apache
default DocumentRoot, but is not my DocumentRoot.
Best Wishes!
Mike Olds www.buddhadust.org
Reply to: