[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: SuEXEC and CGI to two VirtualHosts


Again thanks.

>Mike, I think you have to admit your troubles are a result of your
>inexperience with this setup.

Absolutely, and I see your point about the number of other modules (but do
any of them have this particular sort of inability to work if the default
setup isn't used? SuEXEC seems unique in this regard). And in addition to
inexperience, I have an inborn stubborn trait -- I want my directories where
I want them! haha. (This is a selling point of UNIX systems, that is that
the directory structure is "logical"...meaning you can order it in a way
that makes sense to you.)

Best Wishes!
Mike Olds www.buddhadust.org

>-----Original Message-----
>From: Bill Moseley [mailto:moseley@hank.org]
>Sent: Saturday, January 04, 2003 9:05 AM
>To: Michael Olds
>Cc: Debian-User
>Subject: RE: SuEXEC and CGI to two VirtualHosts
>On Sat, 4 Jan 2003, Michael Olds wrote:
>> If I understand you correctly, to use SuEXEC I am going to have
>to either 1.
>> completely change the way I wanted to set up my web directory
>(ies), or 2.
>> figure out how to configure SuEXEC prior to compiling Apache and
>compile it
>> from source myself. How can Debian leave us in such a fix?
>How can the debian maintainer know where you want install things?
>The SuEXEC docs say:
> suEXEC Points Of Interest
> Hierarchy limitations
> For security and efficiency reasons, all suexec requests must remain
> within either a top-level document root for virtual host requests, or
> one top-level personal document root for userdir requests. For example,
> if you have four VirtualHosts configured, you would need to structure all
> of your VHosts' document roots off of one main Apache document hierarchy
> to take advantage of suEXEC for VirtualHosts. (Example forthcoming.)
>It's not the Debian package that's causing that restriction.
>> ...where it is
>> clear that we can set up the Apache document root any way we
>want and it is
>> absolutely silent on the effects changes will have on using
>SuEXEC? (I have
>> looked through the docs installed with Apache and there is
>virtually (ahum)
>> nothing on SuEXEC.)
>That's true, but look at how many module options there are in the default
>httpd.conf -- there's no way to list all the details.  Think about
>mod_perl's potential complex issues.  SuEXEC is typically used by ISPs and
>other experienced users -- and is also typically used for ~user type
>directories which is how the debian package has it.
>You have to keep in mind that the debian package is basically the Apache
>defaults, plus setup in a standard way to work for a wide group of users.
>Most people just use the default config and it works great.  Once you
>start changing things without have a good knowledge of Apache then you are
>in for a frustrating time.  It's not easy until you do spend those
>frustrating weeks.
>> For the record, in order to demonstrate to myself that I did not myself
>> insert some hairbrained configuration data in the SuEXEC setup, I
>> uninstalled and re-installed Apache. There is no indication at all during
>> setup that SuEXEC is being installed (and it is)
>It's just another Apache module.  Did it tell you that mod_cgi was being
>installed?  It's a package, and contains a lot of modules.
>>  why doesn't the installation include the ability to specify the
>> document root in the case where SuEXEC is being installed automatically,
>> since SuEXEC seems to be so tightly bound to the installation
>> configuration)?
>Because it's not a configuration parameter -- it's part of the suexec
>wrapper program and it's compiled in.  When you install a Debian package
>you are getting a binary verison.  It's a package deal.
>> The error message I am now getting from SuEXEC log is: error
>> (a different level of error) command not in docroot.
>Google.  That means you are trying to run a suexec script in a place
>that's not in docroot specified at suexec compile time.
>Define as the DocumentRoot set for Apache. This will be the only hierarchy
>(aside from UserDirs) that can be used for suEXEC behavior. The default
>directory is the --datadir value with the suffix "/htdocs", e.g. if you
>configure with "--datadir=/home/apache" the directory
>"/home/apache/htdocs" is used as document root for the suEXEC wrapper.
>I tried to explain that in my last message.
>> Time for some more thought.
>I posted a working httpd.conf.  Why not just move your directories?
>Or you can build Apache from source.  That's more reading -- but it's not
>that hard (no it's totally confusing until you figure it out!).
>> Sidebar: I contrast this to a PHP/MySQL setup I also have where
>there is no
>> grief like this at all!
>Mike, I think you have to admit your troubles are a result of your
>inexperience with this setup.  The Debian package works perfectly for most
>people.  When you decide to change that default config you had better know
>what you are doing, or else face that kind of grief.
>Seems like you can be up and running by a couple of mv commands.
>Bill Moseley moseley@hank.org

Reply to: