[SLUG] Apache suEXEC

From: Matt Miller (Matthew.Miller@wellcare.com)
Date: Tue Jul 13 2004 - 18:07:13 EDT

Next message: Matt Miller: "[SLUG] Re: (Correction) Apache suEXEC"
Previous message: Logan Tygart: "Re: [SLUG] wireless card problem"
Next in thread: Matt Miller: "[SLUG] Re: (Correction) Apache suEXEC"
Reply: Matt Miller: "[SLUG] Re: (Correction) Apache suEXEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Anyone have experience implementing suEXEC in Apache?
I am experimenting with suEXEC without much success. I have an internal
Apache server running as user and group nobody, but I need to execute a
few select perl/cgi scripts as a specific user. Below are the details:

Firstly- here are my configure options:
./configure --prefix=/local/http/ --with-perl=/usr/local/bin/perl \
--with-port=8080 --server-uid=nobody --server-gid=nobody \
--enable-suexec --suexec-caller=testuser \
--suexec-docroot=/local/http/htdocs/test-www/cgi-bin \
--suexec-umask=027 --enable-module=all \
--enable-rule=SHARED_CORE=yes --enable-shared=max \
--activate-module=src/modules/perl/libperl.a

Secondly - the relevant vhost entry in my httpd.conf:
NameVirtualHost 192.168.0.50:8080
<VirtualHost 192.168.0.50:8080>
    ServerAdmin testuser@mydomain.com
    DocumentRoot "/usr/local/http/htdocs/test-www"
    <Directory "/usr/local/http/htdocs/test-www/cgi-bin/">
    Options ExecCGI
    Order allow,deny
    Allow from all
    </Directory>
    ScriptAlias /cgi-bin/ "/usr/local/http/htdocs/test-www/cgi-bin/"
    ServerName test.mydomain.com
    User kharper
    ErrorLog logs/test.mydomain.com-error_log
    CustomLog logs/test.mydomain.com-access_log common
</VirtualHost>

And finally the log entries (after running a 'Hello World' perl script
in the vhost cgi-bin directory):
[Tue Jul 13 17:43:52 2004] [error] [client 192.168.0.150] Premature end
of script headers: /usr/local/http/htdocs/test-www/cgi-bin/test.cgi
[2004-07-13 17:43:52]: crit: calling user mismatch (nobody instead of
testuser)

If I set the 'User' parameter outside of the vhost definition to
'testuser' everything works fine which tells me suEXEC is correctly
configured to be called by 'testuser'. But, this defeats using suEXEC,
since the Apache process is no longer running as nobody.

Any ideas? Thanks.

Matt

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: Matt Miller: "[SLUG] Re: (Correction) Apache suEXEC"
Previous message: Logan Tygart: "Re: [SLUG] wireless card problem"
Next in thread: Matt Miller: "[SLUG] Re: (Correction) Apache suEXEC"
Reply: Matt Miller: "[SLUG] Re: (Correction) Apache suEXEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:25:30 EDT