suexec command not in docroot

hi,

i installed libapache2-mod-security on apache2, it messed up apache when i restarted it  gave this error

Warning: SuexecUserGroup directive requires SUEXEC wrapper.

the file /usr/lib/apache2/suexec did not exist and  could be messed by the modsecurity install

so i installed apache2-suexec:

apt-get install apache2-suexec

Now i get this error

suexec policy violation: see suexec log for more details
Premature end of script headers: script.cgi

suexec.log shows

[2009-02-17 15:36:02]: uid: (1028/user) gid: (1000/user2) cmd: file.pl
[2009-02-17 15:36:02]: command not in docroot (/home/user/cgi-bin/file/file1.pl)

Any ideas?

krisdigitxAsked:
Who is Participating?
 
ht-docsConnect With a Mentor Commented:
try command
suexec -V

What does it tell about DOC_ROOT?
0
 
krisdigitxAuthor Commented:
its set to

-D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

but the actual home websites are located in /home/user directories
0
 
ht-docsConnect With a Mentor Commented:
As far as I can suppose you use UserDir

I have three ideas:
1. Remove or comment all SuexecUserGroup directives - this should disable suexec completely if you dont need it. Do you really need to start scripts under user id?

2. AP_USERDIR_SUFFIX="public_html". It means that suexec wants your scripts not in /home/user/ but in /home/user/public_html/. And also you have to use directive UserDir public_html

3. Rebuild suexec from source with proper configuration directives, e.g. --with-suexec-userdir=DIR

"... Define to be the subdirectory under users' home directories where suEXEC access should be allowed. All executables under this directory will be executable by suEXEC as the user so they should be "safe" programs. If you are using a "simple" UserDir directive (ie. one without a "*" in it) this should be set to the same value. suEXEC will not work properly in cases where the UserDir directive points to a location that is not the same as the user's home directory as referenced in the passwd file. Default value is "public_html".
    If you have virtual hosts with a different UserDir for each, you will need to define them to all reside in one parent directory; then name that parent directory here. If this is not defined properly, "~userdir" cgi requests will not work!"

As far as I know there is no other way to change user dir but to recompile suexec
0
 
krisdigitxAuthor Commented:
cool, i got i working, got a compiled backup file of suexec, it had the correct doc root.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.