suexec command not in docroot

Posted on 2009-02-17
Last Modified: 2013-12-14

i installed libapache2-mod-security on apache2, it messed up apache when i restarted it  gave this error

Warning: SuexecUserGroup directive requires SUEXEC wrapper.

the file /usr/lib/apache2/suexec did not exist and  could be messed by the modsecurity install

so i installed apache2-suexec:

apt-get install apache2-suexec

Now i get this error

suexec policy violation: see suexec log for more details
Premature end of script headers: script.cgi

suexec.log shows

[2009-02-17 15:36:02]: uid: (1028/user) gid: (1000/user2) cmd:
[2009-02-17 15:36:02]: command not in docroot (/home/user/cgi-bin/file/

Any ideas?

Question by:krisdigitx
    LVL 3

    Accepted Solution

    try command
    suexec -V

    What does it tell about DOC_ROOT?

    Author Comment

    its set to

    -D AP_DOC_ROOT="/var/www"
     -D AP_GID_MIN=100
     -D AP_HTTPD_USER="www-data"
     -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
     -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
     -D AP_UID_MIN=100
     -D AP_USERDIR_SUFFIX="public_html"

    but the actual home websites are located in /home/user directories
    LVL 3

    Assisted Solution

    As far as I can suppose you use UserDir

    I have three ideas:
    1. Remove or comment all SuexecUserGroup directives - this should disable suexec completely if you dont need it. Do you really need to start scripts under user id?

    2. AP_USERDIR_SUFFIX="public_html". It means that suexec wants your scripts not in /home/user/ but in /home/user/public_html/. And also you have to use directive UserDir public_html

    3. Rebuild suexec from source with proper configuration directives, e.g. --with-suexec-userdir=DIR

    "... Define to be the subdirectory under users' home directories where suEXEC access should be allowed. All executables under this directory will be executable by suEXEC as the user so they should be "safe" programs. If you are using a "simple" UserDir directive (ie. one without a "*" in it) this should be set to the same value. suEXEC will not work properly in cases where the UserDir directive points to a location that is not the same as the user's home directory as referenced in the passwd file. Default value is "public_html".
        If you have virtual hosts with a different UserDir for each, you will need to define them to all reside in one parent directory; then name that parent directory here. If this is not defined properly, "~userdir" cgi requests will not work!"

    As far as I know there is no other way to change user dir but to recompile suexec

    Author Comment

    cool, i got i working, got a compiled backup file of suexec, it had the correct doc root.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
    If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
    The viewer will learn how to count occurrences of each item in an array.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now