?
Solved

suexec command not in docroot

Posted on 2009-02-17
4
Medium Priority
?
4,988 Views
Last Modified: 2013-12-14
hi,

i installed libapache2-mod-security on apache2, it messed up apache when i restarted it  gave this error

Warning: SuexecUserGroup directive requires SUEXEC wrapper.

the file /usr/lib/apache2/suexec did not exist and  could be messed by the modsecurity install

so i installed apache2-suexec:

apt-get install apache2-suexec

Now i get this error

suexec policy violation: see suexec log for more details
Premature end of script headers: script.cgi

suexec.log shows

[2009-02-17 15:36:02]: uid: (1028/user) gid: (1000/user2) cmd: file.pl
[2009-02-17 15:36:02]: command not in docroot (/home/user/cgi-bin/file/file1.pl)

Any ideas?

0
Comment
Question by:krisdigitx
  • 2
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
ht-docs earned 2000 total points
ID: 23662319
try command
suexec -V

What does it tell about DOC_ROOT?
0
 

Author Comment

by:krisdigitx
ID: 23663896
its set to

-D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

but the actual home websites are located in /home/user directories
0
 
LVL 3

Assisted Solution

by:ht-docs
ht-docs earned 2000 total points
ID: 23664141
As far as I can suppose you use UserDir

I have three ideas:
1. Remove or comment all SuexecUserGroup directives - this should disable suexec completely if you dont need it. Do you really need to start scripts under user id?

2. AP_USERDIR_SUFFIX="public_html". It means that suexec wants your scripts not in /home/user/ but in /home/user/public_html/. And also you have to use directive UserDir public_html

3. Rebuild suexec from source with proper configuration directives, e.g. --with-suexec-userdir=DIR

"... Define to be the subdirectory under users' home directories where suEXEC access should be allowed. All executables under this directory will be executable by suEXEC as the user so they should be "safe" programs. If you are using a "simple" UserDir directive (ie. one without a "*" in it) this should be set to the same value. suEXEC will not work properly in cases where the UserDir directive points to a location that is not the same as the user's home directory as referenced in the passwd file. Default value is "public_html".
    If you have virtual hosts with a different UserDir for each, you will need to define them to all reside in one parent directory; then name that parent directory here. If this is not defined properly, "~userdir" cgi requests will not work!"

As far as I know there is no other way to change user dir but to recompile suexec
0
 

Author Comment

by:krisdigitx
ID: 23664286
cool, i got i working, got a compiled backup file of suexec, it had the correct doc root.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will be showing you how to subnet the easiest way possible for IPv4 (Internet Protocol version 4). This article does not cover IPv6. Keep in mind that subnetting requires lots of practice and time.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question