Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development
  Previous topic | Next topic 
Author Message
IntuititveNipple
 Post subject: Upgrading to Lucid 10.04
PostPosted: Sun Jun 20, 2010 8:34 am 
Offline
Junior Member

Joined: Tue Dec 04, 2007 12:51 am
Posts: 22
I've just upgraded the server from Ubuntu Hardy 8.04 LTS to Lucid 10.04 LTS.

As part of that process the apache web-server was updated and lost the custom-built suexec which caused the apache2 server to fail to start.

On investigation I found that Ubuntu now carries a custom suexec package that can be configured via a configuration file rather than re-compiling the suexec binary.

Install the custom package:
Code:
sudo apt-get install apache2-suexec-custom

The man page says:
Quote:
This version of suexec reads a config file on every execution ... If suexec is called by a user with name ’username’, it will look into /etc/apache2/suexec/username for configuration. If the file does not
exist, suexec will abort. By creating several config files, you can allow several different apache run users to use suexec.

The configuration file requirements are:
Quote:
The first line in the file is used as the document root (/var/www in the standard suexec) and the second line in the file is used as the suffix that is appended to users’ home directories (public_html in standard suexec).

If any of the lines is commented out (with #), suexec will refuse the corresponding type of request. It is recommended to comment out the userdir suffix if you don’t need it.

There is an example file at /etc/apache2/suexec/www-data:
Code:
/var/www
public_html/cgi-bin
# The first two lines contain the suexec document root and the suexec userdir
# suffix. Both features can be disabled separately by prepending a # character.
# This config file is only used by the apache2-suexec-custom package.


In my scenario, using VirtualMin, and without wanting to change the existing configuration for all the virtual servers, I added a custom suexec configuration file for each virtual server user account:
Code:
/home
public_html

The man-page Security recommendation says:
Quote:
Do not set the document root to a path that includes users’ home directories (like /home or /var)...

but due to the way the server is configured by VirtualMin I am happy to allow this without being concerned too much. I'll investigate this further when I'm sure the upgraded server services are all working as expected.

_________________
TJ.
IntuitiveNipple
The only intuitive interface is the nipple; everything else is learned.
Top
   
Reply with quote  
Shi3A
 Post subject:
PostPosted: Thu Jan 05, 2012 7:42 pm 
Offline

Joined: Thu Jan 05, 2012 7:39 pm
Posts: 1
ICQ: 260750180
Hello everyone!
I make all from first post and I use apache2-suexec-custom module, but I see this error
Code:
[2012-01-06 03:30:22]: uid: (1001/site_user) gid: (1001/site_user) cmd: php5
[2012-01-06 03:30:22]: command not in docroot (/usr/lib/cgi-bin/php5)

in /var/log/apache2/suexec.log and 500 Internal Server Error in front page...
What am I doing wrong?
Code:
cat /etc/apache2/suexec/site_user
/home/www
public_html

Code:
cat /etc/apache2/sites-enabled/site | grep -v '#'
<VirtualHost 127.0.0.1:8080>
        ServerName   site:8080
        ServerAlias  www.site
        ServerAdmin  "info@site"
        SuexecUserGroup site_user site_user
        DocumentRoot /home/www/site_user/public_html
        CustomLog  /var/log/apache2/site/access_log combined
        ErrorLog  /var/log/apache2/site/error_log
        <IfModule mod_ssl.c>
                SSLEngine off
        </IfModule>
        <Directory /home/www/site_user/public_html>
        Options +ExecCGI
        AllowOverride All
        <IfModule sapi_apache2.c>
                php_admin_flag engine on
                php_admin_flag safe_mode off
                php_admin_value open_basedir "/home/www/site_user/:/tmp"
        </IfModule>
        <IfModule mod_php5.c>
                php_admin_flag engine on
                php_admin_flag safe_mode off
                php_admin_value memory_limit 512M
                php_admin_value open_basedir "/home/www/site_user/:/tmp"
        </IfModule>
        <IfModule mod_fcgid.c>
                <Files ~ (\.fcgi)>
                        SetHandler fcgid-script
                        Options +FollowSymLinks +ExecCGI
                </Files>
        </IfModule>
        </Directory>

 <IfModule !mod_php4.c>
  <IfModule !mod_php4_filter.c>
   <IfModule !mod_php5.c>
    <IfModule !mod_php5_filter.c>
     <IfModule !mod_php5_hooks.c>
      <IfModule mod_actions.c>
       <IfModule mod_alias.c>
        <IfModule mod_mime.c>
         <IfModule mod_fcgid.c>
          AddHandler php-fcgi .php
          Action php-fcgi /fcgi-bin/php-fcgi-wrapper

          Alias /fcgi-bin/ /home/www/site_user/cgi-bin/php5-default/

          <Location /fcgi-bin/>
           SetHandler fcgid-script
           Options +ExecCGI
          </Location>
          ReWriteEngine On
          ReWriteRule ^/fcgi-bin/[^/]*$ / [PT] 
          RewriteLog /home/www/site_user/logs/rewrite.log
          RewriteLogLevel 9
         </IfModule>
        </IfModule>
       </IfModule>
      </IfModule>
     </IfModule>
    </IfModule>
   </IfModule>
  </IfModule>
 </IfModule>
</VirtualHost>


P.S. sorry for my bad English =)

UPD:
Goddamn! I previously configured the apache2.conf
Code:
<Directory /home/www>
   AddHandler fcgid-script .php
   FCGWrapper /usr/lib/cgi-bin/php5 .php
   Options +ExecCGI
</Directory>

Now, I commented out this and it worked! Thank you again!
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development


Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group