On Thu, Aug 18, 2011 at 03:51:38PM +0200, Julien Valroff wrote:
Le jeudi 18 août 2011 à 11:37:48 (+0200 CEST), mahashakt...@orange.fr a écrit :
Package: dspam-webfrontend
Version: 3.10.1+dfsg-2
Severity: normal
Tags: sid
Hi,
Installing the dspam-webfrontend package make it impossible to access to
the web interface of other apache2 depending packages like backuppc or
dpkg-www which were running O.K. before. For theses packages I get an
Internal Server error , Error 500. Looking in /var/log/apache2/suexec.log
gives following error message :
[2011-08-18 11:30:13]: uid: (110/dspam) gid: (113/dspam) cmd: index.cgi
[2011-08-18 11:30:13]: command not in docroot
(/usr/share/backuppc/cgi-bin/index.cgi)
[2011-08-18 11:30:39]: uid: (110/dspam) gid: (113/dspam) cmd: dpkg
[2011-08-18 11:30:39]: command not in docroot (/usr/lib/cgi-bin/dpkg)
The only way I found till then was to comment out the SuexecUserGroup
line in /etc/apache2/conf.d/dspam.conf but ... it is not a solution .
The SuexecUserGroup directive should indeed be located in a VirtualHost
block to restrict its effect to this virtual host.
Would you please test the attached apache configuration snippet and tell me
what you think of it?
It creates a virtual host listening on port 8024, only reachable from the
local machine.
Cheers,
Julien
--
Hi,Julien
Thanks for the code, it's now working, I was searching in this direction
but my skills in apache configuration are not so great !
Dspam-webfrontend, dpkg-www and backuppc can now be accessed without
disabling suexec in /etc/apache2/conf.d/dspam.conf.
Thanks for your work
mahashakti89
.''`. Julien Valroff ~ <jul...@kirya.net> ~ <jul...@debian.org>
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
# Dspam example website configuration for Apache 2
#
# Use htpasswd to create /etc/dspam/passwd and add a system username.
# The password should not be the same as the user's system password.
# # htpasswd -c /etc/dspam/passwd <username>
# # chown root.www-data /etc/dspam/passwd && chmod 640 /etc/dspam/passwd
#
# Make sure the suexec module is installed and loaded:
# # apt-get install apache2-suexec
# # a2enmod suexec
#
# Install this file in Apache configuration directory:
# # cp /usr/share/doc/dspam-webfrontend/examples/apache2.conf \
# /etc/apache2/conf.d/dspam
#
# Then visit http://127.0.0.1:8024 and log in.
#
# Add the admin username to /etc/dspam/admins, which will enable the
# 'Administrative Suite' tab and functionality for that person.
Listen 8024
<Directory /var/www/dspam/>
# This makes the /dspam directory unavailable from the default virtual host
Order deny,allow
Deny from all
</Directory>
<VirtualHost *:8024>
DocumentRoot /var/www/dspam/
SuexecUserGroup dspam dspam
Alias /usr/share/dspam /usr/share/dspam/
<Directory /var/www/dspam/>
Addhandler cgi-script .cgi
DirectoryIndex dspam.cgi
Options +ExecCGI +MultiViews -Indexes
AllowOverride None
Order deny,allow
Deny from all
# This makes the DSPAM WebUI only available from the local machine
# You may obviously want to add other IP adresses (local network etc.)
# to the following line
Allow from 127.0.0.0/255.0.0.0 ::1/128
AuthType Basic
AuthName "DSPAM Control Center"
AuthUserFile /etc/dspam/passwd
Require valid-user
</Directory>
<Directory /usr/share/dspam/>
Options -Indexes
AllowOverride None
</Directory>
</VirtualHost>
# The above configuration is provided only as an example. For serious work
# over the internet, it should be set up as a proper VirtualHost and SSL
# should be used to protect the user's credentials. If the site has many
# users, consider using one of the db-based authentication methods,
# e.g. mod_auth_mysql.
On Thu, Aug 18, 2011 at 03:51:38PM +0200, Julien Valroff wrote:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
