Hello Philip,
Friday, June 23, 2000, 7:49:02 PM, you wrote:
PJ> I compiled apache_1.3.12 on Redhat 6.2 and compiled suEXEC in, when I
PJ> start Apache it says:
PJ> [notice] suEXEC mechanism enabled (wrapper:
PJ> /usr/local/apache/bin/suexec)
PJ> in the error file, so I know that is is stating, but suEXEC seems to be
PJ> ignoring ALL the rules it should be protecting. In Apaches docs it says
PJ> that it will not run files world writtable, or files owned by root, or
PJ> files in a world writtable directory. Well I wanted to test it and make
PJ> sure that it was working right, and it will run all scripts in under
PJ> every circumstance. Any idea what is wrong? I compiled it with these
PJ> options:
PJ> --enable-suexec
PJ> --suexec-caller=same_as_my_apache_user
PJ> --suexec-userdir=public_html
PJ> --suexec-docroot=/same_as_apache_doc_root
PJ> --suexec-logfile=/my_log_path/suexec-log
PJ> --suexec-uidmin=500
PJ> --suexec-gidmin=500
PJ> --suexec-safepath=/usr/bin:/usr/local/bin
PJ> I have only received one error in my suexec-log file on all of the files
PJ> that I run illegaly, that error was:
PJ> alert: too few arguments
PJ> Again, showing that it is running, but not protecting. I am running
PJ> virtual domains on this box, the path to the virtual domain directories
PJ> are:
PJ> /same_as_apache_doc_root/virtual_domain
PJ> I have put:
PJ> user otherUser
PJ> group otherUser
PJ> To specify a different user/group then the one that apache is running as
PJ> like it says in the docs.
PJ> Any ideas would be very helpful.
PJ> Thanks,
PJ> Phil,
First thing, mosy people on this list will tell you to go to the
apache list for this, and most people on that list will tell you to
read the manual...just for your own future reference. Now...
Don't forget that prior to compiling suexec, you must change
edit /usr/local/apache_x.x.x/src/support/suexec.h
ensure:
#define HTTPD_USER "www" <---whatever you defined as
#define UID_MIN 500 <--- could be 100, but I like 500
#define GID_MIN 500 <--- same
Now, cd to /use/local
chown -R root apache_x.x.x
chgrp -R root apache_x.x.x
Remember to "pre-compile" apache before your final compile...here is
the relavent section for your final Apache compile:
./configure \
--enable-suexec \
--suexec-caller=www \ <---- whatever you like but must match suexec.h
--suexec-userdir=public_html \
--suexec-docroot=/home \
--suexec-logfile=/usr/local/apache/logs/cgi.log \
--suexec-uidmin=500 \ <--match suexec.h
--suexec-gidmin=500 \ <--match suexec.h
--suexec-safepath="/usr/local/bin:/usr/bin:/bin" \
--
Best regards,
badger mailto:[EMAIL PROTECTED]
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
