Menu
▾
▴
Re: [webmin-l] Virtualmin GPL 3.32 needs mod_suexec enabled - issues
|
From: Kris D. <kd...@vi...> - 2007-01-29 15:33:51
|
Thomas Leavitt wrote: > One of my hosting clients just emailed me to say that all of his cgi > scripts were suddenly producing error 500 messages... which, after some > investigation, seems to be a common side effect of a misconfigured > mod_suexec (all I did to enable it was to uncomment a single line in the > file above)... the suexec.log file is filled with entries of this sort, > as a result: > > > [2007-01-18 16:20:17]: uid: (0/root) gid: (108/108) cmd: mt-tb.cgi > [2007-01-18 16:20:17]: cannot run as forbidden uid (0/mt-tb.cgi) > > This is the line I uncommented from the modules.d conf file: > > SuexecUserGroup root apache O_o Oooookaaay. The whole point of suexec is that CGI scripts run under the UID of the domain owner, rather than the UID of the webserver. IIRC there's a hardcoded restriction in suexec (and, for that matter, a great many similar tools) that effectively reads "If UID==0, die NOW!". This also typically means that you MUST have a user defined for each domain in your system password file, unless you hack the code to allow bare UIDs. IIRC in *some* cases you can use "#<uid>" as well, but there are some unfortunate side effects relating to user home directories. -kgd |
