Menu
▾
▴
Re: [webmin-l] setting the user for CGI program execution - suexec policy violation
|
From: Terrence B. <sch...@gm...> - 2007-10-31 01:37:23
|
I figured it out, per http://doxfer.com/Webmin/ApacheWebserver the program must reside under a directory that is compiled into suexec, and nowhere else on the filesystem. and /var/www is suexec's doc_root and I was trying to execute /home/schemelab/domains/com/metaperl/hg/hgwebdir.cgi So i just copied the CGI into the /var directory structure and presto whammo! it worked. On 10/30/07, Terrence Brannon <sch...@gm...> wrote: > On 10/30/07, Kris Deugau <kd...@vi...> wrote: > > Terrence Brannon wrote: > > > Yes, I did that and it was working fine for awhile, but today, I got > > > this error in the error log for a host that I run CGI scripts on: > > > > > > suexec policy violation: see suexec log for more details > > > > > > 1) there is no suexec log on my system, per locate > > > > Debian's default configuration for "findutils" (AKA slocate on RH and > > derived systems) makes locate nearly useless, IMO. :/ Your suexec log > > is likely /var/log/apache/suexec.log or /var/log/apache2/suexec.log, > > yes, found it in /var/log/apache2/suexec.log > > > > > > Once you've found the suexec log, you can get to the "real" error you're > > running into. <g> > > [2007-10-30 12:07:41]: uid: (1000/schemelab) gid: (100/100) cmd: hgwebdir.cgi > [2007-10-30 12:07:41]: command not in docroot > (/home/schemelab/domains/com/metaperl/hg/hgwebdir.cgi) > > root@li2-168:/var/log/apache2# /usr/lib/apache2/suexec -V > -D AP_DOC_ROOT="/var/www" > -D AP_GID_MIN=100 > -D AP_HTTPD_USER="www-data" > -D AP_LOG_EXEC="/var/log/apache2/suexec.log" > -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" > -D AP_UID_MIN=100 > -D AP_USERDIR_SUFFIX="public_html" > > I have root on this machine. > > Now the virtual host in question, hg.metaperl.com > has document root /home/schemelab/domains/com/metaperl/hg > and executes as schemelab:users > this is where the log error is being thrown. > > A different virtual domain, lists.metaperl.com, executes as www-data > and runs mailman CGI scripts just fine. > > Another one executes as www-data but the CGI script is not in the > suexec document root. > |