|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
September 23rd, 2001, 01:22 PM
|
|||
|
|||
Problems with recompiling Apache
I compiled apache a few months ago with all the good stuff... ssl, php, mod_perl, and suEXEC.
As time went on I changed the location of my vhosts from /usr/local/www to /www. Life went on, and now, I want to use CGI again and ran over to my Apache src directory and did: make clean then ran configure with the following for suEXEC: --enable-suexec \ --suexec-caller=apache \ --suexec-userdir=webroot \ --suexec-docroot=/www \ --suexec-logfile=/usr/local/www/logs/suexec_log.txt \ --suexec-uidmin=99 \ --suexec-gidmin=99 \ --suexec-safepath="/usr/local/bin:/usr/bin:/bin" Compiled it, and installed it (make & make install, if it matters) Now, restarted Apache using apachectl, and checked the date on my binaries in my APACHE-PREFIX/bin directory, all were current. root@core bin]# ./suexec -V -D DOC_ROOT="/www" -D GID_MID=99 -D HTTPD_USER="apache" -D LOG_EXEC="/usr/local/www/logs/suexec_log.txt" -D SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D UID_MID=99 -D USERDIR_SUFFIX="webroot" Now, the vhost in /www/some.domain.tld/webroot has a cgi script that simply reads /etc/passwd (which suEXEC shouldn't allow it to do), and it reads it fine, but doesn't prin the info stuff in my suEXEC log file. So I set my default DocumentRoot to /usr/local/www/domain.tld/webroot and put the same file in there and get: <blockquote>[2001-09-22 19:29:09]: error: command not in docroot (/usr/local/www/domain.tld/webroot/test.cgi)</blockquote>in my suEXEC log file. So, what isn't getting fixed?
|
|
#2
September 23rd, 2001, 10:16 PM
|
|||
|
|||
|
>> So I set my default DocumentRoot to /usr/local/www/domain.tld/webroot
This violates Rule No.1 of suEXEC. If you want to enable suEXEC for your default host or any vhost, their docroot MUST now reside under /www. This is what I would design for suEXEC directory layout: Default host: /www/htdocs /www/cgi-bin Vhost: /www/vhosts/domain1.com/htdocs /www/vhosts/domain1.com/cgi-bin /www/vhosts/domain1.com/log
|
|
#3
September 23rd, 2001, 10:23 PM
|
|||
|
|||
|
Yes, I realize that, it was just a test to see if suEXEC was actually in the picture, because i wasn't sure because it didn't stop me from opening my passwd file.
|
|
#4
September 23rd, 2001, 10:49 PM
|
|||
|
|||
|
>> because i wasn't sure because it didn't stop me from opening my passwd file
Because /etc/passwd should be world-readable, the shadow passord file must not. When you have suEXEC compiled in, that doesn't mean you have to implement it. All you need to do is not to specify a different user and group. However, if a vhost has suEXEC enabled, then you MUST enable suEXEC globally for all vhosts as well as your default host, for security reasons.
|
|
| Viewing: Dev Shed Forums > System Administration > Apache Development > Problems with recompiling Apache |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
