-
October 16th, 2004, 03:15 AM
#1
suexec and apache
Greetings,
i have been trying to get suexec to work with apache, however no matter what i try, i cannot get it to compile correctly.
here is my config
./configure --prefix=/usr/local/apache --enable-suexec --layout --suexec-uidmin=100
Configuring for Apache, Version 1.3.31
+ using installation path layout: Apache (config.layout)
Installation paths:
prefix: /usr/local/apache
exec_prefix: /usr/local/apache
bindir: /usr/local/apache/bin
sbindir: /usr/local/apache/bin
libexecdir: /usr/local/apache/libexec
mandir: /usr/local/apache/man
sysconfdir: /usr/local/apache/conf
datadir: /usr/local/apache
iconsdir: /usr/local/apache/icons
htdocsdir: /usr/local/apache/htdocs
manualdir: /usr/local/apache/htdocs/manual
cgidir: /usr/local/apache/cgi-bin
includedir: /usr/local/apache/include
localstatedir: /usr/local/apache
runtimedir: /usr/local/apache/logs
logfiledir: /usr/local/apache/logs
proxycachedir: /usr/local/apache/proxy
Compilation paths:
HTTPD_ROOT: /usr/local/apache
SHARED_CORE_DIR: /usr/local/apache/libexec
DEFAULT_PIDLOG: logs/httpd.pid
DEFAULT_SCOREBOARD: logs/httpd.scoreboard
DEFAULT_LOCKFILE: logs/httpd.lock
DEFAULT_ERRORLOG: logs/error_log
TYPES_CONFIG_FILE: conf/mime.types
SERVER_CONFIG_FILE: conf/httpd.conf
ACCESS_CONFIG_FILE: conf/access.conf
RESOURCE_CONFIG_FILE: conf/srm.conf
suEXEC setup:
suexec binary: /usr/local/apache/bin/suexec
document root: /usr/local/apache/htdocs
userdir suffix: public_html
logfile: /usr/local/apache/logs/suexec_log
safe path: /usr/local/bin:/usr/bin:/bin
caller ID: www
minimum user ID: 100
minimum group ID: 100
umask: running server's
here is my bin directory:
/usr/local/apache/bin# ls
ab apxs dbmmanage htpasswd logresolve suexec
apachectl checkgid htdigest httpd rotatelogs
here is the message i get when i start apache:
apachectl start
/usr/sbin/apachectl start: httpd started
does anyone have ANY ideas on what i might be able to try??
thanks
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
October 16th, 2004, 05:31 AM
#2
Hi, where does it poop on compile?
-
October 16th, 2004, 04:20 PM
#3
it seems to compile fine, it is just not taking the suexec module -- if you want, i can post the compile log also.
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
October 16th, 2004, 04:31 PM
#4
Re: suexec and apache
Originally posted here by djscribble
./configure --prefix=/usr/local/apache --enable-suexec --layout --suexec-uidmin=100
http://httpd.apache.org/docs/suexec.html:
Documentation exists for a reason, ya know.
EDIT: Btw, my bad about my OP, I looked at the apache2 stuff, your config line is good for apache 1.3. Still, I think the docs bear checking out, mostly because of this:
Upon startup of Apache, it looks for the file "suexec" in the "sbin" directory (default is "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured suEXEC wrapper, it will print the following message to the error log:
[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
October 16th, 2004, 04:52 PM
#5
i double checked the sbin directory and here is what is in there (i had read and re-read that documentation last night):
/usr/local/apache/sbin# ls
ab apxs dbmmanage htpasswd logresolve suexec
apachectl checkgid htdigest httpd rotatelogs
as per that doc, here is my httpd.h file (the part that has to deal with suexec)
[--snip--]
/* The path to the suExec wrapper, can be overridden in Configuration */
#ifndef SUEXEC_BIN
#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec"
#endif
[--snip--]
also, here is what is in my /bin:
/bin# ls
arch date ftp ls red tar-1.13
awk dd gawk lsmod rm tar-1.14
bash df gawk-3.1.3 lsmod.old rmdir tcsh
bunzip2 dialog getopt mkdir sed telnet
bzcat dircolors getoptprog mkfifo setterm touch
bzip2 dmesg grep mknod sh true
bzip2recover dnsdomainname gunzip more shred umount
cat domainname gzip mount sleep uname
chgrp du head mv sln which
chmod echo hostname netstat stty ypdomainname
chown ed ipmask nisdomainname su zcat
compress egrep kill ping suexec
cp false killall ping6 sulogin
csh fgrep ln ps sync
cut free login pwd tar
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
October 16th, 2004, 05:11 PM
#6
Originally posted here by djscribble
i double checked the sbin directory and here is what is in there (i had read and re-read that documentation last night):
/usr/local/apache/sbin# ls
ab apxs dbmmanage htpasswd logresolve suexec
apachectl checkgid htdigest httpd rotatelogs
Yes, but is your suexec binary setuid? chmod +s suexec if not.
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
October 16th, 2004, 06:06 PM
#7
tried that -- still no dice...
-rwsr-sr-x 1 nobody nobody 10372 2004-10-16 10:55 suexec
i have also tried it with the owner as root/root
it is like that for /bin /usr/local/apache/bin and /usr/local/apache/sbin
i have also tried recompiling so that the path in the httpd.h is the same as the path in the suexec.h
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
October 16th, 2004, 08:02 PM
#8
It HAS to be setuid root to work, so fix that first. Second, I'd suggest checking your apache logs after starting to see if it mentions the line I mentioned before (the quoted from httpd.apache.org bit).
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
-
October 16th, 2004, 08:02 PM
#9
Junior Member
Is it throwing an error somewhere? Did you test to see if it was working?
-
October 17th, 2004, 01:00 AM
#10
no, it is not posting an error, i changed it back to root, and i found that it is working, however, it is not posting the message saying that it has started...
here is the solution:
i recompiled so that the path in the httpd.h is the same as the path in the suexec.h
thank you all for the help
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|