Results 1 to 10 of 10

Thread: suexec and apache

  1. #1
    Senior Member
    Join Date
    Jun 2004
    Posts
    460

    suexec and apache

    Greetings,

    i have been trying to get suexec to work with apache, however no matter what i try, i cannot get it to compile correctly.

    here is my config

    ./configure --prefix=/usr/local/apache --enable-suexec --layout --suexec-uidmin=100
    Configuring for Apache, Version 1.3.31
    + using installation path layout: Apache (config.layout)

    Installation paths:
    prefix: /usr/local/apache
    exec_prefix: /usr/local/apache
    bindir: /usr/local/apache/bin
    sbindir: /usr/local/apache/bin
    libexecdir: /usr/local/apache/libexec
    mandir: /usr/local/apache/man
    sysconfdir: /usr/local/apache/conf
    datadir: /usr/local/apache
    iconsdir: /usr/local/apache/icons
    htdocsdir: /usr/local/apache/htdocs
    manualdir: /usr/local/apache/htdocs/manual
    cgidir: /usr/local/apache/cgi-bin
    includedir: /usr/local/apache/include
    localstatedir: /usr/local/apache
    runtimedir: /usr/local/apache/logs
    logfiledir: /usr/local/apache/logs
    proxycachedir: /usr/local/apache/proxy

    Compilation paths:
    HTTPD_ROOT: /usr/local/apache
    SHARED_CORE_DIR: /usr/local/apache/libexec
    DEFAULT_PIDLOG: logs/httpd.pid
    DEFAULT_SCOREBOARD: logs/httpd.scoreboard
    DEFAULT_LOCKFILE: logs/httpd.lock
    DEFAULT_ERRORLOG: logs/error_log
    TYPES_CONFIG_FILE: conf/mime.types
    SERVER_CONFIG_FILE: conf/httpd.conf
    ACCESS_CONFIG_FILE: conf/access.conf
    RESOURCE_CONFIG_FILE: conf/srm.conf

    suEXEC setup:
    suexec binary: /usr/local/apache/bin/suexec
    document root: /usr/local/apache/htdocs
    userdir suffix: public_html
    logfile: /usr/local/apache/logs/suexec_log
    safe path: /usr/local/bin:/usr/bin:/bin
    caller ID: www
    minimum user ID: 100
    minimum group ID: 100
    umask: running server's

    here is my bin directory:

    /usr/local/apache/bin# ls
    ab apxs dbmmanage htpasswd logresolve suexec
    apachectl checkgid htdigest httpd rotatelogs

    here is the message i get when i start apache:

    apachectl start
    /usr/sbin/apachectl start: httpd started



    does anyone have ANY ideas on what i might be able to try??

    thanks
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Hi, where does it poop on compile?

  3. #3
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    it seems to compile fine, it is just not taking the suexec module -- if you want, i can post the compile log also.
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255

    Re: suexec and apache

    Originally posted here by djscribble
    ./configure --prefix=/usr/local/apache --enable-suexec --layout --suexec-uidmin=100
    http://httpd.apache.org/docs/suexec.html:
    Documentation exists for a reason, ya know.

    EDIT: Btw, my bad about my OP, I looked at the apache2 stuff, your config line is good for apache 1.3. Still, I think the docs bear checking out, mostly because of this:
    Upon startup of Apache, it looks for the file "suexec" in the "sbin" directory (default is "/usr/local/apache/sbin/suexec"). If Apache finds a properly configured suEXEC wrapper, it will print the following message to the error log:

    [notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #5
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    i double checked the sbin directory and here is what is in there (i had read and re-read that documentation last night):

    /usr/local/apache/sbin# ls
    ab apxs dbmmanage htpasswd logresolve suexec
    apachectl checkgid htdigest httpd rotatelogs

    as per that doc, here is my httpd.h file (the part that has to deal with suexec)

    [--snip--]
    /* The path to the suExec wrapper, can be overridden in Configuration */
    #ifndef SUEXEC_BIN
    #define SUEXEC_BIN HTTPD_ROOT "/bin/suexec"
    #endif
    [--snip--]

    also, here is what is in my /bin:
    /bin# ls
    arch date ftp ls red tar-1.13
    awk dd gawk lsmod rm tar-1.14
    bash df gawk-3.1.3 lsmod.old rmdir tcsh
    bunzip2 dialog getopt mkdir sed telnet
    bzcat dircolors getoptprog mkfifo setterm touch
    bzip2 dmesg grep mknod sh true
    bzip2recover dnsdomainname gunzip more shred umount
    cat domainname gzip mount sleep uname
    chgrp du head mv sln which
    chmod echo hostname netstat stty ypdomainname
    chown ed ipmask nisdomainname su zcat
    compress egrep kill ping suexec
    cp false killall ping6 sulogin
    csh fgrep ln ps sync
    cut free login pwd tar
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by djscribble
    i double checked the sbin directory and here is what is in there (i had read and re-read that documentation last night):

    /usr/local/apache/sbin# ls
    ab apxs dbmmanage htpasswd logresolve suexec
    apachectl checkgid htdigest httpd rotatelogs
    Yes, but is your suexec binary setuid? chmod +s suexec if not.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  7. #7
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    tried that -- still no dice...

    -rwsr-sr-x 1 nobody nobody 10372 2004-10-16 10:55 suexec

    i have also tried it with the owner as root/root


    it is like that for /bin /usr/local/apache/bin and /usr/local/apache/sbin

    i have also tried recompiling so that the path in the httpd.h is the same as the path in the suexec.h

    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    It HAS to be setuid root to work, so fix that first. Second, I'd suggest checking your apache logs after starting to see if it mentions the line I mentioned before (the quoted from httpd.apache.org bit).
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  9. #9
    Junior Member
    Join Date
    Oct 2004
    Posts
    1
    Is it throwing an error somewhere? Did you test to see if it was working?

  10. #10
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    no, it is not posting an error, i changed it back to root, and i found that it is working, however, it is not posting the message saying that it has started...

    here is the solution:
    i recompiled so that the path in the httpd.h is the same as the path in the suexec.h

    thank you all for the help
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •