PROBLEM DESCRIPTION
suEXEC is misconfigured on Mandrake 8.1. I believe the problem needs to be fixed at compile-time. Furthermore, it dies in such a way as to be VERY misleading. To repro, do this: 1. Add an "ExecCGI" option to the /~userdir/ directory in your Apache config file. For Mandrake 8.1, have it look like the following in "/etc/httpd/conf/commonhttpd.conf" <Directory /home/*/public_html> AllowOverride All Options MultiViews Indexes Includes FollowSymLinks ExecCGI Order allow,deny Allow from all </Directory> Notice I've added "ExecCGI" to the Options line, so that I don't need put my CGI programs into a $HOME/public_html/cgi-bin/ directory. I can just name my CGI programs 'filename.cgi'. 2. Create a simple CGI program in your ~/public_html/ [dereks@dev public_html]$ cd ~/public_html ; cat ./foo.cgi #!/usr/bin/env python import sys sys.stderr = sys.stdout print "Content-Type: text/html\r\n\r\n" print "<html><body>WTF</body></html>" [dereks@dev public_html]$ ./foo.cgi Content-Type: text/html <html><body>WTF</body></html> [dereks@dev public_html]$ Note that (a) the CGI program prints the correct header and newlines, and (b) that it executes from the commandline as user "dereks" AND as user "apache" (although that's not shown above). 3. Now visit your CGI program and watch it fail: Hit http://dev/~dereks/foo.cgi and get ----------------------------------------------------- Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Apache-AdvancedExtranetServer/1.3.20 Server at dev.xxx.com Port 80 ----------------------------------------------------- ...and then look at your error_log and see this: [root@dev public_html]# tail -n 1 /var/log/httpd/error_log [Mon Jan 21 14:50:57 2002] [error] [client 192.168.0.187] Premature end of script headers: /home/dereks/public_html/foo.cgi This is VERY disturbing because my script headers are FINE! If I were somebody new to CGI programming, who did not have the confidence to KNOW that my script is correct, I could waste a TON of time trying to figure out what the problem is. In fact, it is a misconfiguration in suEXEC. I noticed this in the Apache FAQ: ------------------------------------------------------ * What does it mean when my CGIs fail with "Premature end of script headers"? [content deleted...] In addition, a configuration problem in suEXEC, mod_perl, or another third party module can often interfere with the execution of your CGI and cause the "premature end of script headers" message. ------------------------------------------------------ Unfortunately, the fscking FAQ doesn't say WHAT configuration problem in suEXEC could cause this error message. WORKAROUND Disabling suEXEC fixes the problem. suEXEC can be disabled by simply renaming the suexec binary and restarting Apache: [root@dev public_html]# mv /usr/sbin/suexec /usr/sbin/suexec-DIST [root@dev public_html]# service httpd restart Shutting down httpd-perl: [ OK ] Shutting down httpd: [ OK ] Starting httpd-perl: [ OK ] Starting httpd: [ OK ] Also, I found the following in the suEXEC documentation: ------------------------------------------ APACI's suEXEC configuration options [content deleted...] --suexec-userdir=DIR Define to be the subdirectory under users' home directories where suEXEC access should be allowed. All executables under this directory will be executable by suEXEC as the user so they should be "safe" programs. If you are using a "simple" UserDir directive (ie. one without a "*" in it) this should be set to the same value. suEXEC will not work properly in cases where the UserDir directive points to a location that is not the same as the user's home directory as referenced in the passwd file. Default value is "public_html". If you have virtual hosts with a different UserDir for each, you will need to define them to all reside in one parent directory; then name that parent directory here. If this is not defined properly, "~userdir" cgi requests will not work! ------------------------------------------ I don't know what they mean by "you will need to define them to all reside in one parent directory". Also, I don't know if the problem is that, or if it is simply not defined properly at compile-time (thus breaking the RPM binary). ADDITIONAL SYSTEM INFO: [dereks@dev dereks]$ cat /etc/mandrake-release Mandrake Linux release 8.1 (Vitamin) for i586 [dereks@dev dereks]$ rpm -q apache apache-1.3.20-3mdk [dereks@dev dereks]$ rpm -q -f /usr/sbin/suexec apache-suexec-1.3.20-3mdk