DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-11-04 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|RESOLVED|CLOSED

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-11-02 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36

[EMAIL PROTECTED] changed:

   What|Removed |Added

 Status|ASSIGNED|RESOLVED
 Resolution||INVALID



--- Additional Comments From [EMAIL PROTECTED]  2002-11-02 20:18 ---
[This is a mass bug update.] [Resolve-20021102]
No response from submitter; assuming issue is resolved.
If the problem still exists in the lastest version,
please reopen this report and update appropriately.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-10-17 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-10-17 02:34 ---
[This is a mass bug update.]
This bug reports a problem in an older version of Apache 2.
Could you please update to the most recent version and see
if you can reproduce this problem.  If the bug still exists,
please update the bug with the latest version number.  If 
the bug no longer exists, please close the bug report.

Sorry for this impersonal response, but we get many more bug
reports than our volunteers can keep up with.
Thanks for using Apache!

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-07-21 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-07-21 08:07 ---
I've got the same behavior as Alex, but my error log contains the following 
line:

[Sun Jul 21 02:02:44 2002] [notice] suEXEC mechanism enabled 
(wrapper: /usr/local/apache2/bin/suexec)

Which is exactly where the suexec binary is located with permissions and 
ownership set to:

-rwsr-xr-x1 root root61091 Jul 21 00:46 suexec*

I'm using the source dist httpd-2.0.39.tar.gz. Without modifying any file 
inside the tarball, I use the following configure command, as per the --help
 from the configure script, INSTALL doc, and various Apache 2 docs including 
http://httpd.apache.org/docs-2.0/suexec.html:

./configure\
 --enable-auth-dbm=shared\
 --enable-cern-meta=shared\
 --enable-deflate=shared\
 --enable-expires\
 --enable-ext-filter=shared\
 --enable-headers\
 --enable-mime-magic=shared\
 --enable-rewrite=shared\
 --enable-so\
 --enable-ssl\
 --enable-suexec=shared\
 --enable-unique-id\
 --enable-vhost-alias=shared\
 --with-suexec-caller=webuser\
 --with-suexec-docroot=/usr/local/apache2/htdocs\
 --with-suexec-logfile=/usr/local/apache2/logs/suexec_log

BTW, I get the same results whether the suexec mod is shared or static. I've 
commented the LoadModule for all the extension and experimental shared modules 
in httpd.conf, except for suexec. I've tried to force the suexec to fail by 
calling it directly on the command line and found that it couldn't write to 
it's log file. (An error would appear on STDERR.) That's why I've explicitly 
specified the --with-suexec-logfile parameter, which I've set to the default 
according to the suexec.html doc. Now the suexec_log file contains the 
following, when I try calling suexec from command line:

[2002-07-21 02:30:36]: too few arguments

I'm attempting to run a script from a user directory, my own, but it's being 
executed, properly I might add, as though no suexec were running. I've tried 
changing the permissions on the script to violate the suexec rules, but no 
output is every written to the suexec_log. My suexec module is the only one 
that's being loaded in the httpd.conf:

#LoadModule auth_dbm_module modules/mod_auth_dbm.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule suexec_module modules/mod_suexec.so

And I've confirmed that when I start the server with the LoadModule uncommented 
the suexec mech enabled appears and if it's commented, it doesn't appear.

When I run my CGI from the cgi-bin dir (http://pinky/~sean/cgi-bin/env), which 
is ScriptAliasMatch(ed) so I don't need extensions for cgi, I get the following 
abbreviated results:

env stuff
-
uid=666(www) gid=666(www) groups=666(www)  COMMENT: id command
wwwCOMMENT: whoami command

Running the strings command on httpd grepping on suexec, I get quite a few 
results, hooks mainly; however, the following would indicate that the server 
knows where to reach the suexec binary:

 -D SUEXEC_BIN=/usr/local/apache2/bin/suexec
/usr/local/apache2/bin/suexec

The one peculiar item that I've noticed when reading one comment was that the 
suexec mod appeared with the httpd -l command, as mod_suexec.so, but my list 
looks as follows:

[EMAIL PROTECTED] ../bin/httpd -l
Compiled in modules:
  core.c
  mod_access.c
  mod_auth.c
  mod_include.c
  mod_log_config.c
  mod_env.c
  mod_expires.c
  mod_headers.c
  mod_unique_id.c
  mod_setenvif.c
  mod_ssl.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_cgi.c
  mod_negotiation.c
  mod_dir.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_so.c

Hopefully, this might be a clue to solving the problem. The module seemed to be 
include in the configure and make of the build process, and as I've already 
mentioned, things are being installed where they belong, namely suexec binary, 
and the server's config had a LoadModule directive for it without my assistance.

That's all I could think to include in this plea for help. If more info is 
needed, I'd be glad to fork it over. I'm uploading files through CGI (to my 
giant storage area) and I really need suid functionality to save them as myself 
rather than the web user; otherwise, where else would all my junk go?

-
To

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-07-21 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-07-21 10:16 ---
Sorry, in my previous comment where I've included my configure parameters, I 
used an older version, so it says webuser for the suexec caller, but it's 
properly set to www. The problem still exists. Here's what it should look 
like:

./configure\
 --enable-auth-dbm=shared\
 --enable-cern-meta=shared\
 --enable-deflate=shared\
 --enable-expires\
 --enable-ext-filter=shared\
 --enable-headers\
 --enable-mime-magic=shared\
 --enable-rewrite=shared\
 --enable-so\
 --enable-ssl\
 --enable-suexec=shared\
 --enable-unique-id\
 --enable-vhost-alias=shared\
 --with-suexec-caller=www\
 --with-suexec-docroot=/usr/local/apache2/htdocs\
 --with-suexec-logfile=/usr/local/apache2/logs/suexec_log

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-26 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-26 00:06 ---
Changing the SuexecUserGroup Directive to be an AP_INIT_TAKE12 and
handling smethingn like SuexecUserGroup off in directory contexts would 
probably need to be a neccessity for that aswell.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-25 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-25 07:55 ---
Yes. If we could use SuexecUserGroup directives in Directory directives,
SuexecUserGroup should have priority over userdir. But now, SuexecUserGroup
is not allowed in Directory. Can this limitation be modified as below?

--- httpd-2.0.36/modules/mappers/mod_userdir.c.org  Mon Apr 29 16:45:43 2002
+++ httpd-2.0.36/modules/mappers/mod_userdir.c  Sat May 25 13:30:00 2002
@@ -393,10 +393,13 @@
 static void register_hooks(apr_pool_t *p)
 {
 static const char * const aszSucc[]={ mod_alias.c,NULL };
+#ifdef HAVE_UNIX_SUEXEC
+static const char * const suexPre[]={ mod_suexec.c,NULL };
+#endif
 
 ap_hook_translate_name(translate_userdir,NULL,aszSucc,APR_HOOK_MIDDLE);
 #ifdef HAVE_UNIX_SUEXEC
-ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
+
ap_hook_get_suexec_identity(get_suexec_id_doer,suexPre,NULL,APR_HOOK_MIDDLE);
 #endif
 }
 
--- httpd-2.0.36/modules/generators/mod_suexec.c.orgThu Apr 25 16:18:39 2002
+++ httpd-2.0.36/modules/generators/mod_suexec.cSat May 25 13:56:59 2002
@@ -102,7 +102,7 @@
const char *uid, const char *gid)
 {
 suexec_config_t *cfg = (suexec_config_t *) mconfig;
-const char *err = ap_check_cmd_context(cmd, 
NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT);
+const char *err = ap_check_cmd_context(cmd, 
NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_LIMIT);
 
 if (err != NULL) {
 return err;
@@ -157,14 +157,16 @@
 {
 /* XXX - Another important reason not to allow this in .htaccess is that
  * the ap_[ug]name2id() is not thread-safe */
-AP_INIT_TAKE2(SuexecUserGroup, set_suexec_ugid, NULL, RSRC_CONF,
+AP_INIT_TAKE2(SuexecUserGroup, set_suexec_ugid, NULL, ACCESS_CONF,
   User and group for spawned processes),
 { NULL }
 };
 
 static void suexec_hooks(apr_pool_t *p)
 {
-ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
+static const char * const suexSucc[]={ mod_userdir.c,NULL };
+
+
ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,suexSucc,APR_HOOK_MIDDLE);
 ap_hook_post_config(suexec_post_config,NULL,NULL,APR_HOOK_MIDDLE);
 }

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-24 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-24 14:54 ---
How about to define mod_suexec/mod_userdir hook order as below:
(This will ensure suexec+userdir would work fine,
 regardless of definition of SuexecUserGroup directives.)

--- httpd-2.0.36/modules/mappers/mod_userdir.c.org  Mon Apr 29 16:45:43 2002
+++ httpd-2.0.36/modules/mappers/mod_userdir.c  Thu May 23 22:32:50 2002
@@ -393,10 +393,13 @@
 static void register_hooks(apr_pool_t *p)
 {
 static const char * const aszSucc[]={ mod_alias.c,NULL };
+#ifdef HAVE_UNIX_SUEXEC
+static const char * const suexSucc[]={ mod_suexec.c,NULL };
+#endif
 
 ap_hook_translate_name(translate_userdir,NULL,aszSucc,APR_HOOK_MIDDLE);
 #ifdef HAVE_UNIX_SUEXEC
-ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
+
ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,suexSucc,APR_HOOK_MIDDLE);
 #endif
 }
 
--- httpd-2.0.36/modules/generators/mod_suexec.c.orgThu Apr 25 16:18:39 2002
+++ httpd-2.0.36/modules/generators/mod_suexec.cFri May 24 22:15:49 2002
@@ -164,7 +164,9 @@
 
 static void suexec_hooks(apr_pool_t *p)
 {
-ap_hook_get_suexec_identity(get_suexec_id_doer,NULL,NULL,APR_HOOK_MIDDLE);
+static const char * const suexPre[]={ mod_userdir.c,NULL };
+
+
ap_hook_get_suexec_identity(get_suexec_id_doer,suexPre,NULL,APR_HOOK_MIDDLE);
 ap_hook_post_config(suexec_post_config,NULL,NULL,APR_HOOK_MIDDLE);
 }

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-24 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-24 15:00 ---
Specifying the order is a good idea ... but shouldnt be the other
way around ? .. ie, if the site admin wants to be able to force a particular
user directory to be a different UserGroup ID shouldnt they be able to ?

All they need do is make sure user directories are within the suexec 
docroot .. which is easily done.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-22 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-22 19:51 ---
To answer your question, I'm not using SuexecUserGroup directives.

As you suggested, I recompiled apache after having removed cgid from
the list of shared modules. cgi scripts via suexec now work as
expected for the ~devil account that I've cited several times in our
correspondence; so thank you very much for your assistance.

I want you to know that the freebsd apache2 port sets the following
default shared modules:
   all cgid case_filter case_filter_in \
   ext_filter charset_lite deflate bucketeer

I don't know what 'all', 'case_filter', and 'case_filter_in' are.
If 'all' means all modules, then it wouldn't make sense to explicitly
indicate the other few modules.  Clarification here would be nice.
Secondly, typing 'case_filter' into the search text box at
http://httpd.apache.org/docs-2.0/ produced nothing suggesting a module of
that name.  Can anyone explain what 'case_filter' and 'case_filter_in' are
for ?

And do you think that the freebsd porters should be made aware of the
conflict between cgid and suexec ?  It may save people a lot of debugging
time if the freebsd porters changed the default module from cgid to cgi.
If you think this would be a good idea, then please let me know and i'll
send them a note.

Lastly, I just want to know if the issues surfaced during this discussion
will be taken care of by someone.  To relieve you the pain of tracing them,
I'm listing them now:

2002-05-17 15:41 / 15:55 (Aaron Bannert) document --with-suexec-bin option
2002-05-17 15:58 (Joshua Slive) don't report suexec enabled unless can execute
2002-05-22 09:24 (Colm) document loading of mod_suexec

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-17 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-17 15:41 ---
Hello.  The problem has been somewhat resolved.  TERAMOTO Masahiro from
the FreeBSD bugs list pointed out that the suexec wrapper is installed as
/usr/local/sbin/suexec, meanwhile, mod_suexec.c assumes this wrapper is
installed as /usr/local/bin/suexec.  Now, I already knew that as a result
of some debugging prior to sending the original report, and this is why
I used the undocumented configuration option --with-suexec-bin.

But unfortunately, I had set it to /usr/local/sbin, as opposed to the
full path /usr/local/sbin/suexec.  I have now installed apache again,
using --with-suexec-bin=/usr/local/sbin/suexec and suexec is called
upon the request of a cgi script in a userdir.

However now suexec complains
command not in docroot (/usr/tmp/home/devil/public_html/cgi-bin/test.cgi).
I will try to figure this out on my own, and if I can't then I'll get back to
you.. so please don't close this bug just yet.

Also, as a side note, it would be worthwhile to document --with-suexec-bin
at http://httpd.apache.org/docs-2.0/suexec.html and stress that it requires
the full path to the binary, not just to the directory where it sits.

Finaly, a note about the fact that FreeBSD's port of apache installs suexec
in an unexpected location may be worth documenting as well.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-17 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36

[EMAIL PROTECTED] changed:

   What|Removed |Added

 CC||bugs@httpd.apache.org
 Status|NEW |ASSIGNED



--- Additional Comments From [EMAIL PROTECTED]  2002-05-17 15:55 ---
I added these configure flags, so I'll document them. Sorry for the confusion.
Here's the summary:

The suexec binary must live at an absolute path, as must the docroot under
which all suexec scripts must reside. Hard-wiring these into the suexec
binary is a security precaution. These flags simply let you override
the defaults.


No hard feelings if another more word-smithy person beats me to documenting
these features. :)

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-17 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-17 15:58 ---
Also note the message reported earlier:
[notice] suEXEC mechanism enabled (wrapper: /usr/local/sbin)

This is clearly bogus.  We shouldn't be reporting suexec enabled unless
we can execute a proper suexec binary.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-17 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-17 21:03 ---
I've added the following line to suexec.c:
log_err(arg1: %s, arg2: %s, arg3: %s\n, argv[1], argv[2], argv[3]);

I get the following error from httpd-error.log:
[Fri May 17 15:58:48 2002] [error] [client 132.206.2.99] Premature end of script
headers: /usr/tmp/home/devil/public_html/cgi-bin/test.cgi, referer:
http://web/~devil/cgi-bin/

I get the following error from httpd-suexec.log:
[2002-05-17 16:05:51]: arg1: 666, arg2: 666, arg3: test.cgi
[2002-05-17 15:58:48]: uid: (666/devil) gid: (666/666) cmd: test.cgi
[2002-05-17 15:58:48]: command not in docroot
(/usr/tmp/home/devil/public_html/cgi-bin/test.cgi)


Are the arguments being passed correct ?
It's clear to see that ~ is nolonger part of the uid.  The cgi script
works if I add the ~ manually by hardcoding it into the code with the
following line, just before the check to see if it is a ~userdir request.
target_uname=~666;


Something must be wrong in a place out of my jurisdiction.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-15 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-15 17:19 ---
You know that suexec does not affect the main server, only virtual hosts
and user directories, right?

Are you using the new SuexecUserGroup directive in your virtual hosts?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-15 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-15 19:50 ---
To answer your question, I know that suexec only affects virtual hosts
and user directories.

In my case, I want suexec to work in user directories, so I enabled
cgi explicitly with Options ExecCGI.

I'm not using virtual hosts; and I don't really understand the
purpose of the directive SuexecUserGroup.  Why specify a user and group
for cgi programs to run as, when the point of suexec, from what i've read
is to run cgi programs as their respective owners ?  I hope my lack of
understanding this point won't hinder you from investigating the problem.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

DO NOT REPLY [Bug 9038] - suexec is NOT being called by Apache 2.0.36

2002-05-15 Thread bugzilla 
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=9038

suexec is NOT being called by Apache 2.0.36





--- Additional Comments From [EMAIL PROTECTED]  2002-05-15 20:13 ---
To confirm, yes I am using a ~user type request, namely
http://web/~devil/cgi-bin/test.cgi
and getting the following error in httpd-error:
Premature end of script headers:
/usr/tmp/home/devil/public_html/cgi-bin/test.cgi

Which seems good - at least it's NOT an error of the form
Options ExecCGI is off in this directory.

Here's the related user directory configuration:

Directory ~ ^/(u[0-9]+|course|home|usr)/.*/public_html
Options ExecCGI FollowSymLinks IncludesNoExec Indexes
AllowOverride All
Order allow,deny
Allow from all
XBitHack on
/Directory

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]