Apache and suexec issue that wont let me run my python script

2013-05-31 Thread Νικόλαος Κούρας 
I have asked this in alt.apache.configuration but received no response at all, 
so i was thinking of you guys as a last resort to this.
Sorry about that but koukos.py need to set a cookies that other scripts depend 
upon for identification. 'python3 koukos.py' runs properly.

chown nikos:nikos koukos.py
chmod 755 koukos.py 

are all in place.


i want to run a python script 4 days now and i receive this message: 

[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] suexec failure: could 
not open log file 
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] fopen: Permission 
denied 
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] Premature end of script 
headers: koukos.py 
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] File does not exist: 
/home/nikos/public_html/500.shtml 

when i tail -F /usr/local/apache/logs/error_log & 

What this error means?

It appears that the effective user of the script does not have permission to 
open the log file 
that the suexec call requires. 
- fopen reported "permission denied", presumably on the logfile 
- suexec, receiving the fopen "permission denied" error, reported "could not 
open log file" 

These errors, in turn, seem to have prematurely terminated the script headers 
that i use in
koukos.py script, causing the koukos.py script to fail. This caused apache to 
report (with a generic 
and inappropriate error message) that the shtml file that invokes the script 
failed. 


[code]
root@nikos [/home/nikos/www/cgi-bin]# chmod g+w 
/usr/local/apache/logs/suexec_log
root@nikos [/home/nikos/www/cgi-bin]# ls -al /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 506823 Jun 1 02:55 /usr/local/apache/logs/suexec_log
[/code]

[code]
root@nikos [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log
[/code]


and still iam receiving the same error.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-03 Thread Anssi Saari 
Νικόλαος Κούρας  writes:

> [code]
> root@nikos [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
> root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
> -rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log
> [/code]
>
>
> and still iam receiving the same error.

What did you hope to accomplish with this second chmod? Nobody is in the
root group except root. I hope. My guess based on very minimal Googling
on the topic is you should change the group of /var/log/httpd/suexec.log
to apache. 

Then again, I have no idea why you have both
/usr/local/apache/logs/suexec_log and /var/log/httpd/suexec.log, but the
former apparently has some data in it and the latter does not so
changing permissions on /var/log/httpd/suexec.log may not help...

Oh, apparently suexec prints its config if you run suexec -V, so include
that output if you still have problems.
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-03 Thread Carlos Nepomuceno 

> From: a...@sci.fi
> Subject: Re: Apache and suexec issue that wont let me run my python script
> Date: Mon, 3 Jun 2013 18:20:00 +0300
> To: python-list@python.org
>
> Νικόλαος Κούρας  writes:
>
>> [code]
>> root@nikos [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
>> root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
>> -rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log
>> [/code]
>>
>>
>> and still iam receiving the same error.
>
> What did you hope to accomplish with this second chmod? Nobody is in the
> root group except root. I hope. My guess based on very minimal Googling
> on the topic is you should change the group of /var/log/httpd/suexec.log
> to apache.
>
> Then again, I have no idea why you have both
> /usr/local/apache/logs/suexec_log and /var/log/httpd/suexec.log, but the
> former apparently has some data in it and the latter does not so
> changing permissions on /var/log/httpd/suexec.log may not help...

'/var/log/httpd' is the default place for the Red Hat and CentOS installation 
of httpd.

'/usr/local/apache/logs' is the default directory of the Apache httpd 
installation.

httpd has probably been upgraded by 'make install'.

> Oh, apparently suexec prints its config if you run suexec -V, so include
> that output if you still have problems.
> --
> http://mail.python.org/mailman/listinfo/python-list   
>   
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-03 Thread Michael Torrie 
On 06/03/2013 04:13 PM, Carlos Nepomuceno wrote:
> '/var/log/httpd' is the default place for the Red Hat and CentOS installation 
> of httpd.
> 
> '/usr/local/apache/logs' is the default directory of the Apache httpd 
> installation.
> 
> httpd has probably been upgraded by 'make install'.

Oh wow.  What a mess.  I think Nick needs to read a good book on Red Hat
EL system administration.  Think he needs to start over with a fresh
install of CentOS and only install software that comes from a repo using
yum until he learns what he's doing.
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-03 Thread Carlos Nepomuceno 

> Date: Mon, 3 Jun 2013 17:23:16 -0600
> From: torr...@gmail.com
> To: python-list@python.org
> Subject: Re: Apache and suexec issue that wont let me run my python script
>
> On 06/03/2013 04:13 PM, Carlos Nepomuceno wrote:
>> '/var/log/httpd' is the default place for the Red Hat and CentOS 
>> installation of httpd.
>>
>> '/usr/local/apache/logs' is the default directory of the Apache httpd 
>> installation.
>>
>> httpd has probably been upgraded by 'make install'.
>
> Oh wow. What a mess. I think Nick needs to read a good book on Red Hat
> EL system administration. Think he needs to start over with a fresh
> install of CentOS and only install software that comes from a repo using
> yum until he learns what he's doing.
> --
> http://mail.python.org/mailman/listinfo/python-list

I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a few 
tweaks that I don't remember though.

If you don't have any previous experience with Apache httpd settings I wouldn't 
try that on a production server.  
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-03 Thread Michael Torrie 
On 06/03/2013 05:33 PM, Carlos Nepomuceno wrote:
> I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a
> few tweaks that I don't remember though.
> 
> If you don't have any previous experience with Apache httpd settings
> I wouldn't try that on a production server.

Precisely.  Given his experience levels, installing httpd from source is
recipe for disaster.  He's now going to have to track security flaw
reports manually, try to figure out which ones apply to him, and keep
his apache up to date.  I can't think of anything he'd need in Apache
that's not in the CentOS packages.  I've sys-admined for years and I've
never ever needed an Apache outside out of the repos.  Sometimes I
needed other things I had to build from source, but never apache.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico 
On Tue, Jun 4, 2013 at 2:45 PM, Michael Torrie  wrote:
> On 06/03/2013 05:33 PM, Carlos Nepomuceno wrote:
>> I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a
>> few tweaks that I don't remember though.
>>
>> If you don't have any previous experience with Apache httpd settings
>> I wouldn't try that on a production server.
>
> Precisely.  Given his experience levels, installing httpd from source is
> recipe for disaster.  He's now going to have to track security flaw
> reports manually, try to figure out which ones apply to him, and keep
> his apache up to date.  I can't think of anything he'd need in Apache
> that's not in the CentOS packages.  I've sys-admined for years and I've
> never ever needed an Apache outside out of the repos.  Sometimes I
> needed other things I had to build from source, but never apache.

Agreed. I'm a Debian guy rather than Red Hat, and by comparison Debian
changes with every gust of wind, but the same applies. There's little
reason to build most things from source; take advantage of the massive
testing that's been done! Of course, there will be times when the
version in the repo is just too old, but that's never been the case
for me with Apache.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
I think i'll do a "chmod 666 /var/log/httpd/suexec.log" and see if the error 
goes away. 

I think what the problem is, i have the owner and group as root:root with 
read/write permissions, but apache is likely owned by something else 
(www:www or apache:webservd). 

So either i'll have to change the group ownership of the log file to the group 
apache is running as or change the log file to world read/write, which isn't 
safe since other people log into the box, but is generally harmless i think 
with log files. 

Checking the permissions of /var/log/httpd directory itself:

ni...@superhost.gr [~/www/cgi-bin]# ls -ld /var/log/httpd/
drwx-- 2 root root 4096 Jun  1 02:52 /var/log/httpd//

Is that a problem?

http != Apache ?

i'm still confused about what is:
'/var/log/httpd' and what is '/usr/local/Apache'

Is seems like this is the same service runnign twice under different names.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
I just tried out those:

root@nikos [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun  1 02:52 /var/log/httpd/suexec.log

root@nikos [~]# ls -l /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 532667 Jun  4 13:11 /usr/local/apache/logs/suexec_log

root@nikos [~]# chown root:apache /var/log/httpd/suexec.log

root@nikos [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root apache 0 Jun  1 02:52 /var/log/httpd/suexec.log

but i'm not usre if they solve the problem or why there are 2 suexec.log files.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Benjamin Schollnick 
On Jun 4, 2013, at 6:12 AM, Νικόλαος Κούρας  wrote:

> Checking the permissions of /var/log/httpd directory itself:
> 
> ni...@superhost.gr [~/www/cgi-bin]# ls -ld /var/log/httpd/
> drwx-- 2 root root 4096 Jun  1 02:52 /var/log/httpd//
> 
> Is that a problem?
> 
> http != Apache ?

Yes, httpd is Apache, or at least part of Apache.

> i'm still confused about what is:
> '/var/log/httpd' and what is '/usr/local/Apache'
> 
> Is seems like this is the same service runnign twice under different names.

Not really.  

Unix unlike some other OSes, separates your data from your applications.

That's one reason, when Apple designed Mac OS X, you can re-install Mac OS X 
over your current installation, and not lose any data.  Your user data is 
separate from the OS data.

The /Usr tree is considered read-only.  In theory nothing should write to that 
folder, unless you are installing Unix tools.  Please note, it's not read only 
in the OS, yes, it does require super user rights, but that tree is not read 
only.

The /Var tree is where the OS writes data to.  For example, Log files, 
temporary work files, etc.  

I hope this clears some of this up.

If I have made any mistakes here, please feel free to politely correct me |-)

- Benjamin

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log

root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rwxr-xr-x 1 root apache 0 Jun  1 02:52 /var/log/httpd/suexec.log*

root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /usr/local/apache/logs/error_log

root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root root 32414017 Jun  4 13:51 /usr/local/apache/logs/error_log*

root@nikos [/home/nikos/www/cgi-bin]# chown root:apache 
/usr/local/apache/logs/error_log
root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log

-rwxr-xr-x 1 root apache 32414017 Jun  4 13:51 /usr/local/apache/logs/error_log*
root@nikos [/home/nikos/www/cgi-bin]#


Now the error i get whn trying to run my scgi script via browser is

root@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] 
[client 46.12.95.59] suexec failure: could not open log file
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: 
/home/nikos/public_html/500.shtml


I just don't get it.
I chmod'ed
i chown'ed

Why still doesn't work?
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Carlos Nepomuceno 
send the output of the following command:

ps aux|grep httpd


> Date: Tue, 4 Jun 2013 03:56:19 -0700
> Subject: Re: Apache and suexec issue that wont let me run my python script
> From: nikos.gr...@gmail.com
> To: python-list@python.org
> 
> root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log
> 
> root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
> -rwxr-xr-x 1 root apache 0 Jun  1 02:52 /var/log/httpd/suexec.log*
> 
> root@nikos [/home/nikos/www/cgi-bin]# chmod 755 
> /usr/local/apache/logs/error_log
> 
> root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
> -rwxr-xr-x 1 root root 32414017 Jun  4 13:51 /usr/local/apache/logs/error_log*
> 
> root@nikos [/home/nikos/www/cgi-bin]# chown root:apache 
> /usr/local/apache/logs/error_log
> root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
> 
> -rwxr-xr-x 1 root apache 32414017 Jun  4 13:51 
> /usr/local/apache/logs/error_log*
> root@nikos [/home/nikos/www/cgi-bin]#
> 
> 
> Now the error i get whn trying to run my scgi script via browser is
> 
> root@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] 
> [client 46.12.95.59] suexec failure: could not open log file
> [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission 
> denied
> [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of 
> script headers: koukos.py
> [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: 
> /home/nikos/public_html/500.shtml
> 
> 
> I just don't get it.
> I chmod'ed
> i chown'ed
> 
> Why still doesn't work?
> -- 
> http://mail.python.org/mailman/listinfo/python-list
  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 2:04:36 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
> send the output of the following command: 
> ps aux|grep httpd

root@nikos [/home/nikos/www/data/apps]# ps aux | grep httpd
root 19194  0.0  0.2  74224  4440 ?Ss   Jul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
root 19201  0.0  0.1  74136  2576 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19202  0.0  0.2  74492  4320 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19203  0.0  0.2  74488  4304 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19204  0.0  0.2  74488  4352 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19205  0.0  0.2  74492  4336 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19206  0.0  0.2  74544  4328 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19215  0.0  0.2  74492  4300 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   20170  0.0  0.2  74356  4264 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
root 20860  0.0  0.0 103240   856 pts/2S+   Jul13   0:00 grep httpd
root@nikos [/home/nikos/www/data/apps]#
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Carlos Nepomuceno 
The httpd processes are run by user 'nobody'. You have to change your 
httpd.conf to assign the correct user or change the owner of the log file to 
nobody.

On httpd.conf look for the following directives:
User root
Group root


> Date: Tue, 4 Jun 2013 04:09:44 -0700
> Subject: Re: Apache and suexec issue that wont let me run my python script
> From: nikos.gr...@gmail.com
> To: python-list@python.org
> 
> Τη Τρίτη, 4 Ιουνίου 2013 2:04:36 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
> έγραψε:
> > send the output of the following command: 
> > ps aux|grep httpd
> 
> root@nikos [/home/nikos/www/data/apps]# ps aux | grep httpd
> root 19194  0.0  0.2  74224  4440 ?Ss   Jul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> root 19201  0.0  0.1  74136  2576 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   19202  0.0  0.2  74492  4320 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   19203  0.0  0.2  74488  4304 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   19204  0.0  0.2  74488  4352 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   19205  0.0  0.2  74492  4336 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   19206  0.0  0.2  74544  4328 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   19215  0.0  0.2  74492  4300 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> nobody   20170  0.0  0.2  74356  4264 ?SJul13   0:00 
> /usr/local/apache/bin/httpd -k start -DSSL
> root 20860  0.0  0.0 103240   856 pts/2S+   Jul13   0:00 grep httpd
> root@nikos [/home/nikos/www/data/apps]#
> -- 
> http://mail.python.org/mailman/listinfo/python-list
  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root apache 32447472 Jun  4 14:36 /usr/local/apache/logs/error_log*
root@nikos [/home/nikos/www/data/apps]# chown nobody:apache 
/usr/local/apache/logs/error_log
root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 nobody apache 32447472 Jun  4 14:36 
/usr/local/apache/logs/error_log*


still the same error.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 2:27:25 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
> The httpd processes are run by user 'nobody'. You have to change your 
> httpd.conf to assign the correct user or change the owner of the log file to 
> nobody.
> 
> On httpd.conf look for the following directives:
> User root
> Group root

Why some httpd run as root(first two) and the rest as nobody?
What is user 'nobody' anyways?

root@nikos [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'User root'
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'user root'
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'group root'
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'Group root'

Doesn't seem to be there.
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Carlos Nepomuceno 

Post your httpd.conf to pastebin and send us the link...

> Date: Tue, 4 Jun 2013 04:38:44 -0700
> Subject: Re: Apache and suexec issue that wont let me run my python script
> From: nikos.gr...@gmail.com
> To: python-list@python.org
> 
> root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
> -rwxr-xr-x 1 root apache 32447472 Jun  4 14:36 
> /usr/local/apache/logs/error_log*
> root@nikos [/home/nikos/www/data/apps]# chown nobody:apache 
> /usr/local/apache/logs/error_log
> root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
> -rwxr-xr-x 1 nobody apache 32447472 Jun  4 14:36 
> /usr/local/apache/logs/error_log*
> 
> 
> still the same error.
> -- 
> http://mail.python.org/mailman/listinfo/python-list
  -- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Carlos Nepomuceno 


> Date: Tue, 4 Jun 2013 04:36:06 -0700
> Subject: Re: Apache and suexec issue that wont let me run my python script
> From: nikos.gr...@gmail.com
> To: python-list@python.org
> 
> Τη Τρίτη, 4 Ιουνίου 2013 2:27:25 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
> έγραψε:
> > The httpd processes are run by user 'nobody'. You have to change your 
> > httpd.conf to assign the correct user or change the owner of the log file 
> > to nobody.
> > 
> > On httpd.conf look for the following directives:
> > User root
> > Group root
> 
> Why some httpd run as root(first two) and the rest as nobody?

The root processes are run by init during startup. The nobody processes are 
started by the first httpd processes based on httpd.conf settings.

> What is user 'nobody' anyways?

Just a user with no shell access.

> root@nikos [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf
> root@nikos [/home/nikos/www/data/apps]# cat  
> /usr/local/apache/conf/httpd.conf | grep 'User root'
> root@nikos [/home/nikos/www/data/apps]# cat  
> /usr/local/apache/conf/httpd.conf | grep 'user root'
> root@nikos [/home/nikos/www/data/apps]# cat  
> /usr/local/apache/conf/httpd.conf | grep 'group root'
> root@nikos [/home/nikos/www/data/apps]# cat  
> /usr/local/apache/conf/httpd.conf | grep 'Group root'
> 
> Doesn't seem to be there.

You have to edit httpd.conf and change the User and Group directives. They 
currently are set to nobody, so you have to look for ' User nobody'  and ' 
Group nobody'.

Take care while editing httpd.conf. Make a backup copy just in case. ;)

  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
> Post your httpd.conf to pastebin and send us the link...


Here it is:  http://pastebin.com/kMT2BZp1
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Carlos Nepomuceno 

> Date: Tue, 4 Jun 2013 04:48:34 -0700
> Subject: Re: Apache and suexec issue that wont let me run my python script
> From: nikos.gr...@gmail.com
> To: python-list@python.org
> 
> Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
> έγραψε:
> > Post your httpd.conf to pastebin and send us the link...
> 
> 
> Here it is:  http://pastebin.com/kMT2BZp1
> -- 
> http://mail.python.org/mailman/listinfo/python-list

Your httpd.conf is automatically generated by cPanel. Take a look:

# Defined in /var/cpanel/cpanel.config: apache_portListen 0.0.0.0:82User 
nobodyGroup nobodyExtendedStatus OnServerAdmin nikos.gr33k@gmail.comServerName 
nikos.superhost.grLogLevel warn

That means you have to change the settings on cPanel not directly editing 
httpd.conf. I don't use cPanel so I can't help you on that.

Good luck!


  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 3:11:18 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
> > Date: Tue, 4 Jun 2013 04:48:34 -0700
> > Subject: Re: Apache and suexec issue that wont let me run my python script
> > From: nikos...@gmail.com
> > To: pytho...@python.org
> > 
> > Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
> > έγραψε:
> > > Post your httpd.conf to pastebin and send us the link...
> > 
> > 
> > Here it is:  http://pastebin.com/kMT2BZp1
> > -- 
> > http://mail.python.org/mailman/listinfo/python-list
> 
> Your httpd.conf is automatically generated by cPanel. Take a look:
> 
> 
> # Defined in /var/cpanel/cpanel.config: apache_port
> Listen 0.0.0.0:82
> User nobody
> Group nobody
> ExtendedStatus On
> ServerAdmin nikos...@gmail.com
> ServerName nikos.superhost.gr
> LogLevel warn
> 
> That means you have to change the settings on cPanel not directly editing 
> httpd.conf. I don't use cPanel so I can't help you on that.
> 
> Good luck!

Since, i'm root i will open the file and alter the user nobody to root.
Can't i?

Also about the suexec.log since i made it 755 why still suexec complain that it 
cannot open it?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
root@nikos [~]# nano /usr/local/apache/conf/httpd.conf

and altering user nobody to user root.

root@nikos [~]# service httpd restart
[Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping
Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root.  
There are known race conditions that\n\twill allow any local user to read any 
file on the system.\n\tIf you still desire to serve pages as root then\n\tadd 
-DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the 
server.\n\tIt is strongly suggested that you instead modify the 
User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
root@nikos [~]#

What can i do?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico 
On Tue, Jun 4, 2013 at 10:57 PM, Νικόλαος Κούρας  wrote:
> root@nikos [~]# nano /usr/local/apache/conf/httpd.conf
>
> and altering user nobody to user root.
>
> root@nikos [~]# service httpd restart
> [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, 
> skipping
> Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
> Error:\tApache has not been designed to serve pages while\n\trunning as root. 
>  There are known race conditions that\n\twill allow any local user to read 
> any file on the system.\n\tIf you still desire to serve pages as root 
> then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
> rebuild the server.\n\tIt is strongly suggested that you instead modify the 
> User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
> root@nikos [~]#
>
> What can i do?

Don't do that.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Carlos Nepomuceno 


> Date: Tue, 4 Jun 2013 05:57:54 -0700
> Subject: Re: Apache and suexec issue that wont let me run my python script
> From: nikos.gr...@gmail.com
> To: python-list@python.org
> 
> root@nikos [~]# nano /usr/local/apache/conf/httpd.conf
> 
> and altering user nobody to user root.
> 
> root@nikos [~]# service httpd restart
> [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, 
> skipping
> Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
> Error:\tApache has not been designed to serve pages while\n\trunning as root. 
>  There are known race conditions that\n\twill allow any local user to read 
> any file on the system.\n\tIf you still desire to serve pages as root 
> then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
> rebuild the server.\n\tIt is strongly suggested that you instead modify the 
> User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
> root@nikos [~]#
> 
> What can i do?

You don't need to run httpd as root. In fact it's risky. You can use another 
user with less privileges to run it like nobody or something else you see fit.

I don't think the suggestion to rebuild the server is good, but I don't know 
how cPanel works so it's just a guess.


  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 4:10:58 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Tue, Jun 4, 2013 at 10:57 PM, Νικόλαος Κούρας  
> wrote:
> 
> > root@nikos [~]# nano /usr/local/apache/conf/httpd.conf

> > and altering user nobody to user root.

> > root@nikos [~]# service httpd restart
> 
> > [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, 
> > skipping
> 
> > Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
> 
> > Error:\tApache has not been designed to serve pages while\n\trunning as 
> > root.  There are known race conditions that\n\twill allow any local user to 
> > read any file on the system.\n\tIf you still desire to serve pages as root 
> > then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
> > rebuild the server.\n\tIt is strongly suggested that you instead modify the 
> > User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n

> Don't do that.

Well i can understand its dangerous but it doesnt also let me.
So that leaved me the tampering of the log files.

root@nikos [~]# chmod 755 /var/log/httpd/error_log
root@nikos [~]# chown nobody:nobody  /var/log/httpd/error_log

root@nikos [~]# chmod 755 /usr/local/apache/logs/error_log
root@nikos [~]# chown nobody:nobody  /usr/local/apache/logs/error_log

BUT just my luck.

root@nikos [~]# [Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] suexec 
failure: could not open log file
[Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py
[Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] File does not exist: 
/home/nikos/public_html/500.shtml
[Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] suexec failure: could 
not open log file
[Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py


I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico 
On Tue, Jun 4, 2013 at 11:17 PM, Νικόλαος Κούρας  wrote:
> I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY.

You should try power surging your drivers. Have you got a spare power cord?

ChrisA

[1] http://www.oocities.org/timessquare/4753/bofh.htm
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 5:33:03 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:

> > I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY. 

> You should try power surging your drivers. Have you got a spare power cord?

Jokes are funny, but its over a week now the script is correct and the damn 
suexec thing doesnt let me do my job.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Mark Lawrence 

On 04/06/2013 15:40, Νικόλαος Κούρας wrote:

Τη Τρίτη, 4 Ιουνίου 2013 5:33:03 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:


I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY.



You should try power surging your drivers. Have you got a spare power cord?


Jokes are funny, but its over a week now the script is correct and the damn 
suexec thing doesnt let me do my job.



I don't know much about the Python suexec module, can you please explain 
where it's documented.  Or is suexec nothing to do with Python?


--
"Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green." Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris “Kwpolska” Warrick 
On Tue, Jun 4, 2013 at 4:49 PM, Mark Lawrence  wrote:
> I don't know much about the Python suexec module, can you please explain
> where it's documented.  Or is suexec nothing to do with Python?

From Wikipedia:
> Apache suEXEC is a feature of the Apache Web server. It allows users to run 
> CGI and SSI applications as a different user - normally, all web server 
> processes run as the default web server user (often wwwrun, Apache or nobody).

In other words: Nikolaos is trying to do something HORRIBLY WRONG
(just like always).  The proper way would be to run the python scripts
through WSGI as the standard nobody user.  Or do proper file
permissions.  And WSGI should be used through something intelligent
(flask/pyramid/…)

--- OT START ---
On Tue, Jun 4, 2013 at 4:33 PM, Chris Angelico  wrote:
> You should try power surging your drivers. Have you got a spare power cord?
>
> ChrisA
>
> [1] http://www.oocities.org/timessquare/4753/bofh.htm
> --
> http://mail.python.org/mailman/listinfo/python-list

Please link and read at the BOFH’s page.  [0] is the page and [1] is
this exact story.

[0]: http://bofh.ntk.net/BOFH/index.php
[1]: http://bofh.ntk.net/BOFH//bastard07.php

--
Kwpolska  | GPG KEY: 5EAAEA16
stop html mail| always bottom-post
http://asciiribbon.org| http://caliburn.nl/topposting.html
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 1:06 AM, Chris “Kwpolska” Warrick
 wrote:
>> [1] http://www.oocities.org/timessquare/4753/bofh.htm
>> --
>> http://mail.python.org/mailman/listinfo/python-list
>
> Please link and read at the BOFH’s page.  [0] is the page and [1] is
> this exact story.
>
> [0]: http://bofh.ntk.net/BOFH/index.php
> [1]: http://bofh.ntk.net/BOFH//bastard07.php

Hrm. I went poking on ntk.net but couldn't find it, so I posted a
different link rather than go with no link. Thanks for finding the
official page, that's what I'd prefer normally.

I think SimonT mucked up something a while ago and lost himself a pile
of search engine rank.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Joel Goldstick 
On Tue, Jun 4, 2013 at 11:11 AM, Chris Angelico  wrote:

> On Wed, Jun 5, 2013 at 1:06 AM, Chris “Kwpolska” Warrick
>  wrote:
> >> [1] http://www.oocities.org/timessquare/4753/bofh.htm
> >> --
> >> http://mail.python.org/mailman/listinfo/python-list
> >
> > Please link and read at the BOFH’s page.  [0] is the page and [1] is
> > this exact story.
> >
> > [0]: http://bofh.ntk.net/BOFH/index.php
> > [1]: http://bofh.ntk.net/BOFH//bastard07.php
>
> Hrm. I went poking on ntk.net but couldn't find it, so I posted a
> different link rather than go with no link. Thanks for finding the
> official page, that's what I'd prefer normally.
>
> I think SimonT mucked up something a while ago and lost himself a pile
> of search engine rank.
>
> ChrisA
> --
> http://mail.python.org/mailman/listinfo/python-list
>


reading this thread is like slowing down to see the car wreck on the other
side of the highway.  I think I feel bad for the people who are paying to
host their stuff on the OP server.  But maybe they get what they deserve.

-- 
Joel Goldstick
http://joelgoldstick.com
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
All these popel i host thei websiets are friend fo mine and their webpages all 
of them run witohut any problem.

Only my perosnal webpage, which utilizes python has these kind of issues, the 
other  pages re joomlas and dreamweavers.

Please as you see i have been trying anyhting i thought of and everything i 
googles and been told to.

But still this error insists.

I'm willing to let someone with full root access to my webhost to see thigns 
from the inside.

Does someone want to take o allok or at elast tell me what else i need to try, 
that hasn't been tried out yet?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 3:02 AM, Νικόλαος Κούρας  wrote:
> I'm willing to let someone with full root access to my webhost to see thigns 
> from the inside.
>
> Does someone want to take o allok or at elast tell me what else i need to 
> try, that hasn't been tried out yet?

You need to read up on what happens when you enter Dummy Mode and give
someone full root access to your web host. You really REALLY need to
understand what that means before you offer random strangers that kind
of access to someone else's data.

I've half a mind to take you up on your offer, then go look for
personal and private info from your clients, and email it to them
(along with a link to this thread) to point out what's going on.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τρίτη, 4 Ιουνίου 2013 8:09:18 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 3:02 AM, Νικόλαος Κούρας  wrote:
> 
> > I'm willing to let someone with full root access to my webhost to see 
> > thigns from the inside.
> 
> >
> 
> > Does someone want to take o allok or at elast tell me what else i need to 
> > try, that hasn't been tried out yet?
> 
> 
> 
> You need to read up on what happens when you enter Dummy Mode and give
> 
> someone full root access to your web host. You really REALLY need to
> 
> understand what that means before you offer random strangers that kind
> 
> of access to someone else's data.
> 
> 
> 
> I've half a mind to take you up on your offer, then go look for
> 
> personal and private info from your clients, and email it to them
> 
> (along with a link to this thread) to point out what's going on.
> 
> 
> 
> ChrisA

I know what full root access mean.
I also trust you.
I'm hopeless man, its 1 week now dealing with this.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 3:12 AM, Νικόλαος Κούρας  wrote:
> I know what full root access mean.
> I also trust you.
> I'm hopeless man, its 1 week now dealing with this.

The call is strong... I could rule the galaxy alongside my father...
I've searched my feelings, and I know this to be true!

Okay. I accept. I'll do as I promised. Might be interesting, and
educative - for someone, at least.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 1:12:26 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 3:12 AM, Νικόλαος Κούρας  wrote:
> 
> > I know what full root access mean.
> 
> > I also trust you.
> 
> > I'm hopeless man, its 1 week now dealing with this.
> 
> 
> 
> The call is strong... I could rule the galaxy alongside my father...
> 
> I've searched my feelings, and I know this to be true!
> 
> 
> 
> Okay. I accept. I'll do as I promised. Might be interesting, and
> 
> educative - for someone, at least.

Good Day Chris, thanks for accepting.

Please mail me and i will send you the root login credentials.
Before that happens i want to tell you that i have manages to disable 'suexec' 
and the error now became:


[Wed Jun 05 06:49:56 2013] [error] [client 46.12.95.59] (2)No such file or 
directory: exec of '/home/nikos/public_html/cgi-bin/koukos.py' failed
[Wed Jun 05 06:49:56 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py

The script though its interpretign  correctly as seen from

ni...@superhost.gr [~/www/cgi-bin]# python koukos.py
Set-Cookie: nikos=admin; expires=Sat, 31 May 2014 03:55:16 GMT; Path=/ 
Content-type: text/html; charset=utf-8
 ΞΞ Ξ ΞΞ© ΞΞΞ Ξ£Ξ�Ξ £ ΞΞΞ
 ni...@superhost.gr [~/www/cgi-bin]#

The mojabike is Greek as terminal outputs it.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread alex23 
On Jun 5, 1:55 pm, Νικόλαος Κούρας  wrote:
> [Wed Jun 05 06:49:56 2013] [error] [client 46.12.95.59] (2)No such file or 
> directory: exec of '/home/nikos/public_html/cgi-bin/koukos.py' failed

> The script though its interpretign  correctly as seen from
> ni...@superhost.gr [~/www/cgi-bin]# python koukos.py

Unless you're symlinking and expect us to use our psychic powers to
work that out, '/home/nikos/public_html/cgi-bin/koukos.py' <> '~/www/
cgi-bin/koukos.py'.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Here is the script:


#!/usr/bin/python
# coding=utf-8

import cgitb; cgitb.enable()
import cgi, os, sys, locale, codecs
from http import cookies

#needed line, script does *not* work without it
sys.stdout = codecs.getwriter('utf-8')(sys.stdout.detach())

# initialize cookie
cookie = cookies.SimpleCookie( os.environ.get('HTTP_COOKIE') )
cookie.load( cookie )
nikos = cookie.get('nikos')

# if visitor cookie does exist
if nikos:
message = "ΑΠΟ ΤΗΝ ΕΠΟΜΕΝΗ ΕΠΙΣΚΕΨΗ ΣΟΥ ΘΑ ΣΕ ΥΠΟΛΟΓΙΖΩ ΩΣ ΕΠΙΣΚΕΠΤΗ 
ΑΥΞΑΝΟΝΤΑΣ ΤΟΝ ΜΕΤΡΗΤΗ!"
cookie['nikos'] = 'admin'
cookie['nikos']['path'] = '/'
cookie['nikos']['expires'] = -1 #this cookie will expire now
else:
message  = "ΑΠΟ ΔΩ ΚΑΙ ΣΤΟ ΕΞΗΣ ΔΕΝ ΣΕ ΕΙΔΑ, ΔΕΝ ΣΕ ΞΕΡΩ, ΔΕΝ ΣΕ 
ΑΚΟΥΣΑ! ΘΑ ΕΙΣΑΙ ΠΛΕΟΝ Ο ΑΟΡΑΤΟΣ ΕΠΙΣΚΕΠΤΗΣ!!"
cookie['nikos'] = 'admin'
cookie['nikos']['path'] = '/'
cookie['nikos']['expires'] = 60*60*24*30*12 #this cookie 
will expire in a year


print( cookie, "Content-type: text/html; charset=utf-8\n", message )

sys.exit(0)
===

This doesn't make sense to me at all.I'll iam tryign to set is a cookie, iwas 
so happy finally disablin bloody 'suexec' and now this.

[Wed Jun 05 06:49:56 2013] [error] [client 46.12.95.59] (2)No such file or 
directory: exec of '/home/nikos/public_html/cgi-bin/koukos.py' failed 
[Wed Jun 05 06:49:56 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 7:34:55 π.μ. UTC+3, ο χρήστης alex23 έγραψε:
> On Jun 5, 1:55 pm, Νικόλαος Κούρας  wrote:
> 
> > [Wed Jun 05 06:49:56 2013] [error] [client 46.12.95.59] (2)No such file or 
> > directory: exec of '/home/nikos/public_html/cgi-bin/koukos.py' failed
> 
> 
> 
> > The script though its interpretign  correctly as seen from
> 
> > ni...@superhost.gr [~/www/cgi-bin]# python koukos.py
> 
> 
> 
> Unless you're symlinking and expect us to use our psychic powers to
> 
> work that out, '/home/nikos/public_html/cgi-bin/koukos.py' <> '~/www/
> 
> cgi-bin/koukos.py'.

Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin'
What this has to do with what i asked?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread alex23 
On Jun 5, 2:40 pm, Νικόλαος Κούρας  wrote:
> Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin'
> What this has to do with what i asked?

You display an error of "No such file or directory" and you wonder why
I'm trying to confirm the two locations are the same.

Can you finally admit you're trolling now?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 7:59:31 π.μ. UTC+3, ο χρήστης alex23 έγραψε:
> On Jun 5, 2:40 pm, Νικόλαος Κούρας  wrote:
> 
> > Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin'
> 
> > What this has to do with what i asked?
> 
> 
> 
> You display an error of "No such file or directory" and you wonder why 
> I'm trying to confirm the two locations are the same.
> 

> Can you finally admit you're trolling now?

I'm not trolling, you are the one that do not understand.

Here i swicthed the code from:

# Compute a set of current fullpaths
fullpaths = set()
path = "/home/nikos/www/data/apps/"

for root, dirs, files in os.walk(path):
for fullpath in files:
fullpaths.add( os.path.join(root, fullpath) )

to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' as 
i said:

# Compute a set of current fullpaths
fullpaths = set()
path = "/home/nikos/public_html/data/apps/"

for root, dirs, files in os.walk(path):
for fullpath in files:
fullpaths.add( os.path.join(root, fullpath) )


--
ni...@superhost.gr [~/www/cgi-bin]# [Wed Jun 05 08:09:14 2013] [error] [client 
46.12.95.59] (2)No such file or directory: exec of 
'/home/nikos/public_html/cgi-bin/koukos.py' failed
[Wed Jun 05 08:09:14 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py
[Wed Jun 05 08:09:14 2013] [error] [client 46.12.95.59] File does not exist: 
/home/nikos/public_html/500.shtml

Same error.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread alex23 
On Jun 5, 3:11 pm, Νικόλαος Κούρας  wrote:
> I'm not trolling, you are the one that do not understand.
>
> Here i swicthed the code from:
> path = "/home/nikos/www/data/apps/"
>
> to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' 
> as i said:
>
> # Compute a set of current fullpaths
> path = "/home/nikos/public_html/data/apps/"
>
> Same error.

"/home/nikos/public_html/data/apps/" <> "/home/nikos/public_html/cgi-
bin/"

Are you even reading the error messages?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 8:23:12 π.μ. UTC+3, ο χρήστης alex23 έγραψε:
> On Jun 5, 3:11 pm, Νικόλαος Κούρας  wrote:
> 
> > I'm not trolling, you are the one that do not understand.
> 
> >
> 
> > Here i swicthed the code from:
> 
> > path = "/home/nikos/www/data/apps/"
> 
> >
> 
> > to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' 
> > as i said:
> 
> >
> 
> > # Compute a set of current fullpaths
> 
> > path = "/home/nikos/public_html/data/apps/"
> 
> >
> 
> > Same error.
> 
> 
> 
> "/home/nikos/public_html/data/apps/" <> "/home/nikos/public_html/cgi-
> 
> bin/"
> 
> 
> 
> Are you even reading the error messages?

What do you mean? Yes i have read the error messsage and i can't understand wht 
file it can't find.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 2:59 PM, alex23  wrote:
> On Jun 5, 2:40 pm, Νικόλαος Κούρας  wrote:
>> Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin'
>> What this has to do with what i asked?
>
> You display an error of "No such file or directory" and you wonder why
> I'm trying to confirm the two locations are the same.
>
> Can you finally admit you're trolling now?

In Nikos's defense (wow that feels wrong), linking public_html and www
is quite common, and his prompts have clearly shown that his username
is nikos. So the commonality is at least unsurprising. He ought to
have mentioned it, of course, but it's at least something well known.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας  wrote:
> Good Day Chris, thanks for accepting.
>
> Please mail me and i will send you the root login credentials.

Well, I wasn't sure whether this would actually happen or not, but it did.

I made it fairly clear to him in multiple posts that I was NOT going
to sort out all his problems, yet he clearly did not read that, and
has seen fit to compromise his security to the extreme extent of
giving his *ROOT PASSWORD* to a total stranger over the internet.

With that power, I could have done anything. I could have wiped out
all his clients' data. I could have searched through his database
content for credit cards, customer information, the works. But I
didn't; I merely placed a small file in the public_html directory of
each of the twelve web sites he has hosted:

http://superhost.gr/Hello_from_Rosuav
http://leonidasgkelos.com/Hello_from_Rosuav
http://parking-byzantio.gr/Hello_from_Rosuav
... and nine others

I have also contacted all the site owners who had a .contactemail file
in their home directories, informing them of the situation.

Oh, and I changed the root password, since the current one was sent in
clear text across the internet. Nikos, the new password has been
stored in /home/nikos/new_password - you should be able to access that
using your non-root login. I recommend you change it immediately.

Peanut gallery, did I make it sufficiently clear beforehand that
giving out your root password is a bad idea?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 11:09:50 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας  wrote:
> 
> > Good Day Chris, thanks for accepting.
> 
> >
> 
> > Please mail me and i will send you the root login credentials.
> 
> 
> 
> Well, I wasn't sure whether this would actually happen or not, but it did.
> 
> 
> 
> I made it fairly clear to him in multiple posts that I was NOT going
> 
> to sort out all his problems, yet he clearly did not read that, and
> 
> has seen fit to compromise his security to the extreme extent of
> 
> giving his *ROOT PASSWORD* to a total stranger over the internet.
> 
> 
> 
> With that power, I could have done anything. I could have wiped out
> 
> all his clients' data. I could have searched through his database
> 
> content for credit cards, customer information, the works. But I
> 
> didn't; I merely placed a small file in the public_html directory of
> 
> each of the twelve web sites he has hosted:
> 
> 
> 
> http://superhost.gr/Hello_from_Rosuav
> 
> http://leonidasgkelos.com/Hello_from_Rosuav
> 
> http://parking-byzantio.gr/Hello_from_Rosuav
> 
> ... and nine others
> 
> 
> 
> I have also contacted all the site owners who had a .contactemail file
> 
> in their home directories, informing them of the situation.
> 
> 
> 
> Oh, and I changed the root password, since the current one was sent in
> 
> clear text across the internet. Nikos, the new password has been
> 
> stored in /home/nikos/new_password - you should be able to access that
> 
> using your non-root login. I recommend you change it immediately.
> 
> 
> 
> Peanut gallery, did I make it sufficiently clear beforehand that
> 
> giving out your root password is a bad idea?
> 
> 
> 
> ChrisA

I gave you out of my good and trustworthy heart my root password so for you to 
look upon my systrem configuration and all you did was trying to fuck me by 
sending mails to my clients?

How am i suppose to change the roor password from a normal user 
account?("nikos")?

Other 3 times i hve gavein people my root password and they all trid to help me 
out, only you screwed me like this.

If i lose some of my clients, will you been paying for the money loss?
Do you think this server i rent comes for free with cPanel, Softaculous and 
other licenses?

Fuck you.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 6:26 PM, Νικόλαος Κούρας  wrote:
>
> I gave you out of my good and trustworthy heart my root password so for you 
> to look upon my systrem configuration and all you did was trying to fuck me 
> by sending mails to my clients?

That would be "trusting", not "trustworthy", and I did make it pretty
clear what I was proposing.

> How am i suppose to change the roor password from a normal user 
> account?("nikos")?

You don't. You log in as the normal user and look in your normal
user's home directory. In there, you will find a file giving you the
root password. It's safer that way; everything's done over SSH.

> Other 3 times i hve gavein people my root password and they all trid to help 
> me out, only you screwed me like this.
>
> If i lose some of my clients, will you been paying for the money loss?

No, I will not. I never made you any promise. If you lose some of your
clients, it is because you have made some very poor decisions,
including to tinker live with this server instead of having a staging
area. All I've done is give your clients a chance to know what you're
doing with their data, which I think is fair enough.

> Do you think this server i rent comes for free with cPanel, Softaculous and 
> other licenses?

Of course not. (In my opinion, cpanel is ridiculously overpriced.)
Most of these sorts of things are either overkill, or utterly trivial;
if you need it, the price is immaterial, but most people simply don't.

Before you get too angry at me, ask yourself this question: Would you
stand for someone giving out access to your system to a third party?
Because that's exactly what you did to your clients. You gave me, a
perfect stranger, full access to *THEIR* data. Do you understand how
serious that is? In addition, you posted me the password in clear text
via email. That's why I changed it - it's entirely possible someone
saw the password in transmission.

This matter is far more serious than you seem to be giving it
consideration for. You complain that I violated your trust; you
violated the trust of people who are paying you money.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 11:41:55 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 6:26 PM, Νικόλαος Κούρας  wrote:
> 
> >
> 
> > I gave you out of my good and trustworthy heart my root password so for you 
> > to look upon my systrem configuration and all you did was trying to fuck me 
> > by sending mails to my clients?
> 
> 
> 
> That would be "trusting", not "trustworthy", and I did make it pretty
> 
> clear what I was proposing.
> 
> 
> 
> > How am i suppose to change the roor password from a normal user 
> > account?("nikos")?
> 
> 
> 
> You don't. You log in as the normal user and look in your normal
> 
> user's home directory. In there, you will find a file giving you the
> 
> root password. It's safer that way; everything's done over SSH.
> 
> 
> 
> > Other 3 times i hve gavein people my root password and they all trid to 
> > help me out, only you screwed me like this.
> 
> >
> 
> > If i lose some of my clients, will you been paying for the money loss?
> 
> 
> 
> No, I will not. I never made you any promise. If you lose some of your
> 
> clients, it is because you have made some very poor decisions,
> 
> including to tinker live with this server instead of having a staging
> 
> area. All I've done is give your clients a chance to know what you're
> 
> doing with their data, which I think is fair enough.
> 
> 
> 
> > Do you think this server i rent comes for free with cPanel, Softaculous and 
> > other licenses?
> 
> 
> 
> Of course not. (In my opinion, cpanel is ridiculously overpriced.)
> 
> Most of these sorts of things are either overkill, or utterly trivial;
> 
> if you need it, the price is immaterial, but most people simply don't.
> 
> 
> 
> Before you get too angry at me, ask yourself this question: Would you
> 
> stand for someone giving out access to your system to a third party?
> 
> Because that's exactly what you did to your clients. You gave me, a
> 
> perfect stranger, full access to *THEIR* data. Do you understand how
> 
> serious that is? In addition, you posted me the password in clear text
> 
> via email. That's why I changed it - it's entirely possible someone
> 
> saw the password in transmission.
> 
> 
> 
> This matter is far more serious than you seem to be giving it
> 
> consideration for. You complain that I violated your trust; you
> 
> violated the trust of people who are paying you money.
> 
> 
> 
> ChrisA


So, iam to blame this for trusting you?

YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF 
CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS 
AND MAIL THEM TOO.

IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT 
FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT.

BUT NO, YOU WANTED TO MAKE AN IMPRESSION BY SCREWING ME.
I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME 
OTHER FORUMS TOO.

YOU NEVER BOTHERED TAKING A LOOK AT THE ENCODING ISSUE.
I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN 
SCREWED ME.
FUCK YOU AND NO I DONT MIND THE LANGUAGE.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread alex23 
On Jun 5, 6:53 pm, Νικόλαος Κούρας  wrote:
> So, iam to blame this for trusting you?

I'm sure you were smart enough to get Chris to sign a contract before
giving him the keys to your kingdom, no?

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 6:53 PM, Νικόλαος Κούρας  wrote:
> So, iam to blame this for trusting you?

Your clients trust you to not compromise their security. You
compromised their security by giving the root password to a stranger.

> YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF 
> CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY 
> FOLDERS AND MAIL THEM TOO.
>
> IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT 
> FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT.

When did I ever give the impression that I wanted to help? When did I
ever actually ask you for that power? No, you kept trying to thrust it
on us as part of your demands for assistance.

> I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
> TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS 
> SOME OTHER FORUMS TOO.

So... your root account has fairly public access. Did you notify your
clients that half a dozen random people have full access to their
server? Can you prove to them that their private data is, indeed,
private?

> I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN 
> SCREWED ME.

What promise? I never promised to help. Go read my posts... I would
have said "reread" except that you never read them in the first place.

Just be aware, I didn't actually hurt you in any way. I changed your
root password to protect it, but you still have access. The only harm
that could come from this is that your clients are now aware of the
risks they are taking by remaining with you. I'm stripping away the
veil and exposing the truth. Nothing more.

And now, we're very much off-topic for python-list, but I think it's a
good thing for other potential server-maintainers to be aware of.
Trust is a very precious thing.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread alex23 
On Jun 5, 6:41 pm, Chris Angelico  wrote:
> This matter is far more serious than you seem to be giving it
> consideration for. You complain that I violated your trust; you
> violated the trust of people who are paying you money.

I think the term I'm looking for here is: EPIC WIN :D

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 10:53, schrieb Νικόλαος Κούρας:

I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME 
OTHER FORUMS TOO.


You know what you're saying there? You've given (at least) four people 
you don't know at all (you know, on the internet nobody knows you're a 
dog and stuff) - and as such shouldn't trust them at all, either - free 
and full admission to a system that critical for you. That's like 
handing out keys to the front door of your home to any passer-by on the 
street who you feel like talking to - and then later wondering why your 
belongings are suddenly gone.


Seeing how riled up you get about this, what Chris did is for the 
better. At least it seems that you won't be able to change your root 
password back, either, and as such you won't have root access anymore to 
your system for the time being, which makes your system and the 
internets a safer place for now.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 11:59:28 π.μ. UTC+3, ο χρήστης alex23 έγραψε:
> On Jun 5, 6:41 pm, Chris Angelico  wrote:
> 
> > This matter is far more serious than you seem to be giving it
> 
> > consideration for. You complain that I violated your trust; you
> 
> > violated the trust of people who are paying you money.
> 
> 
> 
> I think the term I'm looking for here is: EPIC WIN :D

I didnt violate anything. Chris violated my treust.
There would have been no violation if he just look into en encoding issue and 
not meddled with my customers mail and data.

Alex23, you are the *WORST* character i ever encountered in this list and 
forums in gernal. Idiot and ignorant too not knowing that ~/www is a symlink to 
~/public_html and pretending to help.

Fuck you too and sod off.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:05:36 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 6:53 PM, Νικόλαος Κούρας  wrote:
> 
> > So, iam to blame this for trusting you?
> 
> 
> 
> Your clients trust you to not compromise their security. You
> 
> compromised their security by giving the root password to a stranger.
> 
> 
> 
> > YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF 
> > CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY 
> > FOLDERS AND MAIL THEM TOO.
> 
> >
> 
> > IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT 
> > FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU 
> > OUT.
> 
> 
> 
> When did I ever give the impression that I wanted to help? When did I
> 
> ever actually ask you for that power? No, you kept trying to thrust it
> 
> on us as part of your demands for assistance.
> 
> 
> 
> > I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
> > TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS 
> > SOME OTHER FORUMS TOO.
> 
> 
> 
> So... your root account has fairly public access. Did you notify your
> 
> clients that half a dozen random people have full access to their
> 
> server? Can you prove to them that their private data is, indeed,
> 
> private?
> 
> 
> 
> > I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN 
> > SCREWED ME.
> 
> 
> 
> What promise? I never promised to help. Go read my posts... I would
> 
> have said "reread" except that you never read them in the first place.
> 
> 
> 
> Just be aware, I didn't actually hurt you in any way. I changed your
> 
> root password to protect it, but you still have access. The only harm
> 
> that could come from this is that your clients are now aware of the
> 
> risks they are taking by remaining with you. I'm stripping away the
> 
> veil and exposing the truth. Nothing more.
> 
> 
> 
> And now, we're very much off-topic for python-list, but I think it's a
> 
> good thing for other potential server-maintainers to be aware of.
> 
> Trust is a very precious thing.
> 
> 
> 
> ChrisA

TODAY I READ YOUR POSTS THAT YOU ACTUALLY OFFERED TO LOG INTO MY SERVER.
THAT WOULD IMPLY THAT YOU WANTED TO HELP OUT AND THATS WHY YOU OFFERED.
I AKSED YOU FOR YOUR MAIL THEN AND YOU SEND ME A PRIVATE MAIL TO SEND YOU THE 
DATA.
THEN I AGVE IT TO YOU.

SHOULD I HAVE ASKED YOU EXPLICITLY BY MAIL TO 'ACTUALLY TRY TO HELP ME INSTEAD 
OF SCREW MY BUSINESS'? I TRUSTED YOU BECASUE I WAS UNDER THE IMPRESSION YOU 
COULD HELP ME WITH THIS ISSUES I;VE BEEN STRUGGLING.

NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE 
SYSTEM OUT BY 'RM -RF /'

GO TO HELL.


-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:04:15 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
> Am 05.06.2013 10:53, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:
> 
> > I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
> > TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS 
> > SOME OTHER FORUMS TOO.
> 
> 
> 
> You know what you're saying there? You've given (at least) four people 
> 
> you don't know at all (you know, on the internet nobody knows you're a 
> 
> dog and stuff) - and as such shouldn't trust them at all, either - free 
> 
> and full admission to a system that critical for you. That's like 
> 
> handing out keys to the front door of your home to any passer-by on the 
> 
> street who you feel like talking to - and then later wondering why your 
> 
> belongings are suddenly gone.
> 
> 
> 
> Seeing how riled up you get about this, what Chris did is for the 
> 
> better. At least it seems that you won't be able to change your root 
> 
> password back, either, and as such you won't have root access anymore to 
> 
> your system for the time being, which makes your system and the 
> 
> internets a safer place for now.

I'am a perosn that eaisly trust other people to have ethics, especially python 
programmers who knows how difficult its to debug a script and have it working.
Some people can be trusted, and actually try to help.
Some dont.
Chris is na example of the latter. At least he didnt wipe the whoile system out.
And i do have access of my system 30 mins now.
And yes i will again root access to another person, which i beleive he can be 
trsuted and give me some friendly help.

Tha is all i have to say and i'm not naive or fool.
As i said some people can actually be trusted.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 7:04 PM, Heiko Wundram  wrote:
> Seeing how riled up you get about this, what Chris did is for the better. At
> least it seems that you won't be able to change your root password back,
> either, and as such you won't have root access anymore to your system for
> the time being, which makes your system and the internets a safer place for
> now.

Not quite accurate; he can change his root password back as soon as he
logs in as the non-root user and cats one little file. Actually, I
just tested, and the password I set is no longer valid, so I'm
guessing he's already done so... either that, or a third party who was
previously given access has now changed the password to something
else.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 7:14 PM, Νικόλαος Κούρας  wrote:
> NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE 
> SYSTEM OUT BY 'RM -RF /'

Yes. Actually, yes. Do you understand now what you have done by giving
your password to multiple people? This is *completely* different from
asking for help. You are giving someone complete access to do ANYTHING
and without even being logfiled (try it - can you find out what I did?
You'll be able to find a few things, like what IP addresses I logged
in from, but not everything); this is something that you simply do not
EVER do.

And rm -rf / (by the way, it wouldn't work if I shouted at your
computer the way you're shouting at me) is actually not the worst
thing I could do. If one of your clients accepts credit cards from his
customers and stores them, I could compromise your client's customers.
They have a measure of trust in the web server; you are betraying that
trust by letting me in.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 11:19, schrieb Chris Angelico:

Not quite accurate; he can change his root password back as soon as he
logs in as the non-root user and cats one little file.


I understood that - I rather got the impression that he (as a person) 
wasn't technically capable of changing it. Alas, the internets didn't 
remain a better place for long. :-)


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 7:19 PM, Νικόλαος Κούρας  wrote:
> I'am a perosn that eaisly trust other people to have ethics, especially 
> python programmers who knows how difficult its to debug a script and have it 
> working.
> Some people can be trusted, and actually try to help.
> Some dont.
> Chris is na example of the latter. At least he didnt wipe the whoile system 
> out.

I've actually tried on MANY occasions to help you. I have put in a
number of hours of volunteer time researching and posting for you,
which I don't regret only because the list is of value to more people
than just the one who asked the question. You are unhelpable.

> And i do have access of my system 30 mins now.
> And yes i will again root access to another person, which i beleive he can be 
> trsuted and give me some friendly help.
>
> Tha is all i have to say and i'm not naive or fool.
> As i said some people can actually be trusted.

So you'll casually give out your root password again, yet you think
you are not naive? The next person you meet might actually do you some
harm.

You most definitely *are* a fool.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:27:20 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 7:14 PM, Νικόλαος Κούρας  wrote:
> 
> > NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE 
> > WHOLE SYSTEM OUT BY 'RM -RF /'
> 
> 
> 
> Yes. Actually, yes. Do you understand now what you have done by giving
> 
> your password to multiple people? This is *completely* different from
> 
> asking for help. You are giving someone complete access to do ANYTHING
> 
> and without even being logfiled (try it - can you find out what I did?
> 
> You'll be able to find a few things, like what IP addresses I logged
> 
> in from, but not everything); this is something that you simply do not
> 
> EVER do.
> 
> 
> 
> And rm -rf / (by the way, it wouldn't work if I shouted at your
> 
> computer the way you're shouting at me) is actually not the worst
> 
> thing I could do. If one of your clients accepts credit cards from his
> 
> customers and stores them, I could compromise your client's customers.
> 
> They have a measure of trust in the web server; you are betraying that
> 
> trust by letting me in.

iI got back root access and i

'rm -y /home/user/public_html/Hello_from_ROSUAV' 
so to delete your deface. Thank God you just placed that text file there and 
did not deface frontpages.

Then i run 'history' to see what exactly you ahve typed but the history log 
only showed me my own commands.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:29:10 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
> Am 05.06.2013 11:19, schrieb Chris Angelico:
> 
> > Not quite accurate; he can change his root password back as soon as he
> 
> > logs in as the non-root user and cats one little file.
> 
> 
> 
> I understood that - I rather got the impression that he (as a person) 
> 
> wasn't technically capable of changing it. Alas, the internets didn't 
> 
> remain a better place for long. :-)

It will remain, if you go away.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:31:37 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 7:19 PM, Νικόλαος Κούρας  wrote:
> 
> > I'am a perosn that eaisly trust other people to have ethics, especially 
> > python programmers who knows how difficult its to debug a script and have 
> > it working.
> 
> > Some people can be trusted, and actually try to help.
> 
> > Some dont.
> 
> > Chris is na example of the latter. At least he didnt wipe the whoile system 
> > out.
> 
> 
> 
> I've actually tried on MANY occasions to help you. I have put in a
> 
> number of hours of volunteer time researching and posting for you,
> 
> which I don't regret only because the list is of value to more people
> 
> than just the one who asked the question. You are unhelpable.
> 
> 
> 
> > And i do have access of my system 30 mins now.
> 
> > And yes i will again root access to another person, which i beleive he can 
> > be trsuted and give me some friendly help.
> 
> >
> 
> > Tha is all i have to say and i'm not naive or fool.
> 
> > As i said some people can actually be trusted.
> 
> 
> 
> So you'll casually give out your root password again, yet you think
> 
> you are not naive? The next person you meet might actually do you some
> 
> harm.
> 
> 
> 
> You most definitely *are* a fool.

TheRE is this saying that applis to you:
A THIEF BELEIVES EVERYBODY STEALS.

You do not trust people because you think all of them are likely to screw you, 
when its the other way around.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 7:32 PM, Νικόλαος Κούρας  wrote:
> iI got back root access and i
>
> 'rm -y /home/user/public_html/Hello_from_ROSUAV'
> so to delete your deface. Thank God you just placed that text file there and 
> did not deface frontpages.

Indeed. That's one of the few truly accurate statements you've made. I
am a God-fearing man, a Christian, a man of ethics, and that is why I
did not deface anything. All I did was create those files and read a
few little pieces like the .contactemail nuggets (btw, thanks - those
are the very people who have the right to know about this).

> Then i run 'history' to see what exactly you ahve typed but the history log 
> only showed me my own commands.

Precisely. My commands are not in your .bash_history file. Someone
could have done anything and you wouldn't even know.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread alex23 
On Jun 5, 7:46 pm, Νικόλαος Κούρας  wrote:
> And here us Alex23 private mail that sent out to me:

Which I spared the list from because it was off-topic, but I don't
think that's a concept you're overly familiar with given your posting
history.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 7:37 PM, Νικόλαος Κούρας  wrote:
> TheRE is this saying that applis to you:
> A THIEF BELEIVES EVERYBODY STEALS.
>
> You do not trust people because you think all of them are likely to screw 
> you, when its the other way around.

You really need to do a basic course in internet security. Why do we
have SSL? Is it because everyone's honest and trustworthy? Why do you
access your server using a password in the first place? I mean, if
people are honest, wouldn't it be fine to just use TELNET and simply
enter your name to get access?

Please don't misunderstand me. If I hated you, thought you worthless,
and/or was angry at you, I would not be trying to explain this; you
would have been in my killfile weeks ago and I would not even be aware
of your problems. I think you have the capacity to learn and improve,
but you really need to put some effort into figuring out what you're
doing.

I dread to think what you're charging your clients for the shoddy
service you're offering them. With ten clients, you're probably having
to charge them the equivalent of $US50/year just for cpanel, on top of
all your other costs. No wonder the economy of Greece is in trouble.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
And here us Alex23 private mail that sent out to me:

On Jun 5, 7:06 pm, Νικόλαος Κούρας  wrote:
> There would have been no violation if he just look into en encoding issue and 
> not meddled with my customers mail and data.

"Waaah, why didn't this stranger do my job for me for free? I'm so
confused!"

> Alex23, you are the *WORST* character i ever encountered in this list and 
> forums in gernal.

Hooray!

You probably haven't noticed because you don't give a shit about any
other problems here but your own, but I do help people on this list,
when it's clear they actually want to learn and not just palm off
their confusion onto other people. What I don't do is some lazy
dickwad's work for him; I get enough of that from my project managers.
I don't suffer fools gladly, and boy, are you ever a fool.

>  Idiot and ignorant too not knowing that ~/www is a symlink to ~/public_html 
> and pretending to help.

Firstly, that's why I _asked_ if they were the same. Secondly, excuse
me if I don't set up my web servers using shitty obsolete mechanisms
like CGI.

And given I'm not the one who's handing out root access to his
commercial server like it's candy, you really shouldn't be throwing
terms like "ignorant" around.

> Fuck you too and sod off.

You're such a charmer 



What a fucker...
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 11:33, schrieb Νικόλαος Κούρας:

It will remain, if you go away.


Look, pal, I work as a programmer for a (medium size) network service 
provider, and due to that I (should) know my networking security 101. 
It's generally people like you who are:


1) extremely careless about their system
2) intolerably naive and persistently refusing to learn

and who as a consequence hand out root logins for hosts with big (!) 
pipes to people that should - under no circumstances ever, EVER - be 
trusted, who are in turn causing the scourge of the public internets 
that's called a botnet. It doesn't matter whether you're simply so 
stupid (yes, I said it!) as to hand out actual root logins or whether 
you refuse to update your system or whether you use weak passwords: in 
all cases, your system is compromised, and due to the rather big pipe 
that your system has it in turn compromises the integrity of the whole 
network that the system is connected to.


Chris is completely right: you shouldn't thank him for not doing 'rm -rf 
/' on your system (that's utter peanuts, and only hits you), you should 
rather thank him for not copying your complete client data (and in turn 
their client's data, let's talk about identity theft) and/or for not 
installing a bot on your system which would in turn cause me to have 
headaches when the bot's misused to DDoS or for any other form of 
network-based attack on the network that I need to administer.


It's you who's the untrustworthy, completely unreliable and utterly 
irresponsible member of the community of networks that's called the 
Internet. Please go somewhere else.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread alex23 
On Jun 5, 7:48 pm, Chris Angelico  wrote:
> No wonder the economy of Greece is in trouble.

This isn't addressed just to Chris, as this isn't the first time the
joke has been made, but could we not? There's a term for applying the
failings of an individual to an entire genetic or cultural collective,
and it isn't a pretty one.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 7:52 PM, alex23  wrote:
> On Jun 5, 7:48 pm, Chris Angelico  wrote:
>> No wonder the economy of Greece is in trouble.
>
> This isn't addressed just to Chris, as this isn't the first time the
> joke has been made, but could we not? There's a term for applying the
> failings of an individual to an entire genetic or cultural collective,
> and it isn't a pretty one.

Sorry. You're right, that was un-called-for. I retract that comment.

My main point I still stand by, though. These people are paying good
money for a service that probably seems fine, to them. It's probably
seemed fine for several years, even. But underneath, the systems admin
is constantly breaking stuff and then coming in a panic to an open
forum, begging for help, and then giving root access to strangers in
the hope that they'll magically fix everything. This is not the sort
of service I would pay for, and this is why I do not regret the
potential damage to Nikos's revenue. The complaint is equivalent to
begging a bank not to put in security cameras, because bank robbers
might get less income.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:55:49 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
> Am 05.06.2013 11:33, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:

> It's you who's the untrustworthy, completely unreliable and utterly 
> irresponsible member of the community of networks that's called the 
> Internet. 

I dont care what you do for a living, you never helped me a bit in anything, 
you just presented to me your self 1 hour ago to join the party.

> Please go somewhere else.

Please sod off from my thread. Thank you.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 12:21, schrieb Νικόλαος Κούρας:

I dont care what you do for a living, you never helped me a bit in anything, 
you just presented to me your self 1 hour ago to join the party.


Guess why I did so: you're presently touching a subject (network safety) 
that I hold dear, and not only being a troll.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 1:12:55 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 7:52 PM, alex23  wrote:
> 
> > On Jun 5, 7:48 pm, Chris Angelico  wrote:
> 
> >> No wonder the economy of Greece is in trouble.
> 
> >
> 
> > This isn't addressed just to Chris, as this isn't the first time the
> 
> > joke has been made, but could we not? There's a term for applying the
> 
> > failings of an individual to an entire genetic or cultural collective,
> 
> > and it isn't a pretty one.
> 
> 
> 
> Sorry. You're right, that was un-called-for. I retract that comment.
> 
> 
> 
> My main point I still stand by, though. These people are paying good
> 
> money for a service that probably seems fine, to them. It's probably
> 
> seemed fine for several years, even. But underneath, the systems admin
> 
> is constantly breaking stuff and then coming in a panic to an open
> 
> forum, begging for help, and then giving root access to strangers in
> 
> the hope that they'll magically fix everything. This is not the sort
> 
> of service I would pay for, and this is why I do not regret the
> 
> potential damage to Nikos's revenue. The complaint is equivalent to
> 
> begging a bank not to put in security cameras, because bank robbers
> 
> might get less income.

I dont own e-shops websites that require credit cards to make transactions.
I just host 10 peoples who happen to be my friends websites, most of them 
created by Joomla CMS.

50 euros they pay me for the year for my services and some of them the half.
I barely make some money out of this which with your actions today might loose 
them too. I hope you are happy.
What ever i try is expicitly under my user account for python issues and not 
system wide, so hell brakes loose. And even if it did, my company whos server i 
rent, would have been abel to fix that.

What you did is unforgivable, you should have decalred that:

"Nik, i actually dont want to help you with your damn enodnig issue, bur rather 
mess with your system to prove a point and i dont even regret if you loose some 
of your customers."

Having said that, you could have been honest.
At some point i will pay someone here to modify my templates and python scripts 
to use web frameworks.
You and Heiko of course would be excluded from the programmer for hire list.

Michael Torrie
Steven D'aprano
Lele Gaifax
Cameron Simpson

are possible candidates.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 12:30, schrieb Νικόλαος Κούρας:

You and Heiko of course would be excluded from the programmer for hire list.


Guess what: I have a job. And I don't give a damn.

--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 12:49:13 μ.μ. UTC+3, ο χρήστης alex23 έγραψε:
> On Jun 5, 7:46 pm, Νικόλαος Κούρας  wrote:
> 
> > And here us Alex23 private mail that sent out to me:
> 
> 
> 
> Which I spared the list from because it was off-topic, but I don't
> 
> think that's a concept you're overly familiar with given your posting
> 
> history.

You spare it from the list because you wanted to bitch in private.
Now sod off.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Antoon Pardon 
Op 05-06-13 11:19, Νικόλαος Κούρας schreef:
> I'am a perosn that eaisly trust other people to have ethics, especially 
> python programmers who knows how difficult its to debug a script and have it 
> working.
> Some people can be trusted, and actually try to help.
> Some dont.
> Chris is na example of the latter. At least he didnt wipe the whoile system 
> out.
> And i do have access of my system 30 mins now.
> And yes i will again root access to another person, which i beleive he can be 
> trsuted and give me some friendly help.
You believing so, is not enough.
> Tha is all i have to say and i'm not naive or fool.
> As i said some people can actually be trusted.
Yes you are naive and a fool. The existance of trustworthy people is not
the issue. The issue is how do you protect your server from the
untrustworthy ones.

Chris has shown you that your method for the latter sucks, yet here you
are publicly stating you will just proceed in the same way.

Someone with malice in mind has only to win your trust here or elsewhere
by faking he wants to help you and you seem willing to give them the
root password to your server. On top of that you have made it public
that this will likely work.

That certainly makes you naive and a fool.

-- 
Antoon Pardon
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 1:39:28 μ.μ. UTC+3, ο χρήστης Antoon Pardon έγραψε:
> Op 05-06-13 11:19, οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ schreef:
> 
> > I'am a perosn that eaisly trust other people to have ethics, especially 
> > python programmers who knows how difficult its to debug a script and have 
> > it working.
> 
> > Some people can be trusted, and actually try to help.
> 
> > Some dont.
> 
> > Chris is na example of the latter. At least he didnt wipe the whoile system 
> > out.
> 
> > And i do have access of my system 30 mins now.
> 
> > And yes i will again root access to another person, which i beleive he can 
> > be trsuted and give me some friendly help.
> 
> You believing so, is not enough.
> 
> > Tha is all i have to say and i'm not naive or fool.
> 
> > As i said some people can actually be trusted.
> 
> Yes you are naive and a fool. The existance of trustworthy people is not
> 
> the issue. The issue is how do you protect your server from the
> 
> untrustworthy ones.
> 
> 
> 
> Chris has shown you that your method for the latter sucks, yet here you
> 
> are publicly stating you will just proceed in the same way.
> 
> 
> 
> Someone with malice in mind has only to win your trust here or elsewhere
> 
> by faking he wants to help you and you seem willing to give them the
> 
> root password to your server. On top of that you have made it public
> 
> that this will likely work.

I will understand by his attitude in general if he is likely to help me or not.
With Chris, being an expert and all, i was 60%-40% that he was likely to help 
me, but i was rather worrying if he would solve the filename encoding and 
suexec issues more that harming the server(whoch he did not)

Btw, since history doesnt show me his history comamnds when he logged in from 
.au(why not really?), how can i tell what exactly did he do when he logged on 
to the server?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 13:07, schrieb Νικόλαος Κούρας:

Btw, since history doesnt show me his history comamnds when he logged in from 
.au(why not really?), how can i tell what exactly did he do when he logged on 
to the server?


As root has full access to your system (i.e., can change file contents 
and system state at will), and you gave him root access: you can't. And 
he made sure to remove things such as .bash_history and the syslog 
contents, I guess. At least that's what I'd have done to prove a point.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread alex23 
On Jun 5, 9:07 pm, Νικόλαος Κούρας  wrote:
> Btw, since history doesnt show me his history comamnds when he logged in from 
> .au(why not really?)

http://lmgtfy.com/?q=centos+clear+command+line+history

You're welcome.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
> Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:
> 
> >Btw, since history doesnt show me his history comamnds when he logged in 
> >from .au(why not really?), how can i tell what exactly did he do when he
> >logged on to the server?

> As root has full access to your system (i.e., can change file contents  
> and system state at will), and you gave him root access: you can't. And  
> he made sure to remove things such as .bash_history and the syslog  
> contents, I guess. At least that's what I'd have done to prove a point.

I see. Thanks.
Is there some logging utility i can use next time iam offering root access to 
someone(if i do it) or perhaps logging a normal's account activity?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Heiko Wundram 

Am 05.06.2013 13:19, schrieb Νικόλαος Κούρας:

Is there some logging utility i can use next time iam offering root access to 
someone(if i do it) or perhaps logging a normal's account activity?


Short answer: Not for root, no.

Long answer: as I've already said: root can change file contents, or 
more explicitly _any_ system state, and (s)he can do that at will, and 
as such you can't ever be sure that what any form of logging is telling 
you will be the "truth" in some form or another if you've had a 
malicious root user on your system.


Now: think again why it's such a plain stupid and incredibly bad idea to 
hand out root credentials to people you shouldn't trust, and why people 
(like me) keep telling you that you're naive and a fool to even consider 
handing out root logins.


PS: the same is true for normal logins. You don't know whether some form 
of privilege escalation exists on your system, so even by handing out 
supposedly safe non-root accounts, your installation might get 
compromised due to insecure SUID software or due to privilege escalation 
bugs in the kernel.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Mark Lawrence 

On 05/06/2013 10:06, Νικόλαος Κούρας wrote:


Fuck you too and sod off.



You've got a bloody nerve.  You're charging people when you haven't the 
faintest idea what you're doing, won't pay for technical support, and 
then have the audacity to complain when people do try to help.  As I've 
said before, it's hardly surprising that the Greek economy is in such a 
mess if you're an example of what the workforce has to offer.  I was 
going to say professionally, except that word is clearly not applicable 
here.


--
"Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green." Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Mark Lawrence 

On 05/06/2013 11:32, Νικόλαος Κούρας wrote:

Τη Τετάρτη, 5 Ιουνίου 2013 12:49:13 μ.μ. UTC+3, ο χρήστης alex23 έγραψε:

On Jun 5, 7:46 pm, Νικόλαος Κούρας  wrote:


And here us Alex23 private mail that sent out to me:




Which I spared the list from because it was off-topic, but I don't

think that's a concept you're overly familiar with given your posting

history.


You spare it from the list because you wanted to bitch in private.
Now sod off.



Never in the field of the internet has so much been owed to so many by 
so few.


--
"Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green." Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Mark Lawrence 

On 05/06/2013 10:31, Chris Angelico wrote:



You most definitely *are* a fool.

ChrisA



I believe the above is just plain wrong.  A fool and his money are 
easily parted, but this guy won't part with his cash.


--
"Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green." Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 4:16:46 μ.μ. UTC+3, ο χρήστης Mark Lawrence έγραψε:
> On 05/06/2013 10:06, οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ wrote:
> 
> 
> 
> > Fuck you too and sod off.
> 
> >
> 
> 
> 
> You've got a bloody nerve.  You're charging people when you haven't the 
> 
> faintest idea what you're doing, won't pay for technical support, and 
> 
> then have the audacity to complain when people do try to help.  As I've 
> 
> said before, it's hardly surprising that the Greek economy is in such a 
> 
> mess if you're an example of what the workforce has to offer.  I was 
> 
> going to say professionally, except that word is clearly not applicable 
> 
> here.

When you invented meat, Greeks were already suffering from cholesterol.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Serhiy Storchaka 

05.06.13 11:09, Chris Angelico написав(ла):

Oh, and I changed the root password, since the current one was sent in
clear text across the internet. Nikos, the new password has been
stored in /home/nikos/new_password - you should be able to access that
using your non-root login. I recommend you change it immediately.


What are permission modes of /home/nikos and /home/nikos/new_password?


--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 5:46:57 μ.μ. UTC+3, ο χρήστης Serhiy Storchaka 
έγραψε:
> 05.06.13 11:09, Chris Angelico написав(ла):
> 
> > Oh, and I changed the root password, since the current one was sent in
> 
> > clear text across the internet. Nikos, the new password has been
> 
> > stored in /home/nikos/new_password - you should be able to access that
> 
> > using your non-root login. I recommend you change it immediately.
> 
> 
> 
> What are permission modes of /home/nikos and /home/nikos/new_password?


ni...@superhost.gr [~/www]# pwd
/home/nikos/www
ni...@superhost.gr [~/www]# ls -ld ../
drwx--x--x 24 nikos nikos 4096 Jun  5 11:28 ..//
ni...@superhost.gr [~/www]#
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 9:07 PM, Νικόλαος Κούρας  wrote:
> I will understand by his attitude in general if he is likely to help me or 
> not.

How much of my attitude did you read before you decided I would trust
you? Posts like this:

http://mail.python.org/pipermail/python-list/2013-June/648428.html
http://mail.python.org/pipermail/python-list/2013-June/648496.html

and especially this:

http://mail.python.org/pipermail/python-list/2013-June/648459.html

state fairly clearly what I'm intending. I was NOT planning to solve
your problem. I was planning all along to do exactly what I did:
search for some proof that I had full access, email it to the persons
concerned, then leave without doing any actual damage.

So if you were *that wrong* about me, what makes you think you can
judge someone else safely?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Wed, Jun 5, 2013 at 9:19 PM, Νικόλαος Κούρας  wrote:
> Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
>> Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:
>>
>> >Btw, since history doesnt show me his history comamnds when he logged in
>> >from .au(why not really?), how can i tell what exactly did he do when he
>> >logged on to the server?
>
>> As root has full access to your system (i.e., can change file contents
>> and system state at will), and you gave him root access: you can't. And
>> he made sure to remove things such as .bash_history and the syslog
>> contents, I guess. At least that's what I'd have done to prove a point.

In fact, I didn't even bother fiddling with syslog. All I did was
.bash_history. Of course, I wasn't worried about you getting my IP
addresses (one of them is public anyway, and the other isn't mine any
longer than I'm using it), and nothing I did there was sufficiently
serious to be worth hiding, but I just did the history so I could
point out how easy this is.

> I see. Thanks.
> Is there some logging utility i can use next time iam offering root access to 
> someone(if i do it) or perhaps logging a normal's account activity?

You could log a normal user fairly easily, because root trumps normal
users. To log root access, there are a few options:

1) Don't actually give unrestricted roots, but require the use of
sudo, which logs. Not 100% perfect unless you actually restrict the
commands that can be executed, but it'd at least let you have some
idea that things were tampered with.

2) Provide a special bouncer. This is a little complex to describe, so
bear with me. Imagine you have *two* computers, WebHost and Bouncer.
You want to give root access to WebHost, so you invite someone to ssh
to webroot@bouncer - the shell of that user establishes a secondary
connection to root@webhost and passes everything on, but also logs it.
Since *no* access to Bouncer has been granted, the logs can't be
tampered with. This can be complicated to set up and secure, but it's
certainly possible. However, I think it is beyond your ability, at
least at the moment.

3) Provide a hacked-up root shell that logs to a network location, and
disable all other shell usage. Imperfect but would probably work.

4) Require that all root shell access be done through screen/tmux, and
monitor it.

You can probably think of a few others, too.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Joel Goldstick 
On Wed, Jun 5, 2013 at 12:24 PM, Chris Angelico  wrote:

> On Wed, Jun 5, 2013 at 9:07 PM, Νικόλαος Κούρας 
> wrote:
> > I will understand by his attitude in general if he is likely to help me
> or not.
>
> How much of my attitude did you read before you decided I would trust
> you? Posts like this:
>
> http://mail.python.org/pipermail/python-list/2013-June/648428.html
> http://mail.python.org/pipermail/python-list/2013-June/648496.html
>
> and especially this:
>
> http://mail.python.org/pipermail/python-list/2013-June/648459.html
>
> state fairly clearly what I'm intending. I was NOT planning to solve
> your problem. I was planning all along to do exactly what I did:
> search for some proof that I had full access, email it to the persons
> concerned, then leave without doing any actual damage.
>
> So if you were *that wrong* about me, what makes you think you can
> judge someone else safely?
>
> ChrisA
> --
> http://mail.python.org/mailman/listinfo/python-list
>

To solve the OPs problems once and for all, I believe we need to know his
social security number and his mother's maiden name.  (Yes, i know SSN is
for US but... )

-- 
Joel Goldstick
http://joelgoldstick.com
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Thu, Jun 6, 2013 at 12:46 AM, Serhiy Storchaka  wrote:
> 05.06.13 11:09, Chris Angelico написав(ла):
>>
>> Oh, and I changed the root password, since the current one was sent in
>> clear text across the internet. Nikos, the new password has been
>> stored in /home/nikos/new_password - you should be able to access that
>> using your non-root login. I recommend you change it immediately.
>
>
> What are permission modes of /home/nikos and /home/nikos/new_password?

I didn't actually fiddle with that, but you're right, I ought to have
ensured that the password file was mode 600. However, I don't think it
would have made a lot of difference; mainly I was wanting to guard
against randoms on the internet, not actual legit users of his system
(and even they may well not have shell access).

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 7:37:47 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Thu, Jun 6, 2013 at 12:46 AM, Serhiy Storchaka  wrote:
> 
> > 05.06.13 11:09, Chris Angelico написав(ла):
> 
> >>
> 
> >> Oh, and I changed the root password, since the current one was sent in
> 
> >> clear text across the internet. Nikos, the new password has been
> 
> >> stored in /home/nikos/new_password - you should be able to access that
> 
> >> using your non-root login. I recommend you change it immediately.
> 
> >
> 
> >
> 
> > What are permission modes of /home/nikos and /home/nikos/new_password?
> 
> 
> 
> I didn't actually fiddle with that, but you're right, I ought to have
> 
> ensured that the password file was mode 600. However, I don't think it
> 
> would have made a lot of difference; mainly I was wanting to guard
> 
> against randoms on the internet, not actual legit users of his system
> 
> (and even they may well not have shell access).

I grant shell access to very new account i create but some of my customers dont 
evn know the existance of linux, and the other that do, have no idea of what a 
shell access is. But i grant them the ability just in cae for future usage.

Most of them are doign the work via cPanel tools.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Wed, Jun 5, 2013 at 9:19 PM, Νικόλαος Κούρας  wrote:
> 
> > Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram 
> > έγραψε:
> 
> >> Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:
> 
> >>
> 
> >> >Btw, since history doesnt show me his history comamnds when he logged in
> 
> >> >from .au(why not really?), how can i tell what exactly did he do when he
> 
> >> >logged on to the server?
> 
> >
> 
> >> As root has full access to your system (i.e., can change file contents
> >> and system state at will), and you gave him root access: you can't. And
> >> he made sure to remove things such as .bash_history and the syslog
> >> contents, I guess. At least that's what I'd have done to prove a point.

> In fact, I didn't even bother fiddling with syslog. All I did was
> .bash_history. Of course, I wasn't worried about you getting my IP
> addresses (one of them is public anyway, and the other isn't mine any
> longer than I'm using it), and nothing I did there was sufficiently
> serious to be worth hiding, but I just did the history so I could
> point out how easy this is.

So, by executing .bash_history commands issued are cleared. okey.
What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog 
can the latter show me what commands have been executed, files opened, commands 
given, services started-stopped etc? 

> and nothing I did there was sufficiently serious to be worth hiding.

Actually i believ you, because if you had malice in mind you could 'rm -rf /' 
or deface frontpages which you didnt do.

But is there a way for me to see what commands have been issued? syslog perhaps 
as ia sk above?
Since you didn't hurm the system why the need of wipe clean bash's history?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 7:35:48 μ.μ. UTC+3, ο χρήστης Joel Goldstick έγραψε:

>To solve the OPs problems once and for all, I believe we need to know his 
>>social security number and his mother's maiden name.  (Yes, i know SSN is for 
>US >but... )

Even if i gibe you that info, what can you possibly expect to happen?
Gain access to my Gmail account because you stuck in its security question?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Thu, Jun 6, 2013 at 3:05 AM, Νικόλαος Κούρας  wrote:
> I grant shell access to very new account i create but some of my customers 
> dont evn know the existance of linux, and the other that do, have no idea of 
> what a shell access is. But i grant them the ability just in cae for future 
> usage.
>
> Most of them are doign the work via cPanel tools.

I would strongly recommend NOT giving shell access, then. The chances
are low that they'll ever need it, and you improve your security
significantly by closing it off.

On Thu, Jun 6, 2013 at 3:07 AM, Νικόλαος Κούρας  wrote:
> Τη Τετάρτη, 5 Ιουνίου 2013 7:35:48 μ.μ. UTC+3, ο χρήστης Joel Goldstick 
> έγραψε:
>
>>To solve the OPs problems once and for all, I believe we need to know his 
>>>social security number and his mother's maiden name.  (Yes, i know SSN is 
>>for US >but... )
>
> Even if i gibe you that info, what can you possibly expect to happen?
> Gain access to my Gmail account because you stuck in its security question?

What about: gain access to your bank account the same way? How would
you feel about random people on the internet having the ability to
transfer money on your behalf?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας  wrote:
> Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico 
> έγραψε:
>> In fact, I didn't even bother fiddling with syslog. All I did was
>> .bash_history. Of course, I wasn't worried about you getting my IP
>> addresses (one of them is public anyway, and the other isn't mine any
>> longer than I'm using it), and nothing I did there was sufficiently
>> serious to be worth hiding, but I just did the history so I could
>> point out how easy this is.
>
> So, by executing .bash_history commands issued are cleared. okey.
> What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog 
> can the latter show me what commands have been executed, files opened, 
> commands given, services started-stopped etc?

Poke around in /var/log - I didn't tamper with anything there, so you
may well find log entries. But I don't know for sure what I did and
what I didn't do.

>> and nothing I did there was sufficiently serious to be worth hiding.
>
> Actually i believ you, because if you had malice in mind you could 'rm -rf /' 
> or deface frontpages which you didnt do.
>
> But is there a way for me to see what commands have been issued? syslog 
> perhaps as ia sk above?
> Since you didn't hurm the system why the need of wipe clean bash's history?

There won't be a full list of all commands, but you may find some
hints. And why wipe it? Just to show how easily it could be done.
Imagine if I'd:

1) Created a new user, with a home directory of /etc
2) Made a setuid root binary that gives me a shell
3) Removed all logfile traces of having done so

I could then *retain full access* even after you change the root
password. And you would not know what I'd done, if I do the logfile
wipes correctly. You might see some hint (eg that logs were rotated
prematurely), but it'd be extremely hard to figure out what I did.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 8:16:46 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας  wrote:
> 
> > Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico 
> > έγραψε:
> 
> >> In fact, I didn't even bother fiddling with syslog. All I did was
> 
> >> .bash_history. Of course, I wasn't worried about you getting my IP
> 
> >> addresses (one of them is public anyway, and the other isn't mine any
> 
> >> longer than I'm using it), and nothing I did there was sufficiently
> 
> >> serious to be worth hiding, but I just did the history so I could
> 
> >> point out how easy this is.
> 
> >
> 
> > So, by executing .bash_history commands issued are cleared. okey.
> 
> > What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with 
> > syslog can the latter show me what commands have been executed, files 
> > opened, commands given, services started-stopped etc?
> 
> 
> 
> Poke around in /var/log - I didn't tamper with anything there, so you
> 
> may well find log entries. But I don't know for sure what I did and
> 
> what I didn't do.
> 
> 
> 
> >> and nothing I did there was sufficiently serious to be worth hiding.
> 
> >
> 
> > Actually i believ you, because if you had malice in mind you could 'rm -rf 
> > /' or deface frontpages which you didnt do.
> 
> >
> 
> > But is there a way for me to see what commands have been issued? syslog 
> > perhaps as ia sk above?
> 
> > Since you didn't hurm the system why the need of wipe clean bash's history?
> 
> 
> 
> There won't be a full list of all commands, but you may find some
> 
> hints. And why wipe it? Just to show how easily it could be done.
> 
> Imagine if I'd:
> 
> 
> 
> 1) Created a new user, with a home directory of /etc
> 
> 2) Made a setuid root binary that gives me a shell
> 
> 3) Removed all logfile traces of having done so
> 
> 
> 
> I could then *retain full access* even after you change the root
> 
> password. And you would not know what I'd done, if I do the logfile
> 
> wipes correctly. You might see some hint (eg that logs were rotated
> 
> prematurely), but it'd be extremely hard to figure out what I did.

Forensics is not my strong point, currently i'm learning linux hence i only 
have basic knowledge just to get some basic stuff up and running.

Now about what you did to me. I wanted to tell you that I (and I am sure there 
are other people too) don't agree with what you did. I think it was pretty 
rotten -- you told me it was a bad idea to give out the root password and that 
was as far as you should have gone, you had no right to "prove" it by screwing 
with my system. 

In the US there is a law called the DMCA which I think would make what
you did illegal, even though i have you a password, because i
clearly gave you access to help me fix a problem, not to do what you
did. Of course US law doesn't help in this case since you i live in Greece and 
you live in Australia...

I decided a long time ago the certain people on the Python list were
assholes, you leading the list followed by alex23, Mark Lawrence 
and several more. Your post about how you are a good Christian just 
confirms to me that you aren't -- people who brag about how moral they
are are usually immoral. And besides the major assholes, there are
lots of people there that will just agree with prevailing opinion 
without thinking for themselves.

I still maintain my belief that most people are good and want to help
rather than be destructive(which to your defense you weren't entirely. The 
mails you sent to my few customers though really pissed me off).

And of course, i have no idea, if you ahve installed some kind of a backdoor 
utility that will grant you shell access via ssh to my system.
I want to convince myself that you haven't done so.



-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας  wrote:
> Now about what you did to me. I wanted to tell you that I (and I am sure 
> there are other people too) don't agree with what you did. I think it was 
> pretty rotten -- you told me it was a bad idea to give out the root password 
> and that was as far as you should have gone, you had no right to "prove" it 
> by screwing with my system.
>
> In the US there is a law called the DMCA which I think would make what
> you did illegal, even though i have you a password, because i
> clearly gave you access to help me fix a problem, not to do what you
> did. Of course US law doesn't help in this case since you i live in Greece 
> and you live in Australia...

IANAL, but I don't think the DMCA has anything to do with this. (That
is to say, I don't think it would even if everything were under US
jurisdiction, which as you say isn't the case anyway.) What I did is
no more illegal than you lending your car keys to a stranger with the
request that he lock your door for you, and him then leafing through
the contents of your car and telling your spouse what he found. If
that causes your marriage to break up, the fault was with you for
having something in your car that would break up your marriage, and
for letting a stranger poke around in there.

> I still maintain my belief that most people are good and want to help
> rather than be destructive(which to your defense you weren't entirely. The 
> mails you sent to my few customers though really pissed me off).

The mails to your customers stop you from pretending to them that you
know what you're doing. That's all. Now, you may be able to come back
from this by making a public change of policy (you so far have a
declared stance that you would give out the root password to someone
else in future) and apologizing profusely to your customers, but if
you can't, that is your problem and not mine.

I was programming computers for eighteen years before I got a job
doing it. Getting money for hosting people's web sites is something
that you should see as a privilege for people who can demonstrably
provide this service safely, and should not be something you strive
for while you're learning the basics of Linux.

> And of course, i have no idea, if you ahve installed some kind of a backdoor 
> utility that will grant you shell access via ssh to my system.
> I want to convince myself that you haven't done so.

I can help with that convincing. No, I did not install any sort of
backdoor. There is no way you can prove that statement, but you have
my promise and pledge that your system is safe from me. All I did was:

1) Change the root password, storing the new one in a way that you could find it
2) Create the cookie file as proof of what I could do
3) Collect email addresses from /home/*/.contactemail
4) Inspect the index.html files in a few directories as a means of
locating the web sites concerned
5) 'mv .bash_history .bash_history_old', and later mv it back

There is no ongoing access, and now that you've changed the root
password (btw, I hope you weren't silly enough to change it to the
same password you emailed me), the system is under your control again.
 But you cannot be sure that the *other* people you've given root
access to didn't do the same.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 8:47:38 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας  wrote:
> 
> > Now about what you did to me. I wanted to tell you that I (and I am sure 
> > there are other people too) don't agree with what you did. I think it was 
> > pretty rotten -- you told me it was a bad idea to give out the root 
> > password and that was as far as you should have gone, you had no right to 
> > "prove" it by screwing with my system.
> 
> >
> 
> > In the US there is a law called the DMCA which I think would make what
> 
> > you did illegal, even though i have you a password, because i
> 
> > clearly gave you access to help me fix a problem, not to do what you
> 
> > did. Of course US law doesn't help in this case since you i live in Greece 
> > and you live in Australia...
> 
> 
> 
> IANAL, but I don't think the DMCA has anything to do with this. (That
> 
> is to say, I don't think it would even if everything were under US
> 
> jurisdiction, which as you say isn't the case anyway.) What I did is
> 
> no more illegal than you lending your car keys to a stranger with the
> 
> request that he lock your door for you, and him then leafing through
> 
> the contents of your car and telling your spouse what he found. If
> 
> that causes your marriage to break up, the fault was with you for
> 
> having something in your car that would break up your marriage, and
> 
> for letting a stranger poke around in there.
> 
> 
> 
> > I still maintain my belief that most people are good and want to help
> 
> > rather than be destructive(which to your defense you weren't entirely. The 
> > mails you sent to my few customers though really pissed me off).
> 
> 
> 
> The mails to your customers stop you from pretending to them that you
> 
> know what you're doing. That's all. Now, you may be able to come back
> 
> from this by making a public change of policy (you so far have a
> 
> declared stance that you would give out the root password to someone
> 
> else in future) and apologizing profusely to your customers, but if
> 
> you can't, that is your problem and not mine.
> 
> 
> 
> I was programming computers for eighteen years before I got a job
> 
> doing it. Getting money for hosting people's web sites is something
> 
> that you should see as a privilege for people who can demonstrably
> 
> provide this service safely, and should not be something you strive
> 
> for while you're learning the basics of Linux.
> 
> 
> 
> > And of course, i have no idea, if you ahve installed some kind of a 
> > backdoor utility that will grant you shell access via ssh to my system.
> 
> > I want to convince myself that you haven't done so.
> 
> 
> 
> I can help with that convincing. No, I did not install any sort of
> 
> backdoor. There is no way you can prove that statement, but you have
> 
> my promise and pledge that your system is safe from me. All I did was:
> 
> 
> 
> 1) Change the root password, storing the new one in a way that you could find 
> it
> 
> 2) Create the cookie file as proof of what I could do
> 
> 3) Collect email addresses from /home/*/.contactemail
> 
> 4) Inspect the index.html files in a few directories as a means of
> 
> locating the web sites concerned
> 
> 5) 'mv .bash_history .bash_history_old', and later mv it back
> 
> 
> 
> There is no ongoing access, and now that you've changed the root
> 
> password (btw, I hope you weren't silly enough to change it to the
> 
> same password you emailed me), the system is under your control again.
> 
>  But you cannot be sure that the *other* people you've given root
> 
> access to didn't do the same.

Every time i granted access to other folks when jobs done i alwaws 'passwd' as 
root to avoid unwanted access.

All customers are also my friends and they like me and trust me. I also fix 
their computers too and use "TeamViewer" many times to help them from home.

Still, all of your doing could be avoided if isntead of fiddlign with my 
clients, you would actually try to provide a helping had.

Anyway, i should'n have given root access to you, i was a bit worried doing so, 
but i was also under stress of also correcting this damn encoding issue and i 
wanted to think you would be the one that finally help solving it.

I was wrong. But no matter what you say i won't lose my beleif hat if for 
example i have given access to Steven, things could have turn into a positive 
solution.

You shouldnt have gone "that far", just to prove a point.
Its not that malicious activity didn't occur to me that migth happen, i just 
like to think that it wont.

Any way, enough said.



-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Chris Angelico 
On Thu, Jun 6, 2013 at 4:08 AM, Νικόλαος Κούρας  wrote:
> Anyway, i should'n have given root access to you, i was a bit worried doing 
> so, but i was also under stress of also correcting this damn encoding issue 
> and i wanted to think you would be the one that finally help solving it.
>
> You shouldnt have gone "that far", just to prove a point.
> Its not that malicious activity didn't occur to me that migth happen, i just 
> like to think that it wont.

Sure, you'd like to think that nothing will ever go wrong. Trouble is,
you can't depend on that. Maybe Steven D'Aprano would have solved your
problem for you... maybe not. Maybe you would have picked someone who
totally smashed your system, reputation, bank balance, and family pet.
How would you know?

The point of security is not to trust that most people will be fine.
The point of security is to be secure. You may not be able to guard
against everything, but you can certainly put some effort into not
making it easy for an attacker.

Treat the root password as a keyring with all of your keys on it, and
assume that you're going on holidays overseas. Do you contact
strangers to ask them to feed your cat? Or do you talk to a trusted
friend?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Νικόλαος Κούρας 
Τη Τετάρτη, 5 Ιουνίου 2013 9:16:56 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:

>Do you contact strangers to ask them to feed your cat? Or do you talk to a 
>>trusted friend?

Well i dont consider you a perfect stranger, because we kind of know each other 
since we speak here sometime.

You know how much i was striving for help resolving this, and i was happy this 
morning thinking that Chris will fianlly put me out of this encoding misery
-- 
http://mail.python.org/mailman/listinfo/python-list

  1   2   >