Re: Apache and suexec issue that wont let me run my python script
On Tue, Jun 4, 2013 at 1:12 PM, Νικόλαος Κούρας nikos.gr...@gmail.comwrote: Τη Τρίτη, 4 Ιουνίου 2013 8:09:18 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 3:02 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I'm willing to let someone with full root access to my webhost to see thigns from the inside. Does someone want to take o allok or at elast tell me what else i need to try, that hasn't been tried out yet? You need to read up on what happens when you enter Dummy Mode and give someone full root access to your web host. You really REALLY need to understand what that means before you offer random strangers that kind of access to someone else's data. I've half a mind to take you up on your offer, then go look for personal and private info from your clients, and email it to them (along with a link to this thread) to point out what's going on. ChrisA I know what full root access mean. I also trust you. I'm hopeless man, its 1 week now dealing with this. -- http://mail.python.org/mailman/listinfo/python-list I trust you too Chris! -- Joel Goldstick http://joelgoldstick.com -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Op 05-06-13 11:06, Νικόλαος Κούρας schreef: Τη Τετάρτη, 5 Ιουνίου 2013 11:59:28 π.μ. UTC+3, ο χρήστης alex23 έγραψε: On Jun 5, 6:41 pm, Chris Angelico ros...@gmail.com wrote: This matter is far more serious than you seem to be giving it consideration for. You complain that I violated your trust; you violated the trust of people who are paying you money. I think the term I'm looking for here is: EPIC WIN :D I didnt violate anything. Chris violated my treust. There would have been no violation if he just look into en encoding issue and not meddled with my customers mail and data. Yes you violated peoples trust. People trust you to act in a way to keep their data safe. Mailing your root password to someone you only know from a mailinglist/newsgroup is acting irresponsibly. That Chris has violated your trust, doesn't make your own irresponsible behaviour dissappear. Not only that, you made it public you would continue to act the same way in the future. If I had trusted you with my data, I would have felt my trust to be violated. Your actions are similar to someone who keeps a credit card for an organisation, gives the security code to a stranger and then complains the stranger moved a lot of money from one bank account to another (although all owned by you). Sure the stranger had no business doing that, but you sure were violating the trust of the organisation by acting so irresponsibly. -- Antoon Pardon -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 06/05/2013 08:02 PM, Tim Chase wrote: On 2013-06-05 17:57, ru...@yahoo.com wrote: stories over the years where people where convicted (or at least charged with) violating the DMCA (or perhaps equally draconian followup U.S. laws) even though they clearly penetrated the system to point out security flaws. I suspect you read CFAA (Computer Fraud Abuse Act) and thought DMCA (Digital Millennium Copyright Act), as there have been a number of prosecutions under the CFAA (including the whole Aaron Swartz ordeal) for nebulous exceeding authorization/ Yes, thanks for correcting that. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 8:23:12 π.μ. UTC+3, ο χρήστης alex23 έγραψε: On Jun 5, 3:11 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I'm not trolling, you are the one that do not understand. Here i swicthed the code from: path = /home/nikos/www/data/apps/ to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' as i said: # Compute a set of current fullpaths path = /home/nikos/public_html/data/apps/ Same error. /home/nikos/public_html/data/apps/ /home/nikos/public_html/cgi- bin/ Are you even reading the error messages? What do you mean? Yes i have read the error messsage and i can't understand wht file it can't find. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 2:59 PM, alex23 wuwe...@gmail.com wrote: On Jun 5, 2:40 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' What this has to do with what i asked? You display an error of No such file or directory and you wonder why I'm trying to confirm the two locations are the same. Can you finally admit you're trolling now? In Nikos's defense (wow that feels wrong), linking public_html and www is quite common, and his prompts have clearly shown that his username is nikos. So the commonality is at least unsurprising. He ought to have mentioned it, of course, but it's at least something well known. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Good Day Chris, thanks for accepting. Please mail me and i will send you the root login credentials. Well, I wasn't sure whether this would actually happen or not, but it did. I made it fairly clear to him in multiple posts that I was NOT going to sort out all his problems, yet he clearly did not read that, and has seen fit to compromise his security to the extreme extent of giving his *ROOT PASSWORD* to a total stranger over the internet. With that power, I could have done anything. I could have wiped out all his clients' data. I could have searched through his database content for credit cards, customer information, the works. But I didn't; I merely placed a small file in the public_html directory of each of the twelve web sites he has hosted: http://superhost.gr/Hello_from_Rosuav http://leonidasgkelos.com/Hello_from_Rosuav http://parking-byzantio.gr/Hello_from_Rosuav ... and nine others I have also contacted all the site owners who had a .contactemail file in their home directories, informing them of the situation. Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. Peanut gallery, did I make it sufficiently clear beforehand that giving out your root password is a bad idea? ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 11:09:50 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Good Day Chris, thanks for accepting. Please mail me and i will send you the root login credentials. Well, I wasn't sure whether this would actually happen or not, but it did. I made it fairly clear to him in multiple posts that I was NOT going to sort out all his problems, yet he clearly did not read that, and has seen fit to compromise his security to the extreme extent of giving his *ROOT PASSWORD* to a total stranger over the internet. With that power, I could have done anything. I could have wiped out all his clients' data. I could have searched through his database content for credit cards, customer information, the works. But I didn't; I merely placed a small file in the public_html directory of each of the twelve web sites he has hosted: http://superhost.gr/Hello_from_Rosuav http://leonidasgkelos.com/Hello_from_Rosuav http://parking-byzantio.gr/Hello_from_Rosuav ... and nine others I have also contacted all the site owners who had a .contactemail file in their home directories, informing them of the situation. Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. Peanut gallery, did I make it sufficiently clear beforehand that giving out your root password is a bad idea? ChrisA I gave you out of my good and trustworthy heart my root password so for you to look upon my systrem configuration and all you did was trying to fuck me by sending mails to my clients? How am i suppose to change the roor password from a normal user account?(nikos)? Other 3 times i hve gavein people my root password and they all trid to help me out, only you screwed me like this. If i lose some of my clients, will you been paying for the money loss? Do you think this server i rent comes for free with cPanel, Softaculous and other licenses? Fuck you. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 6:26 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I gave you out of my good and trustworthy heart my root password so for you to look upon my systrem configuration and all you did was trying to fuck me by sending mails to my clients? That would be trusting, not trustworthy, and I did make it pretty clear what I was proposing. How am i suppose to change the roor password from a normal user account?(nikos)? You don't. You log in as the normal user and look in your normal user's home directory. In there, you will find a file giving you the root password. It's safer that way; everything's done over SSH. Other 3 times i hve gavein people my root password and they all trid to help me out, only you screwed me like this. If i lose some of my clients, will you been paying for the money loss? No, I will not. I never made you any promise. If you lose some of your clients, it is because you have made some very poor decisions, including to tinker live with this server instead of having a staging area. All I've done is give your clients a chance to know what you're doing with their data, which I think is fair enough. Do you think this server i rent comes for free with cPanel, Softaculous and other licenses? Of course not. (In my opinion, cpanel is ridiculously overpriced.) Most of these sorts of things are either overkill, or utterly trivial; if you need it, the price is immaterial, but most people simply don't. Before you get too angry at me, ask yourself this question: Would you stand for someone giving out access to your system to a third party? Because that's exactly what you did to your clients. You gave me, a perfect stranger, full access to *THEIR* data. Do you understand how serious that is? In addition, you posted me the password in clear text via email. That's why I changed it - it's entirely possible someone saw the password in transmission. This matter is far more serious than you seem to be giving it consideration for. You complain that I violated your trust; you violated the trust of people who are paying you money. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 11:41:55 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 6:26 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I gave you out of my good and trustworthy heart my root password so for you to look upon my systrem configuration and all you did was trying to fuck me by sending mails to my clients? That would be trusting, not trustworthy, and I did make it pretty clear what I was proposing. How am i suppose to change the roor password from a normal user account?(nikos)? You don't. You log in as the normal user and look in your normal user's home directory. In there, you will find a file giving you the root password. It's safer that way; everything's done over SSH. Other 3 times i hve gavein people my root password and they all trid to help me out, only you screwed me like this. If i lose some of my clients, will you been paying for the money loss? No, I will not. I never made you any promise. If you lose some of your clients, it is because you have made some very poor decisions, including to tinker live with this server instead of having a staging area. All I've done is give your clients a chance to know what you're doing with their data, which I think is fair enough. Do you think this server i rent comes for free with cPanel, Softaculous and other licenses? Of course not. (In my opinion, cpanel is ridiculously overpriced.) Most of these sorts of things are either overkill, or utterly trivial; if you need it, the price is immaterial, but most people simply don't. Before you get too angry at me, ask yourself this question: Would you stand for someone giving out access to your system to a third party? Because that's exactly what you did to your clients. You gave me, a perfect stranger, full access to *THEIR* data. Do you understand how serious that is? In addition, you posted me the password in clear text via email. That's why I changed it - it's entirely possible someone saw the password in transmission. This matter is far more serious than you seem to be giving it consideration for. You complain that I violated your trust; you violated the trust of people who are paying you money. ChrisA So, iam to blame this for trusting you? YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS AND MAIL THEM TOO. IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT. BUT NO, YOU WANTED TO MAKE AN IMPRESSION BY SCREWING ME. I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO. YOU NEVER BOTHERED TAKING A LOOK AT THE ENCODING ISSUE. I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN SCREWED ME. FUCK YOU AND NO I DONT MIND THE LANGUAGE. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 5, 6:53 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: So, iam to blame this for trusting you? I'm sure you were smart enough to get Chris to sign a contract before giving him the keys to your kingdom, no? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 6:53 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: So, iam to blame this for trusting you? Your clients trust you to not compromise their security. You compromised their security by giving the root password to a stranger. YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS AND MAIL THEM TOO. IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT. When did I ever give the impression that I wanted to help? When did I ever actually ask you for that power? No, you kept trying to thrust it on us as part of your demands for assistance. I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO. So... your root account has fairly public access. Did you notify your clients that half a dozen random people have full access to their server? Can you prove to them that their private data is, indeed, private? I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN SCREWED ME. What promise? I never promised to help. Go read my posts... I would have said reread except that you never read them in the first place. Just be aware, I didn't actually hurt you in any way. I changed your root password to protect it, but you still have access. The only harm that could come from this is that your clients are now aware of the risks they are taking by remaining with you. I'm stripping away the veil and exposing the truth. Nothing more. And now, we're very much off-topic for python-list, but I think it's a good thing for other potential server-maintainers to be aware of. Trust is a very precious thing. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 5, 6:41 pm, Chris Angelico ros...@gmail.com wrote: This matter is far more serious than you seem to be giving it consideration for. You complain that I violated your trust; you violated the trust of people who are paying you money. I think the term I'm looking for here is: EPIC WIN :D -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 10:53, schrieb Νικόλαος Κούρας: I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO. You know what you're saying there? You've given (at least) four people you don't know at all (you know, on the internet nobody knows you're a dog and stuff) - and as such shouldn't trust them at all, either - free and full admission to a system that critical for you. That's like handing out keys to the front door of your home to any passer-by on the street who you feel like talking to - and then later wondering why your belongings are suddenly gone. Seeing how riled up you get about this, what Chris did is for the better. At least it seems that you won't be able to change your root password back, either, and as such you won't have root access anymore to your system for the time being, which makes your system and the internets a safer place for now. -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 11:59:28 π.μ. UTC+3, ο χρήστης alex23 έγραψε: On Jun 5, 6:41 pm, Chris Angelico ros...@gmail.com wrote: This matter is far more serious than you seem to be giving it consideration for. You complain that I violated your trust; you violated the trust of people who are paying you money. I think the term I'm looking for here is: EPIC WIN :D I didnt violate anything. Chris violated my treust. There would have been no violation if he just look into en encoding issue and not meddled with my customers mail and data. Alex23, you are the *WORST* character i ever encountered in this list and forums in gernal. Idiot and ignorant too not knowing that ~/www is a symlink to ~/public_html and pretending to help. Fuck you too and sod off. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:05:36 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 6:53 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: So, iam to blame this for trusting you? Your clients trust you to not compromise their security. You compromised their security by giving the root password to a stranger. YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS AND MAIL THEM TOO. IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT. When did I ever give the impression that I wanted to help? When did I ever actually ask you for that power? No, you kept trying to thrust it on us as part of your demands for assistance. I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO. So... your root account has fairly public access. Did you notify your clients that half a dozen random people have full access to their server? Can you prove to them that their private data is, indeed, private? I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN SCREWED ME. What promise? I never promised to help. Go read my posts... I would have said reread except that you never read them in the first place. Just be aware, I didn't actually hurt you in any way. I changed your root password to protect it, but you still have access. The only harm that could come from this is that your clients are now aware of the risks they are taking by remaining with you. I'm stripping away the veil and exposing the truth. Nothing more. And now, we're very much off-topic for python-list, but I think it's a good thing for other potential server-maintainers to be aware of. Trust is a very precious thing. ChrisA TODAY I READ YOUR POSTS THAT YOU ACTUALLY OFFERED TO LOG INTO MY SERVER. THAT WOULD IMPLY THAT YOU WANTED TO HELP OUT AND THATS WHY YOU OFFERED. I AKSED YOU FOR YOUR MAIL THEN AND YOU SEND ME A PRIVATE MAIL TO SEND YOU THE DATA. THEN I AGVE IT TO YOU. SHOULD I HAVE ASKED YOU EXPLICITLY BY MAIL TO 'ACTUALLY TRY TO HELP ME INSTEAD OF SCREW MY BUSINESS'? I TRUSTED YOU BECASUE I WAS UNDER THE IMPRESSION YOU COULD HELP ME WITH THIS ISSUES I;VE BEEN STRUGGLING. NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE SYSTEM OUT BY 'RM -RF /' GO TO HELL. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:04:15 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε: Am 05.06.2013 10:53, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½: I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME OTHER FORUMS TOO. You know what you're saying there? You've given (at least) four people you don't know at all (you know, on the internet nobody knows you're a dog and stuff) - and as such shouldn't trust them at all, either - free and full admission to a system that critical for you. That's like handing out keys to the front door of your home to any passer-by on the street who you feel like talking to - and then later wondering why your belongings are suddenly gone. Seeing how riled up you get about this, what Chris did is for the better. At least it seems that you won't be able to change your root password back, either, and as such you won't have root access anymore to your system for the time being, which makes your system and the internets a safer place for now. I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working. Some people can be trusted, and actually try to help. Some dont. Chris is na example of the latter. At least he didnt wipe the whoile system out. And i do have access of my system 30 mins now. And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help. Tha is all i have to say and i'm not naive or fool. As i said some people can actually be trusted. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 7:04 PM, Heiko Wundram modeln...@modelnine.org wrote: Seeing how riled up you get about this, what Chris did is for the better. At least it seems that you won't be able to change your root password back, either, and as such you won't have root access anymore to your system for the time being, which makes your system and the internets a safer place for now. Not quite accurate; he can change his root password back as soon as he logs in as the non-root user and cats one little file. Actually, I just tested, and the password I set is no longer valid, so I'm guessing he's already done so... either that, or a third party who was previously given access has now changed the password to something else. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 7:14 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE SYSTEM OUT BY 'RM -RF /' Yes. Actually, yes. Do you understand now what you have done by giving your password to multiple people? This is *completely* different from asking for help. You are giving someone complete access to do ANYTHING and without even being logfiled (try it - can you find out what I did? You'll be able to find a few things, like what IP addresses I logged in from, but not everything); this is something that you simply do not EVER do. And rm -rf / (by the way, it wouldn't work if I shouted at your computer the way you're shouting at me) is actually not the worst thing I could do. If one of your clients accepts credit cards from his customers and stores them, I could compromise your client's customers. They have a measure of trust in the web server; you are betraying that trust by letting me in. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 11:19, schrieb Chris Angelico: Not quite accurate; he can change his root password back as soon as he logs in as the non-root user and cats one little file. I understood that - I rather got the impression that he (as a person) wasn't technically capable of changing it. Alas, the internets didn't remain a better place for long. :-) -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 7:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working. Some people can be trusted, and actually try to help. Some dont. Chris is na example of the latter. At least he didnt wipe the whoile system out. I've actually tried on MANY occasions to help you. I have put in a number of hours of volunteer time researching and posting for you, which I don't regret only because the list is of value to more people than just the one who asked the question. You are unhelpable. And i do have access of my system 30 mins now. And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help. Tha is all i have to say and i'm not naive or fool. As i said some people can actually be trusted. So you'll casually give out your root password again, yet you think you are not naive? The next person you meet might actually do you some harm. You most definitely *are* a fool. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:27:20 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 7:14 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE SYSTEM OUT BY 'RM -RF /' Yes. Actually, yes. Do you understand now what you have done by giving your password to multiple people? This is *completely* different from asking for help. You are giving someone complete access to do ANYTHING and without even being logfiled (try it - can you find out what I did? You'll be able to find a few things, like what IP addresses I logged in from, but not everything); this is something that you simply do not EVER do. And rm -rf / (by the way, it wouldn't work if I shouted at your computer the way you're shouting at me) is actually not the worst thing I could do. If one of your clients accepts credit cards from his customers and stores them, I could compromise your client's customers. They have a measure of trust in the web server; you are betraying that trust by letting me in. iI got back root access and i 'rm -y /home/user/public_html/Hello_from_ROSUAV' so to delete your deface. Thank God you just placed that text file there and did not deface frontpages. Then i run 'history' to see what exactly you ahve typed but the history log only showed me my own commands. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:29:10 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε: Am 05.06.2013 11:19, schrieb Chris Angelico: Not quite accurate; he can change his root password back as soon as he logs in as the non-root user and cats one little file. I understood that - I rather got the impression that he (as a person) wasn't technically capable of changing it. Alas, the internets didn't remain a better place for long. :-) It will remain, if you go away. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:31:37 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 7:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working. Some people can be trusted, and actually try to help. Some dont. Chris is na example of the latter. At least he didnt wipe the whoile system out. I've actually tried on MANY occasions to help you. I have put in a number of hours of volunteer time researching and posting for you, which I don't regret only because the list is of value to more people than just the one who asked the question. You are unhelpable. And i do have access of my system 30 mins now. And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help. Tha is all i have to say and i'm not naive or fool. As i said some people can actually be trusted. So you'll casually give out your root password again, yet you think you are not naive? The next person you meet might actually do you some harm. You most definitely *are* a fool. TheRE is this saying that applis to you: A THIEF BELEIVES EVERYBODY STEALS. You do not trust people because you think all of them are likely to screw you, when its the other way around. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 7:32 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: iI got back root access and i 'rm -y /home/user/public_html/Hello_from_ROSUAV' so to delete your deface. Thank God you just placed that text file there and did not deface frontpages. Indeed. That's one of the few truly accurate statements you've made. I am a God-fearing man, a Christian, a man of ethics, and that is why I did not deface anything. All I did was create those files and read a few little pieces like the .contactemail nuggets (btw, thanks - those are the very people who have the right to know about this). Then i run 'history' to see what exactly you ahve typed but the history log only showed me my own commands. Precisely. My commands are not in your .bash_history file. Someone could have done anything and you wouldn't even know. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 5, 7:46 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: And here us Alex23 private mail that sent out to me: Which I spared the list from because it was off-topic, but I don't think that's a concept you're overly familiar with given your posting history. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 7:37 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: TheRE is this saying that applis to you: A THIEF BELEIVES EVERYBODY STEALS. You do not trust people because you think all of them are likely to screw you, when its the other way around. You really need to do a basic course in internet security. Why do we have SSL? Is it because everyone's honest and trustworthy? Why do you access your server using a password in the first place? I mean, if people are honest, wouldn't it be fine to just use TELNET and simply enter your name to get access? Please don't misunderstand me. If I hated you, thought you worthless, and/or was angry at you, I would not be trying to explain this; you would have been in my killfile weeks ago and I would not even be aware of your problems. I think you have the capacity to learn and improve, but you really need to put some effort into figuring out what you're doing. I dread to think what you're charging your clients for the shoddy service you're offering them. With ten clients, you're probably having to charge them the equivalent of $US50/year just for cpanel, on top of all your other costs. No wonder the economy of Greece is in trouble. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
And here us Alex23 private mail that sent out to me: On Jun 5, 7:06 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: There would have been no violation if he just look into en encoding issue and not meddled with my customers mail and data. Waaah, why didn't this stranger do my job for me for free? I'm so confused! Alex23, you are the *WORST* character i ever encountered in this list and forums in gernal. Hooray! You probably haven't noticed because you don't give a shit about any other problems here but your own, but I do help people on this list, when it's clear they actually want to learn and not just palm off their confusion onto other people. What I don't do is some lazy dickwad's work for him; I get enough of that from my project managers. I don't suffer fools gladly, and boy, are you ever a fool. Idiot and ignorant too not knowing that ~/www is a symlink to ~/public_html and pretending to help. Firstly, that's why I _asked_ if they were the same. Secondly, excuse me if I don't set up my web servers using shitty obsolete mechanisms like CGI. And given I'm not the one who's handing out root access to his commercial server like it's candy, you really shouldn't be throwing terms like ignorant around. Fuck you too and sod off. You're such a charmer What a fucker... -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 11:33, schrieb Νικόλαος Κούρας: It will remain, if you go away. Look, pal, I work as a programmer for a (medium size) network service provider, and due to that I (should) know my networking security 101. It's generally people like you who are: 1) extremely careless about their system 2) intolerably naive and persistently refusing to learn and who as a consequence hand out root logins for hosts with big (!) pipes to people that should - under no circumstances ever, EVER - be trusted, who are in turn causing the scourge of the public internets that's called a botnet. It doesn't matter whether you're simply so stupid (yes, I said it!) as to hand out actual root logins or whether you refuse to update your system or whether you use weak passwords: in all cases, your system is compromised, and due to the rather big pipe that your system has it in turn compromises the integrity of the whole network that the system is connected to. Chris is completely right: you shouldn't thank him for not doing 'rm -rf /' on your system (that's utter peanuts, and only hits you), you should rather thank him for not copying your complete client data (and in turn their client's data, let's talk about identity theft) and/or for not installing a bot on your system which would in turn cause me to have headaches when the bot's misused to DDoS or for any other form of network-based attack on the network that I need to administer. It's you who's the untrustworthy, completely unreliable and utterly irresponsible member of the community of networks that's called the Internet. Please go somewhere else. -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 5, 7:48 pm, Chris Angelico ros...@gmail.com wrote: No wonder the economy of Greece is in trouble. This isn't addressed just to Chris, as this isn't the first time the joke has been made, but could we not? There's a term for applying the failings of an individual to an entire genetic or cultural collective, and it isn't a pretty one. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 7:52 PM, alex23 wuwe...@gmail.com wrote: On Jun 5, 7:48 pm, Chris Angelico ros...@gmail.com wrote: No wonder the economy of Greece is in trouble. This isn't addressed just to Chris, as this isn't the first time the joke has been made, but could we not? There's a term for applying the failings of an individual to an entire genetic or cultural collective, and it isn't a pretty one. Sorry. You're right, that was un-called-for. I retract that comment. My main point I still stand by, though. These people are paying good money for a service that probably seems fine, to them. It's probably seemed fine for several years, even. But underneath, the systems admin is constantly breaking stuff and then coming in a panic to an open forum, begging for help, and then giving root access to strangers in the hope that they'll magically fix everything. This is not the sort of service I would pay for, and this is why I do not regret the potential damage to Nikos's revenue. The complaint is equivalent to begging a bank not to put in security cameras, because bank robbers might get less income. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:55:49 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε: Am 05.06.2013 11:33, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½: It's you who's the untrustworthy, completely unreliable and utterly irresponsible member of the community of networks that's called the Internet. I dont care what you do for a living, you never helped me a bit in anything, you just presented to me your self 1 hour ago to join the party. Please go somewhere else. Please sod off from my thread. Thank you. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 12:21, schrieb Νικόλαος Κούρας: I dont care what you do for a living, you never helped me a bit in anything, you just presented to me your self 1 hour ago to join the party. Guess why I did so: you're presently touching a subject (network safety) that I hold dear, and not only being a troll. -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 1:12:55 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 7:52 PM, alex23 wuwe...@gmail.com wrote: On Jun 5, 7:48 pm, Chris Angelico ros...@gmail.com wrote: No wonder the economy of Greece is in trouble. This isn't addressed just to Chris, as this isn't the first time the joke has been made, but could we not? There's a term for applying the failings of an individual to an entire genetic or cultural collective, and it isn't a pretty one. Sorry. You're right, that was un-called-for. I retract that comment. My main point I still stand by, though. These people are paying good money for a service that probably seems fine, to them. It's probably seemed fine for several years, even. But underneath, the systems admin is constantly breaking stuff and then coming in a panic to an open forum, begging for help, and then giving root access to strangers in the hope that they'll magically fix everything. This is not the sort of service I would pay for, and this is why I do not regret the potential damage to Nikos's revenue. The complaint is equivalent to begging a bank not to put in security cameras, because bank robbers might get less income. I dont own e-shops websites that require credit cards to make transactions. I just host 10 peoples who happen to be my friends websites, most of them created by Joomla CMS. 50 euros they pay me for the year for my services and some of them the half. I barely make some money out of this which with your actions today might loose them too. I hope you are happy. What ever i try is expicitly under my user account for python issues and not system wide, so hell brakes loose. And even if it did, my company whos server i rent, would have been abel to fix that. What you did is unforgivable, you should have decalred that: Nik, i actually dont want to help you with your damn enodnig issue, bur rather mess with your system to prove a point and i dont even regret if you loose some of your customers. Having said that, you could have been honest. At some point i will pay someone here to modify my templates and python scripts to use web frameworks. You and Heiko of course would be excluded from the programmer for hire list. Michael Torrie Steven D'aprano Lele Gaifax Cameron Simpson are possible candidates. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 12:30, schrieb Νικόλαος Κούρας: You and Heiko of course would be excluded from the programmer for hire list. Guess what: I have a job. And I don't give a damn. -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 12:49:13 μ.μ. UTC+3, ο χρήστης alex23 έγραψε: On Jun 5, 7:46 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: And here us Alex23 private mail that sent out to me: Which I spared the list from because it was off-topic, but I don't think that's a concept you're overly familiar with given your posting history. You spare it from the list because you wanted to bitch in private. Now sod off. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Op 05-06-13 11:19, Νικόλαος Κούρας schreef: I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working. Some people can be trusted, and actually try to help. Some dont. Chris is na example of the latter. At least he didnt wipe the whoile system out. And i do have access of my system 30 mins now. And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help. You believing so, is not enough. Tha is all i have to say and i'm not naive or fool. As i said some people can actually be trusted. Yes you are naive and a fool. The existance of trustworthy people is not the issue. The issue is how do you protect your server from the untrustworthy ones. Chris has shown you that your method for the latter sucks, yet here you are publicly stating you will just proceed in the same way. Someone with malice in mind has only to win your trust here or elsewhere by faking he wants to help you and you seem willing to give them the root password to your server. On top of that you have made it public that this will likely work. That certainly makes you naive and a fool. -- Antoon Pardon -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 1:39:28 μ.μ. UTC+3, ο χρήστης Antoon Pardon έγραψε: Op 05-06-13 11:19, οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ schreef: I'am a perosn that eaisly trust other people to have ethics, especially python programmers who knows how difficult its to debug a script and have it working. Some people can be trusted, and actually try to help. Some dont. Chris is na example of the latter. At least he didnt wipe the whoile system out. And i do have access of my system 30 mins now. And yes i will again root access to another person, which i beleive he can be trsuted and give me some friendly help. You believing so, is not enough. Tha is all i have to say and i'm not naive or fool. As i said some people can actually be trusted. Yes you are naive and a fool. The existance of trustworthy people is not the issue. The issue is how do you protect your server from the untrustworthy ones. Chris has shown you that your method for the latter sucks, yet here you are publicly stating you will just proceed in the same way. Someone with malice in mind has only to win your trust here or elsewhere by faking he wants to help you and you seem willing to give them the root password to your server. On top of that you have made it public that this will likely work. I will understand by his attitude in general if he is likely to help me or not. With Chris, being an expert and all, i was 60%-40% that he was likely to help me, but i was rather worrying if he would solve the filename encoding and suexec issues more that harming the server(whoch he did not) Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 13:07, schrieb Νικόλαος Κούρας: Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server? As root has full access to your system (i.e., can change file contents and system state at will), and you gave him root access: you can't. And he made sure to remove things such as .bash_history and the syslog contents, I guess. At least that's what I'd have done to prove a point. -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 5, 9:07 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?) http://lmgtfy.com/?q=centos+clear+command+line+history You're welcome. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε: Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½: Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server? As root has full access to your system (i.e., can change file contents and system state at will), and you gave him root access: you can't. And he made sure to remove things such as .bash_history and the syslog contents, I guess. At least that's what I'd have done to prove a point. I see. Thanks. Is there some logging utility i can use next time iam offering root access to someone(if i do it) or perhaps logging a normal's account activity? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Am 05.06.2013 13:19, schrieb Νικόλαος Κούρας: Is there some logging utility i can use next time iam offering root access to someone(if i do it) or perhaps logging a normal's account activity? Short answer: Not for root, no. Long answer: as I've already said: root can change file contents, or more explicitly _any_ system state, and (s)he can do that at will, and as such you can't ever be sure that what any form of logging is telling you will be the truth in some form or another if you've had a malicious root user on your system. Now: think again why it's such a plain stupid and incredibly bad idea to hand out root credentials to people you shouldn't trust, and why people (like me) keep telling you that you're naive and a fool to even consider handing out root logins. PS: the same is true for normal logins. You don't know whether some form of privilege escalation exists on your system, so even by handing out supposedly safe non-root accounts, your installation might get compromised due to insecure SUID software or due to privilege escalation bugs in the kernel. -- --- Heiko. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 05/06/2013 10:06, Νικόλαος Κούρας wrote: Fuck you too and sod off. You've got a bloody nerve. You're charging people when you haven't the faintest idea what you're doing, won't pay for technical support, and then have the audacity to complain when people do try to help. As I've said before, it's hardly surprising that the Greek economy is in such a mess if you're an example of what the workforce has to offer. I was going to say professionally, except that word is clearly not applicable here. -- Steve is going for the pink ball - and for those of you who are watching in black and white, the pink is next to the green. Snooker commentator 'Whispering' Ted Lowe. Mark Lawrence -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 05/06/2013 11:32, Νικόλαος Κούρας wrote: Τη Τετάρτη, 5 Ιουνίου 2013 12:49:13 μ.μ. UTC+3, ο χρήστης alex23 έγραψε: On Jun 5, 7:46 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: And here us Alex23 private mail that sent out to me: Which I spared the list from because it was off-topic, but I don't think that's a concept you're overly familiar with given your posting history. You spare it from the list because you wanted to bitch in private. Now sod off. Never in the field of the internet has so much been owed to so many by so few. -- Steve is going for the pink ball - and for those of you who are watching in black and white, the pink is next to the green. Snooker commentator 'Whispering' Ted Lowe. Mark Lawrence -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 05/06/2013 10:31, Chris Angelico wrote: You most definitely *are* a fool. ChrisA I believe the above is just plain wrong. A fool and his money are easily parted, but this guy won't part with his cash. -- Steve is going for the pink ball - and for those of you who are watching in black and white, the pink is next to the green. Snooker commentator 'Whispering' Ted Lowe. Mark Lawrence -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 4:16:46 μ.μ. UTC+3, ο χρήστης Mark Lawrence έγραψε: On 05/06/2013 10:06, οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ wrote: Fuck you too and sod off. You've got a bloody nerve. You're charging people when you haven't the faintest idea what you're doing, won't pay for technical support, and then have the audacity to complain when people do try to help. As I've said before, it's hardly surprising that the Greek economy is in such a mess if you're an example of what the workforce has to offer. I was going to say professionally, except that word is clearly not applicable here. When you invented meat, Greeks were already suffering from cholesterol. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
05.06.13 11:09, Chris Angelico написав(ла): Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. What are permission modes of /home/nikos and /home/nikos/new_password? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 5:46:57 μ.μ. UTC+3, ο χρήστης Serhiy Storchaka έγραψε: 05.06.13 11:09, Chris Angelico написав(ла): Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. What are permission modes of /home/nikos and /home/nikos/new_password? ni...@superhost.gr [~/www]# pwd /home/nikos/www ni...@superhost.gr [~/www]# ls -ld ../ drwx--x--x 24 nikos nikos 4096 Jun 5 11:28 ..// ni...@superhost.gr [~/www]# -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 9:07 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I will understand by his attitude in general if he is likely to help me or not. How much of my attitude did you read before you decided I would trust you? Posts like this: http://mail.python.org/pipermail/python-list/2013-June/648428.html http://mail.python.org/pipermail/python-list/2013-June/648496.html and especially this: http://mail.python.org/pipermail/python-list/2013-June/648459.html state fairly clearly what I'm intending. I was NOT planning to solve your problem. I was planning all along to do exactly what I did: search for some proof that I had full access, email it to the persons concerned, then leave without doing any actual damage. So if you were *that wrong* about me, what makes you think you can judge someone else safely? ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 9:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε: Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½: Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server? As root has full access to your system (i.e., can change file contents and system state at will), and you gave him root access: you can't. And he made sure to remove things such as .bash_history and the syslog contents, I guess. At least that's what I'd have done to prove a point. In fact, I didn't even bother fiddling with syslog. All I did was .bash_history. Of course, I wasn't worried about you getting my IP addresses (one of them is public anyway, and the other isn't mine any longer than I'm using it), and nothing I did there was sufficiently serious to be worth hiding, but I just did the history so I could point out how easy this is. I see. Thanks. Is there some logging utility i can use next time iam offering root access to someone(if i do it) or perhaps logging a normal's account activity? You could log a normal user fairly easily, because root trumps normal users. To log root access, there are a few options: 1) Don't actually give unrestricted roots, but require the use of sudo, which logs. Not 100% perfect unless you actually restrict the commands that can be executed, but it'd at least let you have some idea that things were tampered with. 2) Provide a special bouncer. This is a little complex to describe, so bear with me. Imagine you have *two* computers, WebHost and Bouncer. You want to give root access to WebHost, so you invite someone to ssh to webroot@bouncer - the shell of that user establishes a secondary connection to root@webhost and passes everything on, but also logs it. Since *no* access to Bouncer has been granted, the logs can't be tampered with. This can be complicated to set up and secure, but it's certainly possible. However, I think it is beyond your ability, at least at the moment. 3) Provide a hacked-up root shell that logs to a network location, and disable all other shell usage. Imperfect but would probably work. 4) Require that all root shell access be done through screen/tmux, and monitor it. You can probably think of a few others, too. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, Jun 5, 2013 at 12:24 PM, Chris Angelico ros...@gmail.com wrote: On Wed, Jun 5, 2013 at 9:07 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I will understand by his attitude in general if he is likely to help me or not. How much of my attitude did you read before you decided I would trust you? Posts like this: http://mail.python.org/pipermail/python-list/2013-June/648428.html http://mail.python.org/pipermail/python-list/2013-June/648496.html and especially this: http://mail.python.org/pipermail/python-list/2013-June/648459.html state fairly clearly what I'm intending. I was NOT planning to solve your problem. I was planning all along to do exactly what I did: search for some proof that I had full access, email it to the persons concerned, then leave without doing any actual damage. So if you were *that wrong* about me, what makes you think you can judge someone else safely? ChrisA -- http://mail.python.org/mailman/listinfo/python-list To solve the OPs problems once and for all, I believe we need to know his social security number and his mother's maiden name. (Yes, i know SSN is for US but... ) -- Joel Goldstick http://joelgoldstick.com -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 12:46 AM, Serhiy Storchaka storch...@gmail.com wrote: 05.06.13 11:09, Chris Angelico написав(ла): Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. What are permission modes of /home/nikos and /home/nikos/new_password? I didn't actually fiddle with that, but you're right, I ought to have ensured that the password file was mode 600. However, I don't think it would have made a lot of difference; mainly I was wanting to guard against randoms on the internet, not actual legit users of his system (and even they may well not have shell access). ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 7:37:47 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Thu, Jun 6, 2013 at 12:46 AM, Serhiy Storchaka storch...@gmail.com wrote: 05.06.13 11:09, Chris Angelico написав(ла): Oh, and I changed the root password, since the current one was sent in clear text across the internet. Nikos, the new password has been stored in /home/nikos/new_password - you should be able to access that using your non-root login. I recommend you change it immediately. What are permission modes of /home/nikos and /home/nikos/new_password? I didn't actually fiddle with that, but you're right, I ought to have ensured that the password file was mode 600. However, I don't think it would have made a lot of difference; mainly I was wanting to guard against randoms on the internet, not actual legit users of his system (and even they may well not have shell access). I grant shell access to very new account i create but some of my customers dont evn know the existance of linux, and the other that do, have no idea of what a shell access is. But i grant them the ability just in cae for future usage. Most of them are doign the work via cPanel tools. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Wed, Jun 5, 2013 at 9:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε: Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½: Btw, since history doesnt show me his history comamnds when he logged in from .au(why not really?), how can i tell what exactly did he do when he logged on to the server? As root has full access to your system (i.e., can change file contents and system state at will), and you gave him root access: you can't. And he made sure to remove things such as .bash_history and the syslog contents, I guess. At least that's what I'd have done to prove a point. In fact, I didn't even bother fiddling with syslog. All I did was .bash_history. Of course, I wasn't worried about you getting my IP addresses (one of them is public anyway, and the other isn't mine any longer than I'm using it), and nothing I did there was sufficiently serious to be worth hiding, but I just did the history so I could point out how easy this is. So, by executing .bash_history commands issued are cleared. okey. What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog can the latter show me what commands have been executed, files opened, commands given, services started-stopped etc? and nothing I did there was sufficiently serious to be worth hiding. Actually i believ you, because if you had malice in mind you could 'rm -rf /' or deface frontpages which you didnt do. But is there a way for me to see what commands have been issued? syslog perhaps as ia sk above? Since you didn't hurm the system why the need of wipe clean bash's history? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 7:35:48 μ.μ. UTC+3, ο χρήστης Joel Goldstick έγραψε: To solve the OPs problems once and for all, I believe we need to know his social security number and his mother's maiden name. (Yes, i know SSN is for US but... ) Even if i gibe you that info, what can you possibly expect to happen? Gain access to my Gmail account because you stuck in its security question? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 3:05 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I grant shell access to very new account i create but some of my customers dont evn know the existance of linux, and the other that do, have no idea of what a shell access is. But i grant them the ability just in cae for future usage. Most of them are doign the work via cPanel tools. I would strongly recommend NOT giving shell access, then. The chances are low that they'll ever need it, and you improve your security significantly by closing it off. On Thu, Jun 6, 2013 at 3:07 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Τη Τετάρτη, 5 Ιουνίου 2013 7:35:48 μ.μ. UTC+3, ο χρήστης Joel Goldstick έγραψε: To solve the OPs problems once and for all, I believe we need to know his social security number and his mother's maiden name. (Yes, i know SSN is for US but... ) Even if i gibe you that info, what can you possibly expect to happen? Gain access to my Gmail account because you stuck in its security question? What about: gain access to your bank account the same way? How would you feel about random people on the internet having the ability to transfer money on your behalf? ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: In fact, I didn't even bother fiddling with syslog. All I did was .bash_history. Of course, I wasn't worried about you getting my IP addresses (one of them is public anyway, and the other isn't mine any longer than I'm using it), and nothing I did there was sufficiently serious to be worth hiding, but I just did the history so I could point out how easy this is. So, by executing .bash_history commands issued are cleared. okey. What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog can the latter show me what commands have been executed, files opened, commands given, services started-stopped etc? Poke around in /var/log - I didn't tamper with anything there, so you may well find log entries. But I don't know for sure what I did and what I didn't do. and nothing I did there was sufficiently serious to be worth hiding. Actually i believ you, because if you had malice in mind you could 'rm -rf /' or deface frontpages which you didnt do. But is there a way for me to see what commands have been issued? syslog perhaps as ia sk above? Since you didn't hurm the system why the need of wipe clean bash's history? There won't be a full list of all commands, but you may find some hints. And why wipe it? Just to show how easily it could be done. Imagine if I'd: 1) Created a new user, with a home directory of /etc 2) Made a setuid root binary that gives me a shell 3) Removed all logfile traces of having done so I could then *retain full access* even after you change the root password. And you would not know what I'd done, if I do the logfile wipes correctly. You might see some hint (eg that logs were rotated prematurely), but it'd be extremely hard to figure out what I did. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 8:16:46 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: In fact, I didn't even bother fiddling with syslog. All I did was .bash_history. Of course, I wasn't worried about you getting my IP addresses (one of them is public anyway, and the other isn't mine any longer than I'm using it), and nothing I did there was sufficiently serious to be worth hiding, but I just did the history so I could point out how easy this is. So, by executing .bash_history commands issued are cleared. okey. What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog can the latter show me what commands have been executed, files opened, commands given, services started-stopped etc? Poke around in /var/log - I didn't tamper with anything there, so you may well find log entries. But I don't know for sure what I did and what I didn't do. and nothing I did there was sufficiently serious to be worth hiding. Actually i believ you, because if you had malice in mind you could 'rm -rf /' or deface frontpages which you didnt do. But is there a way for me to see what commands have been issued? syslog perhaps as ia sk above? Since you didn't hurm the system why the need of wipe clean bash's history? There won't be a full list of all commands, but you may find some hints. And why wipe it? Just to show how easily it could be done. Imagine if I'd: 1) Created a new user, with a home directory of /etc 2) Made a setuid root binary that gives me a shell 3) Removed all logfile traces of having done so I could then *retain full access* even after you change the root password. And you would not know what I'd done, if I do the logfile wipes correctly. You might see some hint (eg that logs were rotated prematurely), but it'd be extremely hard to figure out what I did. Forensics is not my strong point, currently i'm learning linux hence i only have basic knowledge just to get some basic stuff up and running. Now about what you did to me. I wanted to tell you that I (and I am sure there are other people too) don't agree with what you did. I think it was pretty rotten -- you told me it was a bad idea to give out the root password and that was as far as you should have gone, you had no right to prove it by screwing with my system. In the US there is a law called the DMCA which I think would make what you did illegal, even though i have you a password, because i clearly gave you access to help me fix a problem, not to do what you did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia... I decided a long time ago the certain people on the Python list were assholes, you leading the list followed by alex23, Mark Lawrence and several more. Your post about how you are a good Christian just confirms to me that you aren't -- people who brag about how moral they are are usually immoral. And besides the major assholes, there are lots of people there that will just agree with prevailing opinion without thinking for themselves. I still maintain my belief that most people are good and want to help rather than be destructive(which to your defense you weren't entirely. The mails you sent to my few customers though really pissed me off). And of course, i have no idea, if you ahve installed some kind of a backdoor utility that will grant you shell access via ssh to my system. I want to convince myself that you haven't done so. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Now about what you did to me. I wanted to tell you that I (and I am sure there are other people too) don't agree with what you did. I think it was pretty rotten -- you told me it was a bad idea to give out the root password and that was as far as you should have gone, you had no right to prove it by screwing with my system. In the US there is a law called the DMCA which I think would make what you did illegal, even though i have you a password, because i clearly gave you access to help me fix a problem, not to do what you did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia... IANAL, but I don't think the DMCA has anything to do with this. (That is to say, I don't think it would even if everything were under US jurisdiction, which as you say isn't the case anyway.) What I did is no more illegal than you lending your car keys to a stranger with the request that he lock your door for you, and him then leafing through the contents of your car and telling your spouse what he found. If that causes your marriage to break up, the fault was with you for having something in your car that would break up your marriage, and for letting a stranger poke around in there. I still maintain my belief that most people are good and want to help rather than be destructive(which to your defense you weren't entirely. The mails you sent to my few customers though really pissed me off). The mails to your customers stop you from pretending to them that you know what you're doing. That's all. Now, you may be able to come back from this by making a public change of policy (you so far have a declared stance that you would give out the root password to someone else in future) and apologizing profusely to your customers, but if you can't, that is your problem and not mine. I was programming computers for eighteen years before I got a job doing it. Getting money for hosting people's web sites is something that you should see as a privilege for people who can demonstrably provide this service safely, and should not be something you strive for while you're learning the basics of Linux. And of course, i have no idea, if you ahve installed some kind of a backdoor utility that will grant you shell access via ssh to my system. I want to convince myself that you haven't done so. I can help with that convincing. No, I did not install any sort of backdoor. There is no way you can prove that statement, but you have my promise and pledge that your system is safe from me. All I did was: 1) Change the root password, storing the new one in a way that you could find it 2) Create the cookie file as proof of what I could do 3) Collect email addresses from /home/*/.contactemail 4) Inspect the index.html files in a few directories as a means of locating the web sites concerned 5) 'mv .bash_history .bash_history_old', and later mv it back There is no ongoing access, and now that you've changed the root password (btw, I hope you weren't silly enough to change it to the same password you emailed me), the system is under your control again. But you cannot be sure that the *other* people you've given root access to didn't do the same. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 8:47:38 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Now about what you did to me. I wanted to tell you that I (and I am sure there are other people too) don't agree with what you did. I think it was pretty rotten -- you told me it was a bad idea to give out the root password and that was as far as you should have gone, you had no right to prove it by screwing with my system. In the US there is a law called the DMCA which I think would make what you did illegal, even though i have you a password, because i clearly gave you access to help me fix a problem, not to do what you did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia... IANAL, but I don't think the DMCA has anything to do with this. (That is to say, I don't think it would even if everything were under US jurisdiction, which as you say isn't the case anyway.) What I did is no more illegal than you lending your car keys to a stranger with the request that he lock your door for you, and him then leafing through the contents of your car and telling your spouse what he found. If that causes your marriage to break up, the fault was with you for having something in your car that would break up your marriage, and for letting a stranger poke around in there. I still maintain my belief that most people are good and want to help rather than be destructive(which to your defense you weren't entirely. The mails you sent to my few customers though really pissed me off). The mails to your customers stop you from pretending to them that you know what you're doing. That's all. Now, you may be able to come back from this by making a public change of policy (you so far have a declared stance that you would give out the root password to someone else in future) and apologizing profusely to your customers, but if you can't, that is your problem and not mine. I was programming computers for eighteen years before I got a job doing it. Getting money for hosting people's web sites is something that you should see as a privilege for people who can demonstrably provide this service safely, and should not be something you strive for while you're learning the basics of Linux. And of course, i have no idea, if you ahve installed some kind of a backdoor utility that will grant you shell access via ssh to my system. I want to convince myself that you haven't done so. I can help with that convincing. No, I did not install any sort of backdoor. There is no way you can prove that statement, but you have my promise and pledge that your system is safe from me. All I did was: 1) Change the root password, storing the new one in a way that you could find it 2) Create the cookie file as proof of what I could do 3) Collect email addresses from /home/*/.contactemail 4) Inspect the index.html files in a few directories as a means of locating the web sites concerned 5) 'mv .bash_history .bash_history_old', and later mv it back There is no ongoing access, and now that you've changed the root password (btw, I hope you weren't silly enough to change it to the same password you emailed me), the system is under your control again. But you cannot be sure that the *other* people you've given root access to didn't do the same. Every time i granted access to other folks when jobs done i alwaws 'passwd' as root to avoid unwanted access. All customers are also my friends and they like me and trust me. I also fix their computers too and use TeamViewer many times to help them from home. Still, all of your doing could be avoided if isntead of fiddlign with my clients, you would actually try to provide a helping had. Anyway, i should'n have given root access to you, i was a bit worried doing so, but i was also under stress of also correcting this damn encoding issue and i wanted to think you would be the one that finally help solving it. I was wrong. But no matter what you say i won't lose my beleif hat if for example i have given access to Steven, things could have turn into a positive solution. You shouldnt have gone that far, just to prove a point. Its not that malicious activity didn't occur to me that migth happen, i just like to think that it wont. Any way, enough said. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 4:08 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Anyway, i should'n have given root access to you, i was a bit worried doing so, but i was also under stress of also correcting this damn encoding issue and i wanted to think you would be the one that finally help solving it. You shouldnt have gone that far, just to prove a point. Its not that malicious activity didn't occur to me that migth happen, i just like to think that it wont. Sure, you'd like to think that nothing will ever go wrong. Trouble is, you can't depend on that. Maybe Steven D'Aprano would have solved your problem for you... maybe not. Maybe you would have picked someone who totally smashed your system, reputation, bank balance, and family pet. How would you know? The point of security is not to trust that most people will be fine. The point of security is to be secure. You may not be able to guard against everything, but you can certainly put some effort into not making it easy for an attacker. Treat the root password as a keyring with all of your keys on it, and assume that you're going on holidays overseas. Do you contact strangers to ask them to feed your cat? Or do you talk to a trusted friend? ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 9:16:56 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: Do you contact strangers to ask them to feed your cat? Or do you talk to a trusted friend? Well i dont consider you a perfect stranger, because we kind of know each other since we speak here sometime. You know how much i was striving for help resolving this, and i was happy this morning thinking that Chris will fianlly put me out of this encoding misery -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Here is the mails you sent to my customers for the other members to see. --- Greetings. I apologize for this unsolicited email, but I feel that you have a right to know about the security of your server. Νικόλαος Κούρας (Nikos) has been in repeated communication with the members of python-list with regard to many issues he is having, and he has happily granted root access to his server to someone he has never met and has no reason to trust. This compromises your data and your web site. Fortunately for you, the person he gave his password is me, and I have no intention of causing damage. However, if I wanted to, I could do *anything* to his server. As a simple demonstration, I have placed a file called Hello_from_Rosuav in the root directory of each of your web sites, for instance: http://leonidasgkelos.com/Hello_from_Rosuav http://parking-byzantio.gr/Hello_from_Rosuav Your email addresses, too, I obtained from the server. If you are storing personal details of any of your customers, I could access those, but on principle I haven't looked. Please consider carefully who you trust with your hosting. There is no need to panic right now, as there has been no damage done (beyond the creation of the file I mentioned above, which you can easily delete). But be aware that Nikos is not a competent systems administrator, and I would not trust him with any of my data. You can find a large number of posts by Nikos on python-list here: http://news.gmane.org/gmane.comp.python.general http://mail.python.org/pipermail/python-list/2013-June/thread.html Feel free to contact me for further details. I apologize that I cannot communicate in Greek; I hope that this will not be a problem. I advise that you look to alternative web hosting. --- Thanks for screwing me up entirely and made me look what you made me look for all i did was to trust you. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 4:22 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Τη Τετάρτη, 5 Ιουνίου 2013 9:16:56 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: Do you contact strangers to ask them to feed your cat? Or do you talk to a trusted friend? Well i dont consider you a perfect stranger, because we kind of know each other since we speak here sometime. You know how much i was striving for help resolving this, and i was happy this morning thinking that Chris will fianlly put me out of this encoding misery See, that's the thing. All you know about me is that I happen to answer a lot of questions here. Now, if you ask around on this list, you'll probably learn a lot about me, but the most important thing right now is that I told you up-front that I was not intending to help, yet you still gave me the root password. You get so stuck on your own problems that you are unable to see anyone else's. In fact, you are very much in the position of Alice Liddell at the time of American McGee's game, Alice: Madness Returns. (It's a decent game, but don't buy anything from EA Games.) The problem isn't so much what you're doing, as what you're not doing. Slow down, take a step back. Give yourself some breathing space. If you had a test computer to play around on before deploying things to your live server, you would not be panicked by little problems; and you could take a bit of time to (a) polish your posts before hitting Send, and (b) read the responses more thoroughly. Between those two, you could avoid a lot of trouble fairly easily. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 4:34 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Here is the mails you sent to my customers for the other members to see. Yep, containing nothing I haven't said on-list. Thanks for screwing me up entirely and made me look what you made me look for all i did was to trust you. Making you look like what? A systems administrator who can't be trusted? Because that is, quite frankly, entirely accurate. Suppose you go to a posh place that offers valet parking. You make sure that the person you're giving your car key to is employed by the club, and you let him take control of your car. Unbeknownst to you, he doesn't actually park your car, he calls out to the loafers, asking them to park it. He knows these guys, they're always hanging around. He gives the key to one of them, who gets in your car and looks around. That's what you've done. You violated the trust your clients placed in you, and your only response is to claim that a person (with whom you had no contractual arrangement or even verbal promise) violated your trust. It's like saying I can keep a secret, it's just the folks I tell it to who can't. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
: On 5 June 2013 14:34, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Here is the mails you sent to my customers for the other members to see. --- [...] I advise that you look to alternative web hosting. --- Thanks for screwing me up entirely and made me look what you made me look for all i did was to trust you. Chris has done your customers an important service (one which I would not have risked, given your propensity for badmouthing those with whom you come in contact). You are dangerously incompetent as a hosting provider, as you have demonstrated here repeatedly. Be thankful that the person you stupidly granted root access to has a sense of ethics, and learn your trade. -[]z. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 9:46:03 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Thu, Jun 6, 2013 at 4:34 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Here is the mails you sent to my customers for the other members to see. Yep, containing nothing I haven't said on-list. Thanks for screwing me up entirely and made me look what you made me look for all i did was to trust you. Making you look like what? A systems administrator who can't be trusted? Because that is, quite frankly, entirely accurate. Suppose you go to a posh place that offers valet parking. You make sure that the person you're giving your car key to is employed by the club, and you let him take control of your car. Unbeknownst to you, he doesn't actually park your car, he calls out to the loafers, asking them to park it. He knows these guys, they're always hanging around. He gives the key to one of them, who gets in your car and looks around. That's what you've done. You violated the trust your clients placed in you, and your only response is to claim that a person (with whom you had no contractual arrangement or even verbal promise) violated your trust. It's like saying I can keep a secret, it's just the folks I tell it to who can't. ChrisA Its funny how doing what you did you manage to turn the whole thing against me. WHY isntead of doing wht you did, dint you choose to actually *help* ? I'am beginning to dislkike you more and more as you speak. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 5, 11:34 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Here is the mails you sent to my customers for the other members to see. snipped In the normal run of things, I would say Chris has done a horrible thing. In this case however, let us remember: Many people -- hardly exclusively Chris -- tried to educate you 1. on technical matters 2. on methodological matters (eg how to debug) 3. on matters of minimum etiquette -- eg spellchecking 4. on basic security For the most part, you simply have not listened. Finally Chris warned you what he can do. Instead of listening, you whined: I trust you!! (Heres a kiss!) and gave him your password. He gently tapped you on your rather hard and impervious 'Ferrous Cranus' to let you understand the implications. Even now, instead of understanding that you were wrong throughout, you are still blaming Chris -- Good Grief! And you expect us to sympathize with you?!?! I dont know whether to laugh or cry... Please note Nikos: If you obdurately, obstinately, insistently, incessantly behave like an asshole, you leave no-one the choice but to treat you like an asshole. So... Are you an asshole?? One can only hope that you prove me wrong... -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 9:52:27 μ.μ. UTC+3, ο χρήστης Zero Piraeus έγραψε: : On 5 June 2013 14:34, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Here is the mails you sent to my customers for the other members to see. --- [...] I advise that you look to alternative web hosting. --- Thanks for screwing me up entirely and made me look what you made me look for all i did was to trust you. Chris has done your customers an important service (one which I would not have risked, given your propensity for badmouthing those with whom you come in contact). You are dangerously incompetent as a hosting provider, as you have demonstrated here repeatedly. Be thankful that the person you stupidly granted root access to has a sense of ethics, and learn your trade. -[]z. Well, if he had ethics he would have told me that his intentiosn were to screw my business and also he could actually tried to help me out. I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a hostign company and 3rd level tech that support me when it come to system administration. Now, you were right about my bad mouth because iam going to tell you to sod off. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 4:55 AM, rusi rustompm...@gmail.com wrote: If you obdurately, obstinately, insistently, incessantly behave like an asshole, you leave no-one the choice but to treat you like an asshole. This is Python. We duck-type people. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 9:55:46 μ.μ. UTC+3, ο χρήστης rusi έγραψε: On Jun 5, 11:34 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Here is the mails you sent to my customers for the other members to see. snipped In the normal run of things, I would say Chris has done a horrible thing. In this case however, let us remember: Many people -- hardly exclusively Chris -- tried to educate you 1. on technical matters 2. on methodological matters (eg how to debug) 3. on matters of minimum etiquette -- eg spellchecking 4. on basic security For the most part, you simply have not listened. Finally Chris warned you what he can do. Instead of listening, you whined: I trust you!! (Heres a kiss!) and gave him your password. He gently tapped you on your rather hard and impervious 'Ferrous Cranus' to let you understand the implications. Even now, instead of understanding that you were wrong throughout, you are still blaming Chris -- Good Grief! And you expect us to sympathize with you?!?! I dont know whether to laugh or cry... Please note Nikos: If you obdurately, obstinately, insistently, incessantly behave like an asshole, you leave no-one the choice but to treat you like an asshole. So... Are you an asshole?? One can only hope that you prove me wrong... No, its your attitude that is beyond asshood. I decided a long time ago the certain people on the Python list were assholes, perhaps you are the leader here. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Thu, Jun 6, 2013 at 4:58 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Well, if he had ethics he would have told me that his intentiosn were to screw my business and also he could actually tried to help me out. I did. :) I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a hostign company and 3rd level tech that support me when it come to system administration. Beginners learning along the way do not run businesses. I wouldn't hire someone to build me a porch if he admits that he's still learning which end of the hammer to hit with. (That's understandable if it's a PHP hammer with claws on both ends, but I still wouldn't hire him.) And if I hired someone to build that porch and only afterward discovered that he didn't know a screw from a nail, I would be pretty miffed. Nikos, you are that carpenter. There's nothing wrong with being a beginner. We all start out that way. But a beginner plays with things that don't have major consequence. If you didn't have paying customers, you would not need to worry about what I might have done; at very worst, you just wipe the system and reinstall. (You DO have basic firewalling to make sure I can't damage any other box, right?) And even more so, if you didn't have paying customers, you would not be in a tizz about things. You could simply set the matter aside and come back later. This is safe. Don't do what you wouldn't stand for someone else doing. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τετάρτη, 5 Ιουνίου 2013 10:13:41 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Thu, Jun 6, 2013 at 4:58 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Well, if he had ethics he would have told me that his intentiosn were to screw my business and also he could actually tried to help me out. I did. :) I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a hostign company and 3rd level tech that support me when it come to system administration. Beginners learning along the way do not run businesses. I wouldn't hire someone to build me a porch if he admits that he's still learning which end of the hammer to hit with. (That's understandable if it's a PHP hammer with claws on both ends, but I still wouldn't hire him.) And if I hired someone to build that porch and only afterward discovered that he didn't know a screw from a nail, I would be pretty miffed. Nikos, you are that carpenter. There's nothing wrong with being a beginner. We all start out that way. But a beginner plays with things that don't have major consequence. If you didn't have paying customers, you would not need to worry about what I might have done; at very worst, you just wipe the system and reinstall. (You DO have basic firewalling to make sure I can't damage any other box, right?) And even more so, if you didn't have paying customers, you would not be in a tizz about things. You could simply set the matter aside and come back later. This is safe. Don't do what you wouldn't stand for someone else doing. I'll have you know that all 10 of my client webpages run unproblematically and i support them by mail and teamviewer for free. I have even bough Softaculous licenses for them to have joomla and Drupal install in an automatic way so things go smooth and easy for them because tehy can all build Joomla from scratch. If i couldnt host their webistes i woudlnt have done so, but i can. And when i find t hard their is always the webhost company that supports me by just openign a ticket. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
snip Now, you were right about my bad mouth because iam going to tell you to sod off. snip Well, if he had ethics he would have told me that his intentiosn were to screw my business and also he could actually tried to help me out. Many times I've seen people here give you their best advice and you come back seemingly having not even read what they had to say. You just whine and say someone should help you, even though many have already done that. You don't take the help. Now in this case, Chris more or less proved my point. I've been reading along, and he said exactly what he would do if you gave him root access to your account. He said he would write to your users and explain to them the peril of how you run your hosting service. He didn't say he would help you. Go back and read exactly what he said, and then take a deep breath and do some introspection of your own conduct. He basically said, don't touch the stove, its hot. And you touched the stove and then complained. You act very poorly here. Grow up I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a hostign company and 3rd level tech that support me when it come to system administration. I think you are incompetent. No one knows everything, and groups like this are a great place to learn more. But part of being competent is being careful. You are reckless. You work on a live server for which you have paying customers. You make endless changes to your code without taking the time to go off and google for information about the topic you are struggling with. Your live site should probably have been put together using a framework, but that would have required you to read about, experiment with and use a framework. You write html code in the midst of your python code. You have endless encoding/decoding issues, but you have never apparently read the many articles on how unicode works. Have some respect for the science and craft of making good software. On Wed, Jun 5, 2013 at 3:03 PM, Chris Angelico ros...@gmail.com wrote: On Thu, Jun 6, 2013 at 4:55 AM, rusi rustompm...@gmail.com wrote: If you obdurately, obstinately, insistently, incessantly behave like an asshole, you leave no-one the choice but to treat you like an asshole. This is Python. We duck-type people. ChrisA -- http://mail.python.org/mailman/listinfo/python-list -- Joel Goldstick http://joelgoldstick.com -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 06/05/2013 05:19 PM, Dennis Lee Bieber wrote: On Wed, 5 Jun 2013 10:29:44 -0700 (PDT), Íéêüëáïò Êïýñáò nikos.gr...@gmail.com declaimed the following in gmane.comp.python.general: In the US there is a law called the DMCA which I think would make what you did illegal, even though i have you a password, because i clearly gave you access to help me fix a problem, not to do what you did. Of course US law doesn't help in this case since you i live in Greece and you live in Australia... I doubt it... DMCA mainly concerns itself with the breaking of copyright restrictions applied to media -- for example, e-books that are keyed to single user's account. The CA part is copyright act (without googling, I think the DM is digital millenium); the key is copyright. No copyrights were violated in this teaching... From vague memory (and without enough interest in the subject to research it), I recall hearing several news stories over the years where people where convicted (or at least charged with) violating the DMCA (or perhaps equally draconian followup U.S. laws) even though they clearly penetrated the system to point out security flaws. But what you did was the equivalent of handing out the key to strangers (on the BarnesNoble Nook, the key is the combination of an email address and a credit card number -- if you are willing to hand your email and CC# to a perfect stranger they can legitimately open the e-book file you gave them). In short, you said: I give you total control over my server; do anything you want with it though I'd like for you to clean up my mess. No he didn't -- as I read his posts he was clearly offering access for the purpose of having someone help him fix his problems. That I give you my car keys (even if you're a stranger) does not mean I am giving you permission to do whatever you want with my car. Nor does the fact that I think you shouldn't pick up hitchikers permit me to teach you a lesson by getting picked up by you and then robbing you. But a bunch of legally ignorant programmers (including myself) speculating about the subject here is about as informative as a group of 6-graders thoughts on Einstein's theory of relativity. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 2013-06-05 17:57, ru...@yahoo.com wrote: On 06/05/2013 05:19 PM, Dennis Lee Bieber wrote: stories over the years where people where convicted (or at least charged with) violating the DMCA (or perhaps equally draconian followup U.S. laws) even though they clearly penetrated the system to point out security flaws. I suspect you read CFAA (Computer Fraud Abuse Act) and thought DMCA (Digital Millennium Copyright Act), as there have been a number of prosecutions under the CFAA (including the whole Aaron Swartz ordeal) for nebulous exceeding authorization. -tkc -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Wed, 05 Jun 2013 03:32:42 -0700, Νικόλαος Κούρας wrote: [...] You spare it from the list because you wanted to bitch in private. Now sod off. Νικόλαος, please stop trading insults with people who you feel have wronged you. If somebody gives you deliberately bad advice, that is one thing. Otherwise, please try to ignore their insults rather than throwing fuel on the fire by insulting back. But please also try to learn from them! Most of the criticisms given have been valid, even if put rudely. For example, this thread, and related threads, are ENORMOUS. I cannot keep track of all the issues. Please try not to make this thread unnecessarily complicated with rapid fire responses that don't help. * Please think before you reply. Does your reply *help* the conversation, or make it worse? * Please stop making multiple changes at once. It makes it hard to see what causes the breakage. * If you change something, and it breaks, undo the change, then experiment outside of your live system to try to understand and fix the issue. As for everyone else, please try to be polite and helpful, or don't reply at all. Thank you. -- Steven -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Πέμπτη, 6 Ιουνίου 2013 6:57:08 π.μ. UTC+3, ο χρήστης Steven D'Aprano έγραψε: On Wed, 05 Jun 2013 03:32:42 -0700, Νικόλαος Κούρας wrote: [...] You spare it from the list because you wanted to bitch in private. Now sod off. Νικόλαος, please stop trading insults with people who you feel have wronged you. If somebody gives you deliberately bad advice, that is one thing. Otherwise, please try to ignore their insults rather than throwing fuel on the fire by insulting back. But please also try to learn from them! Most of the criticisms given have been valid, even if put rudely. For example, this thread, and related threads, are ENORMOUS. I cannot keep track of all the issues. Please try not to make this thread unnecessarily complicated with rapid fire responses that don't help. * Please think before you reply. Does your reply *help* the conversation, or make it worse? * Please stop making multiple changes at once. It makes it hard to see what causes the breakage. * If you change something, and it breaks, undo the change, then experiment outside of your live system to try to understand and fix the issue. As for everyone else, please try to be polite and helpful, or don't reply at all. Thank you. -- Steven Okey as, you ahve seen form yesterday night(Greek time) i have stopped answering to this thread. I have said what needed ot be heard. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Tue, Jun 4, 2013 at 2:45 PM, Michael Torrie torr...@gmail.com wrote: On 06/03/2013 05:33 PM, Carlos Nepomuceno wrote: I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a few tweaks that I don't remember though. If you don't have any previous experience with Apache httpd settings I wouldn't try that on a production server. Precisely. Given his experience levels, installing httpd from source is recipe for disaster. He's now going to have to track security flaw reports manually, try to figure out which ones apply to him, and keep his apache up to date. I can't think of anything he'd need in Apache that's not in the CentOS packages. I've sys-admined for years and I've never ever needed an Apache outside out of the repos. Sometimes I needed other things I had to build from source, but never apache. Agreed. I'm a Debian guy rather than Red Hat, and by comparison Debian changes with every gust of wind, but the same applies. There's little reason to build most things from source; take advantage of the massive testing that's been done! Of course, there will be times when the version in the repo is just too old, but that's never been the case for me with Apache. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
I think i'll do a chmod 666 /var/log/httpd/suexec.log and see if the error goes away. I think what the problem is, i have the owner and group as root:root with read/write permissions, but apache is likely owned by something else (www:www or apache:webservd). So either i'll have to change the group ownership of the log file to the group apache is running as or change the log file to world read/write, which isn't safe since other people log into the box, but is generally harmless i think with log files. Checking the permissions of /var/log/httpd directory itself: ni...@superhost.gr [~/www/cgi-bin]# ls -ld /var/log/httpd/ drwx-- 2 root root 4096 Jun 1 02:52 /var/log/httpd// Is that a problem? http != Apache ? i'm still confused about what is: '/var/log/httpd' and what is '/usr/local/Apache' Is seems like this is the same service runnign twice under different names. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
I just tried out those: root@nikos [~]# ls -l /var/log/httpd/suexec.log -rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log root@nikos [~]# ls -l /usr/local/apache/logs/suexec_log -rw-rw-r-- 1 root apache 532667 Jun 4 13:11 /usr/local/apache/logs/suexec_log root@nikos [~]# chown root:apache /var/log/httpd/suexec.log root@nikos [~]# ls -l /var/log/httpd/suexec.log -rw-rw-r-- 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log but i'm not usre if they solve the problem or why there are 2 suexec.log files. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Jun 4, 2013, at 6:12 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: Checking the permissions of /var/log/httpd directory itself: ni...@superhost.gr [~/www/cgi-bin]# ls -ld /var/log/httpd/ drwx-- 2 root root 4096 Jun 1 02:52 /var/log/httpd// Is that a problem? http != Apache ? Yes, httpd is Apache, or at least part of Apache. i'm still confused about what is: '/var/log/httpd' and what is '/usr/local/Apache' Is seems like this is the same service runnign twice under different names. Not really. Unix unlike some other OSes, separates your data from your applications. That's one reason, when Apple designed Mac OS X, you can re-install Mac OS X over your current installation, and not lose any data. Your user data is separate from the OS data. The /Usr tree is considered read-only. In theory nothing should write to that folder, unless you are installing Unix tools. Please note, it's not read only in the OS, yes, it does require super user rights, but that tree is not read only. The /Var tree is where the OS writes data to. For example, Log files, temporary work files, etc. I hope this clears some of this up. If I have made any mistakes here, please feel free to politely correct me |-) - Benjamin -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log -rwxr-xr-x 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log* root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /usr/local/apache/logs/error_log root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 root root 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log* root@nikos [/home/nikos/www/cgi-bin]# chown root:apache /usr/local/apache/logs/error_log root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 root apache 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log* root@nikos [/home/nikos/www/cgi-bin]# Now the error i get whn trying to run my scgi script via browser is root@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] suexec failure: could not open log file [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission denied [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: /home/nikos/public_html/500.shtml I just don't get it. I chmod'ed i chown'ed Why still doesn't work? -- http://mail.python.org/mailman/listinfo/python-list
RE: Apache and suexec issue that wont let me run my python script
send the output of the following command: ps aux|grep httpd Date: Tue, 4 Jun 2013 03:56:19 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos.gr...@gmail.com To: python-list@python.org root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log -rwxr-xr-x 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log* root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /usr/local/apache/logs/error_log root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 root root 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log* root@nikos [/home/nikos/www/cgi-bin]# chown root:apache /usr/local/apache/logs/error_log root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 root apache 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log* root@nikos [/home/nikos/www/cgi-bin]# Now the error i get whn trying to run my scgi script via browser is root@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] suexec failure: could not open log file [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission denied [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: /home/nikos/public_html/500.shtml I just don't get it. I chmod'ed i chown'ed Why still doesn't work? -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τρίτη, 4 Ιουνίου 2013 2:04:36 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: send the output of the following command: ps aux|grep httpd root@nikos [/home/nikos/www/data/apps]# ps aux | grep httpd root 19194 0.0 0.2 74224 4440 ?Ss Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL root 19201 0.0 0.1 74136 2576 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19202 0.0 0.2 74492 4320 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19203 0.0 0.2 74488 4304 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19204 0.0 0.2 74488 4352 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19205 0.0 0.2 74492 4336 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19206 0.0 0.2 74544 4328 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19215 0.0 0.2 74492 4300 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 20170 0.0 0.2 74356 4264 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL root 20860 0.0 0.0 103240 856 pts/2S+ Jul13 0:00 grep httpd root@nikos [/home/nikos/www/data/apps]# -- http://mail.python.org/mailman/listinfo/python-list
RE: Apache and suexec issue that wont let me run my python script
The httpd processes are run by user 'nobody'. You have to change your httpd.conf to assign the correct user or change the owner of the log file to nobody. On httpd.conf look for the following directives: User root Group root Date: Tue, 4 Jun 2013 04:09:44 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos.gr...@gmail.com To: python-list@python.org Τη Τρίτη, 4 Ιουνίου 2013 2:04:36 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: send the output of the following command: ps aux|grep httpd root@nikos [/home/nikos/www/data/apps]# ps aux | grep httpd root 19194 0.0 0.2 74224 4440 ?Ss Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL root 19201 0.0 0.1 74136 2576 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19202 0.0 0.2 74492 4320 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19203 0.0 0.2 74488 4304 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19204 0.0 0.2 74488 4352 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19205 0.0 0.2 74492 4336 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19206 0.0 0.2 74544 4328 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 19215 0.0 0.2 74492 4300 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL nobody 20170 0.0 0.2 74356 4264 ?SJul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL root 20860 0.0 0.0 103240 856 pts/2S+ Jul13 0:00 grep httpd root@nikos [/home/nikos/www/data/apps]# -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 root apache 32447472 Jun 4 14:36 /usr/local/apache/logs/error_log* root@nikos [/home/nikos/www/data/apps]# chown nobody:apache /usr/local/apache/logs/error_log root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 nobody apache 32447472 Jun 4 14:36 /usr/local/apache/logs/error_log* still the same error. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τρίτη, 4 Ιουνίου 2013 2:27:25 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: The httpd processes are run by user 'nobody'. You have to change your httpd.conf to assign the correct user or change the owner of the log file to nobody. On httpd.conf look for the following directives: User root Group root Why some httpd run as root(first two) and the rest as nobody? What is user 'nobody' anyways? root@nikos [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'User root' root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'user root' root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'group root' root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'Group root' Doesn't seem to be there. -- http://mail.python.org/mailman/listinfo/python-list
RE: Apache and suexec issue that wont let me run my python script
Post your httpd.conf to pastebin and send us the link... Date: Tue, 4 Jun 2013 04:38:44 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos.gr...@gmail.com To: python-list@python.org root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 root apache 32447472 Jun 4 14:36 /usr/local/apache/logs/error_log* root@nikos [/home/nikos/www/data/apps]# chown nobody:apache /usr/local/apache/logs/error_log root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log -rwxr-xr-x 1 nobody apache 32447472 Jun 4 14:36 /usr/local/apache/logs/error_log* still the same error. -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
RE: Apache and suexec issue that wont let me run my python script
Date: Tue, 4 Jun 2013 04:36:06 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos.gr...@gmail.com To: python-list@python.org Τη Τρίτη, 4 Ιουνίου 2013 2:27:25 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: The httpd processes are run by user 'nobody'. You have to change your httpd.conf to assign the correct user or change the owner of the log file to nobody. On httpd.conf look for the following directives: User root Group root Why some httpd run as root(first two) and the rest as nobody? The root processes are run by init during startup. The nobody processes are started by the first httpd processes based on httpd.conf settings. What is user 'nobody' anyways? Just a user with no shell access. root@nikos [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'User root' root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'user root' root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'group root' root@nikos [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'Group root' Doesn't seem to be there. You have to edit httpd.conf and change the User and Group directives. They currently are set to nobody, so you have to look for ' User nobody' and ' Group nobody'. Take care while editing httpd.conf. Make a backup copy just in case. ;) -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: Post your httpd.conf to pastebin and send us the link... Here it is: http://pastebin.com/kMT2BZp1 -- http://mail.python.org/mailman/listinfo/python-list
RE: Apache and suexec issue that wont let me run my python script
Date: Tue, 4 Jun 2013 04:48:34 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos.gr...@gmail.com To: python-list@python.org Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: Post your httpd.conf to pastebin and send us the link... Here it is: http://pastebin.com/kMT2BZp1 -- http://mail.python.org/mailman/listinfo/python-list Your httpd.conf is automatically generated by cPanel. Take a look: # Defined in /var/cpanel/cpanel.config: apache_portListen 0.0.0.0:82User nobodyGroup nobodyExtendedStatus OnServerAdmin nikos.gr33k@gmail.comServerName nikos.superhost.grLogLevel warn That means you have to change the settings on cPanel not directly editing httpd.conf. I don't use cPanel so I can't help you on that. Good luck! -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τρίτη, 4 Ιουνίου 2013 3:11:18 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: Date: Tue, 4 Jun 2013 04:48:34 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos...@gmail.com To: pytho...@python.org Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε: Post your httpd.conf to pastebin and send us the link... Here it is: http://pastebin.com/kMT2BZp1 -- http://mail.python.org/mailman/listinfo/python-list Your httpd.conf is automatically generated by cPanel. Take a look: # Defined in /var/cpanel/cpanel.config: apache_port Listen 0.0.0.0:82 User nobody Group nobody ExtendedStatus On ServerAdmin nikos...@gmail.com ServerName nikos.superhost.gr LogLevel warn That means you have to change the settings on cPanel not directly editing httpd.conf. I don't use cPanel so I can't help you on that. Good luck! Since, i'm root i will open the file and alter the user nobody to root. Can't i? Also about the suexec.log since i made it 755 why still suexec complain that it cannot open it? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
root@nikos [~]# nano /usr/local/apache/conf/httpd.conf and altering user nobody to user root. root@nikos [~]# service httpd restart [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping Syntax error on line 175 of /usr/local/apache/conf/httpd.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n root@nikos [~]# What can i do? -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Tue, Jun 4, 2013 at 10:57 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: root@nikos [~]# nano /usr/local/apache/conf/httpd.conf and altering user nobody to user root. root@nikos [~]# service httpd restart [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping Syntax error on line 175 of /usr/local/apache/conf/httpd.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n root@nikos [~]# What can i do? Don't do that. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
RE: Apache and suexec issue that wont let me run my python script
Date: Tue, 4 Jun 2013 05:57:54 -0700 Subject: Re: Apache and suexec issue that wont let me run my python script From: nikos.gr...@gmail.com To: python-list@python.org root@nikos [~]# nano /usr/local/apache/conf/httpd.conf and altering user nobody to user root. root@nikos [~]# service httpd restart [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping Syntax error on line 175 of /usr/local/apache/conf/httpd.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n root@nikos [~]# What can i do? You don't need to run httpd as root. In fact it's risky. You can use another user with less privileges to run it like nobody or something else you see fit. I don't think the suggestion to rebuild the server is good, but I don't know how cPanel works so it's just a guess. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τρίτη, 4 Ιουνίου 2013 4:10:58 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: On Tue, Jun 4, 2013 at 10:57 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: root@nikos [~]# nano /usr/local/apache/conf/httpd.conf and altering user nobody to user root. root@nikos [~]# service httpd restart [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping Syntax error on line 175 of /usr/local/apache/conf/httpd.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n Don't do that. Well i can understand its dangerous but it doesnt also let me. So that leaved me the tampering of the log files. root@nikos [~]# chmod 755 /var/log/httpd/error_log root@nikos [~]# chown nobody:nobody /var/log/httpd/error_log root@nikos [~]# chmod 755 /usr/local/apache/logs/error_log root@nikos [~]# chown nobody:nobody /usr/local/apache/logs/error_log BUT just my luck. root@nikos [~]# [Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] suexec failure: could not open log file [Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] fopen: Permission denied [Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py [Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] File does not exist: /home/nikos/public_html/500.shtml [Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] suexec failure: could not open log file [Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] fopen: Permission denied [Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Tue, Jun 4, 2013 at 11:17 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote: I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY. You should try power surging your drivers. Have you got a spare power cord? ChrisA [1] http://www.oocities.org/timessquare/4753/bofh.htm -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
Τη Τρίτη, 4 Ιουνίου 2013 5:33:03 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY. You should try power surging your drivers. Have you got a spare power cord? Jokes are funny, but its over a week now the script is correct and the damn suexec thing doesnt let me do my job. -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On 04/06/2013 15:40, Νικόλαος Κούρας wrote: Τη Τρίτη, 4 Ιουνίου 2013 5:33:03 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε: I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY. You should try power surging your drivers. Have you got a spare power cord? Jokes are funny, but its over a week now the script is correct and the damn suexec thing doesnt let me do my job. I don't know much about the Python suexec module, can you please explain where it's documented. Or is suexec nothing to do with Python? -- Steve is going for the pink ball - and for those of you who are watching in black and white, the pink is next to the green. Snooker commentator 'Whispering' Ted Lowe. Mark Lawrence -- http://mail.python.org/mailman/listinfo/python-list
Re: Apache and suexec issue that wont let me run my python script
On Tue, Jun 4, 2013 at 4:49 PM, Mark Lawrence breamore...@yahoo.co.uk wrote: I don't know much about the Python suexec module, can you please explain where it's documented. Or is suexec nothing to do with Python? From Wikipedia: Apache suEXEC is a feature of the Apache Web server. It allows users to run CGI and SSI applications as a different user - normally, all web server processes run as the default web server user (often wwwrun, Apache or nobody). In other words: Nikolaos is trying to do something HORRIBLY WRONG (just like always). The proper way would be to run the python scripts through WSGI as the standard nobody user. Or do proper file permissions. And WSGI should be used through something intelligent (flask/pyramid/…) --- OT START --- On Tue, Jun 4, 2013 at 4:33 PM, Chris Angelico ros...@gmail.com wrote: You should try power surging your drivers. Have you got a spare power cord? ChrisA [1] http://www.oocities.org/timessquare/4753/bofh.htm -- http://mail.python.org/mailman/listinfo/python-list Please link and read at the BOFH’s page. [0] is the page and [1] is this exact story. [0]: http://bofh.ntk.net/BOFH/index.php [1]: http://bofh.ntk.net/BOFH//bastard07.php -- Kwpolska http://kwpolska.tk | GPG KEY: 5EAAEA16 stop html mail| always bottom-post http://asciiribbon.org| http://caliburn.nl/topposting.html -- http://mail.python.org/mailman/listinfo/python-list