Hi Guys,
I have a "little" problem: my server is running whit mod_vhost_alias and
mod_fastcgi (i only use it whit php5-cgi). I Use it whit VirtualScriptAlias
directive so i haven't to restart the webserver every time i add an user
(of course i haven't any vhost).
For security reasons i MUST use
Hi everybody
I have just configured a LDAP based Samba Server. Now i want the users to
publish their websites with the module UserDir. The problem is that user's
directories are chmoded 700 (and I want to be 700), so Apache user
(www-data) can not access the files of the user. I have thought to us
On July 8, 2008 06:30:01 pm Res wrote:
> On Tue, 8 Jul 2008, Nick Wiltshire wrote:
> > Hi list,
> >
> > I'm trying to set up suExec with virtual hosts, and I am either going
> > about this all wrong, or I have found a bug.
> >
> > Given the following vhost:
> >
> >
> > SuexecUserGroup example.
Hi list,
I'm trying to set up suExec with virtual hosts, and I am either going about
this all wrong, or I have found a bug.
Given the following vhost:
SuexecUserGroup example.org example.org
ScriptAlias /php5 ~/cgi-bin/php
Action php5-cgi /php5
AddHandler php5-
Hi,
I'm trying to configure a webserver using virtualmin with suexec and
fastcgi. I used the following setting s and get the error as seen in
error_log. Any ideas? The OS is Solaris 10.
in httpd.conf:
LoadModule fastcgi_module libexec/mod_fastcgi.so
LoadModule suexec_module libexec/mod_suexe
Am 31.07.2007, 14:20 Uhr, schrieb Jaqui Greenlees
<[EMAIL PROTECTED]>:
--- Jos Ewert <[EMAIL PROTECTED]> wrote:
Hi,
I want to set up a system like this :
/var/www/user/htdocs/abc.com
/var/www/user/htdocs/def.com
...
try with
/var/www/htdocs/user/ <- trailing slash if putting
virtual ho
--- Jos Ewert <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I want to set up a system like this :
>
> /var/www/user/htdocs/abc.com
> /var/www/user/htdocs/def.com
> ...
try with
/var/www/htdocs/user/ <- trailing slash if putting
virtual hosts under this folder, since each vh need to
be given a unique d
Hi,
I want to set up a system like this :
/var/www/user/htdocs/abc.com
/var/www/user/htdocs/def.com
...
To serve php ( and maybe later other systems ) I chose fastcgi and
suexec that I modified to chroot, for flexibility and security.
I chroot to /var/www/user .
For each user I want a minimum o
On 2/14/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
Thanks for the detailed explanation. I'm running php as CGI now, but
I've run into a strange issue.
Firstly, I got this message:
[2007-02-12 20:37:45]: cannot get docroot information (/usr/local/www/data)
I wondered why I get this, since the
Joshua Slive schrieb:
On 2/7/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
Joshua Slive schrieb:
> On 2/7/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
>> However, if I set modes for the files
>> to 600, i get 403. I don't see why this is happening, since the pages
>> should be read/run as foo.
On 2/7/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
Joshua Slive schrieb:
> On 2/7/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
>> However, if I set modes for the files
>> to 600, i get 403. I don't see why this is happening, since the pages
>> should be read/run as foo.
>
> Do you understand t
Joshua Slive schrieb:
On 2/7/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
However, if I set modes for the files
to 600, i get 403. I don't see why this is happening, since the pages
should be read/run as foo.
Do you understand that suexec affects only CGI scripts and not normal
requests or re
On 2/7/07, Kövesdán Gábor <[EMAIL PROTECTED]> wrote:
However, if I set modes for the files
to 600, i get 403. I don't see why this is happening, since the pages
should be read/run as foo.
Do you understand that suexec affects only CGI scripts and not normal
requests or requests served by apache
Hello list,
I'm setting up a webserver with php. Here, security is very important,
thus I want to use SuExec for running each website as a separate user.
I've set up a VirtualHost as:
SuexecUserGroup foo foo
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/www.foo.hu
ServerName www.foo.hu
Hi Olivier,
Hmm... mod_rewrite only rewrites the URL... It doens't change the
content.
I guess you use the dynamically generated listing?
So you should probably play with the directive that allows you to list
directories. I don't remember which one it is and don't use it myself.
But I guess you
u can play with it to change the page title.
Olivier
Olivier CHIROUZE
I&0 Infrastructure
Volvo Information Technology
> -Original Message-
> From: Florian Effenberger [mailto:[EMAIL PROTECTED]
> Sent: 31 January 2007 17:06
> To: users@httpd.apache.org
> Subject
Hi Olivier,
I'm not exactly sure RewriteRule accepts all sorts of regex, such as
"?".
But if so, I guess the following should do:
RewriteRule ^/projects/design/(.?) http://www.mydoma.in/~michael/$1 [P]
And below:
RewriteRule ^/projects/design/ - [F]
Or even:
RewriteRule .* - [F]
That wou
ent: 31 January 2007 00:37
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] suEXEC and RewriteRule
>
> Hello,
>
> I have some virtual sites where UserDirs like /~michael should be
> available under a different name, like /projects/design. These
> directories contain CGI
Hello,
I have some virtual sites where UserDirs like /~michael should be
available under a different name, like /projects/design. These
directories contain CGI scripts run by suEXEC, which results in 500
Internal Server error when NOT being called as /~michael.
Right now, I do
RewriteRule ^
Fabio Corazza wrote:
[snip]
> Everything is fine except the verbosity of the suEXEC mechanism, which
> writes a notice for every request that is passed to the CGI:
[snip]
With the help of a colleague we wrote a patch to get rid of excessive
verbosity of suEXEC, for whom they intend to run it on hi
Joshua Slive wrote:
> On 10/3/06, Fabio Corazza <[EMAIL PROTECTED]> wrote:
>
>> What it concerns me is: if I delete the logging of the transactions,
>> will suEXEC be able to open the log file if any other error happens?
>
> Sorry, but I'm not going to give you advice on hacking suexec. The
> co
On 10/3/06, Fabio Corazza <[EMAIL PROTECTED]> wrote:
What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?
Sorry, but I'm not going to give you advice on hacking suexec. The
consequences if I made a mistake or
Joshua Slive wrote:
> Those messages are generated within suexec and since suexec is not
> run-time configurable (for security reasons) they are not
> configurable. You would need to edit the source code and recompile
> (being careful to heed the warnings about not messing with suexec
> unless you
On 10/3/06, Fabio Corazza <[EMAIL PROTECTED]> wrote:
Hi everyone,
we are using a CGI under Apache that is spawned under a different user
through mod_suexec.
Everything is fine except the verbosity of the suEXEC mechanism, which
writes a notice for every request that is passed to the CGI:
[2006
Hi everyone,
we are using a CGI under Apache that is spawned under a different user
through mod_suexec.
Everything is fine except the verbosity of the suEXEC mechanism, which
writes a notice for every request that is passed to the CGI:
[2006-10-03 11:52:11]: uid: (501/tmctaux) gid: (501/501) cmd
On 6/19/06, Daniel Fernandez <[EMAIL PROTECTED]> wrote:
I am with google during one week, but this patch don´t work with
virtualhost, all the chroot paths are for chroot the apache, and i
need chroot for every virtualhost.
Well, I know nothing about the issue. But if you're going to ask
questi
I am with google during one week, but this patch don´t work with
virtualhost, all the chroot paths are for chroot the apache, and i
need chroot for every virtualhost.
Thanks.
Daniel.
2006/6/19, Joshua Slive <[EMAIL PROTECTED]>:
On 6/18/06, Daniel Fernandez <[EMAIL PROTECTED]> wrote:
> Hi.
>
>
On 6/18/06, Daniel Fernandez <[EMAIL PROTECTED]> wrote:
Hi.
I need a patch for the suexec to chroot every virtualsite.
Have any patch to it?
You've asked the same question three times, but it seems you haven't
spent much time with google:
http://www.apachesecurity.net/tools/index.html
I have
Hi.
I need a patch for the suexec to chroot every virtualsite.
Have any patch to it?
Daniel
-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info
Hello,
I have a SuSe 9.3 server, with apache version 2.0.53 and suexec
configured. It was working for months. One day, it stopped working for
ALL virtual hosts. I might have misconfigured something, but I'm not
sure what is the problem. When I start up apache, I see this in the
error_log:
I need to use Suexec with apache and fastcgi, so I can got better performance but the article I followed are all missing something, any one know how?I am running apache 2 on Fedora 5Thanks in advanced.
Osama.
On 2/21/06, azeem ahmad <[EMAIL PROTECTED]> wrote:
> hi list
> i m wondering that my cgi scripts are being access denied, i thin kits
> matter of suexec
> but i m not finding any help about how to use it
> i placed
> SuexecUserGroup mine mine
> but when restarting it says
> configuration broken, ig
hi list
i m wondering that my cgi scripts are being access denied, i thin kits
matter of suexec
but i m not finding any help about how to use it
i placed
SuexecUserGroup mine mine
but when restarting it says
configuration broken, ignoring restart
is it a wrong placement of directive
Regards
Aze
On 1/25/06, Mario Ohnewald <[EMAIL PROTECTED]> wrote:
> The error i get now is the following:
> ---
> [error] [client 192.168.1.201] Premature end of script headers: test.php
> [error] [client 192.168.1.201] Error in suphp.c on line 2
Hi,
On Tue, 2006-01-24 at 13:22 -0500, Joshua Slive wrote:
> On 1/24/06, Mario Ohnewald <[EMAIL PROTECTED]> wrote:
>
> > When i tried to write a file to my homedir with php´s fwrite i got
> > permission denied. So i guess its like you already told me.
> > Php is not using the suexec yet.
> >
> >
On 1/24/06, Mario Ohnewald <[EMAIL PROTECTED]> wrote:
> When i tried to write a file to my homedir with php´s fwrite i got
> permission denied. So i guess its like you already told me.
> Php is not using the suexec yet.
>
> What documentation will i need next?
> (i found a few, but they are mostly
Hello Joshua,
On Tue, 2006-01-24 at 11:16 -0500, Joshua Slive wrote:
> On 1/24/06, Mario Ohnewald <[EMAIL PROTECTED]> wrote:
> > Hello List.
> >
> > I am running apache2 (2.0.54-5) on Sarge.
> >
> > Where can i go from here? How could i debug this problem a little
> > further?
>
> What's the prob
On 1/24/06, Mario Ohnewald <[EMAIL PROTECTED]> wrote:
> Hello List.
>
> I am running apache2 (2.0.54-5) on Sarge.
>
> Where can i go from here? How could i debug this problem a little
> further?
What's the problem exactly? You haven't told us exactly what you are
trying to do and how it is failin
Hello List.
I am running apache2 (2.0.54-5) on Sarge.
Where can i go from here? How could i debug this problem a little
further?
Error:
-
cat /var/log/apache2/suexec.log
[2006-01-24 16:55:55]: too few arguments
Configs and Logs:
---
On 12/28/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hey guys.
>
>
> Trying to get this thing to work. But am getting this error.
> [2005-12-28 13:36:30]: uid: (514/dspam) gid: (514/514) cmd: dspam.cgi
> [2005-12-28 13:36:30]: command not in docroot (/web/spam/html/dspam.cgi)
>
> the users
Wed, 28 Dec 2005 [EMAIL PROTECTED] wrote:
>
>> To: users@httpd.apache.org
>> From: [EMAIL PROTECTED]
>> Subject: [EMAIL PROTECTED] suexec
>>
>> Hey guys.
>>
>>
>> Trying to get this thing to work. But am getting this error.
>> [2005-12-28
Rob - What is the full definition for your virtual host
container please?
Keith
On Wed, 28 Dec 2005 [EMAIL PROTECTED] wrote:
> To: users@httpd.apache.org
> From: [EMAIL PROTECTED]
> Subject: [EMAIL PROTECTED] suexec
>
> Hey guys.
>
>
> Trying to get this thing
Hey guys.
Trying to get this thing to work. But am getting this error.
[2005-12-28 13:36:30]: uid: (514/dspam) gid: (514/514) cmd: dspam.cgi
[2005-12-28 13:36:30]: command not in docroot (/web/spam/html/dspam.cgi)
the users home is /web/spam/html
the doc root (default host) is /web
the virtua
Hi All,
I have made progress with my previous suexec + mod_ldap_user
+ multiple vhosts issue, however I am now getting a strange problem where
suexec is being called when I try accessing a cgi in one vhost but not another:
[pid 23260] read(43, "[EMAIL PROTECTED]
Available\0/u/a/[EMA
On 12/1/05, Adam Hewitt <[EMAIL PROTECTED]> wrote:
> As you can see here, Apache finds the correct home directory after
> looking it up from LDAP (/u/0/3/1572830/) and allows the 'filedel.cgi'
> script to be run. It then tries to lookup the details from nscd, but it
> only passes "sword" instead o
sword" instead of "[EMAIL PROTECTED]", but because we
have a second user with uid of 'sword' this uid and gid is returned and
then passed onto suexec ("~869640", "105")...so for some reason apache2
isn't passing the realm onto libnss-ldap??
Can a
Hi All,
I have a setup where I have roughly 14 different realms (aquired ISP's)
and users in each realm are listed in LDAP using [EMAIL PROTECTED]
straight forward.
I have configured apache2 with mod_ldap_userdir such that if
[EMAIL PROTECTED] accesses http://homepages.domain1.com/~bill that the
Hi.
I have another question about SuExec and symlinks. Now I've found out
that linking to executables via symlinks violates SuExecs security
model.
However, suexec only checks for things inside docroot doesn't it? If a
symlink is present outside of that it wouldn't violate the security
mode
On 11/11/05, Sven Karlsson <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I'm setting up a hosting site with virtual domains, and to increase security
> I intend to run suexec'd php and cgi's.
>
> I'd also like to keep redundancy to a minimum; i.e. only one copy of php in
> /usr/lib/cgi-bin . If I need t
Hello,I'm setting up a hosting site with virtual domains, and to increase security I intend to run suexec'd php and cgi's.I'd also like to keep redundancy to a minimum; i.e. only one copy of php in /usr/lib/cgi-bin . If I need to upgrade php, I'd like
to do it in one place, not messing with users
On 10/26/05, Gordon Thagard <[EMAIL PROTECTED]> wrote:
> I see your point regarding sudo. This opens up a can of security-related
> worms. Could anyone suggest a safe, reliable way to authenticate users
> via Apache and then execute code as the user to do things like:
>
> * change passwords
> * tur
I see your point regarding sudo. This opens up a can of security-related
worms. Could anyone suggest a safe, reliable way to authenticate users
via Apache and then execute code as the user to do things like:
* change passwords
* turn off/on vacation
Regards,
Joshua Slive wrote:
On 10/25/05,
On 10/25/05, Gordon Thagard <[EMAIL PROTECTED]> wrote:
> After reading the security checks list it seems somewhat clear that only
> the apache (perhaps the "nobody" user, as that's how I've set mine) user
> can execute cgi or PHP code. I want users to be able to authenticate and
> then be able to:
Hello All,
I'm unclear as to how one part of suEXEC works. Specifically, I'm
refering to the documentation located at
http://httpd.apache.org/docs/1.3/suexec.html#usage:
*User directories:*
The suEXEC wrapper can also be used to execute CGI programs as the user
to which the request is being
On 9/19/05, Oscar Haeger <[EMAIL PROTECTED]> wrote:
> What I'd like to know is if SuExec somehow prevents me from running scripts
> via
> symlinks.
> I have a webserver with SuExec installed and I'd like to be able to run
> scripts
> that resides in other peoples cgi-bin directories. I've tested
Hi.
First I'd like to apologize if this question has been asked before, but I've
scanned the archives and haven't found anything about it.
What I'd like to know is if SuExec somehow prevents me from running scripts via
symlinks.
I have a webserver with SuExec installed and I'd like to be able to r
Hi,
Thanks for all your help, it was a very stupid mistake of myself..
"/fcgi-scripts/.." still was not in the docroot, because the suexec2 in the
chroot was still the old one... :/
I thought I had hardlinked it there, but it seems to have been copied only.
Sorry.
mative error message (outputting dwd).
Let's see.
>
> -Original Message-
> From: dAniel hAhler [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 20, 2005 12:58 AM
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] suexec with mod_chroot: "command not in doc
On 7/20/05, dAniel hAhler <[EMAIL PROTECTED]> wrote:
> Joshua Slive wrote:
>
> > > I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now
> > > problems
> > > with suexec complaining:
> > >
> > > [2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
> > > php4-fcgi-starter
>
: dAniel hAhler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 12:58 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] suexec with mod_chroot: "command not in docroot"
Hi,
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
with suexec comp
Joshua Slive wrote:
> > I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
> > with suexec complaining:
> >
> > [2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
> > php4-fcgi-starter
> > [2005-07-20 06:28:13]: command not in docroot
> > (/fcgi-scripts/web2/ph
On 7/20/05, dAniel hAhler <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
> with suexec complaining:
>
> [2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
> php4-fcgi-starter
> [2005-07-20 06:28:13]: command not in docr
Hi,
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
with suexec complaining:
[2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
php4-fcgi-starter
[2005-07-20 06:28:13]: command not in docroot
(/fcgi-scripts/web2/php4-fcgi-starter)
php4-fcgi-starter is a
63 matches
Mail list logo
