Hi Guys,
I have a little problem: my server is running whit mod_vhost_alias and
mod_fastcgi (i only use it whit php5-cgi). I Use it whit VirtualScriptAlias
directive so i haven't to restart the webserver every time i add an user
(of course i haven't any vhost).
For security reasons i MUST use
Hi everybody
I have just configured a LDAP based Samba Server. Now i want the users to
publish their websites with the module UserDir. The problem is that user's
directories are chmoded 700 (and I want to be 700), so Apache user
(www-data) can not access the files of the user. I have thought to
On July 8, 2008 06:30:01 pm Res wrote:
On Tue, 8 Jul 2008, Nick Wiltshire wrote:
Hi list,
I'm trying to set up suExec with virtual hosts, and I am either going
about this all wrong, or I have found a bug.
Given the following vhost:
VirtualHost *:80
SuexecUserGroup
Hi list,
I'm trying to set up suExec with virtual hosts, and I am either going about
this all wrong, or I have found a bug.
Given the following vhost:
VirtualHost *:80
SuexecUserGroup example.org example.org
ScriptAlias /php5 ~/cgi-bin/php
Action php5-cgi /php5
Hi,
I'm trying to configure a webserver using virtualmin with suexec and
fastcgi. I used the following setting s and get the error as seen in
error_log. Any ideas? The OS is Solaris 10.
in httpd.conf:
LoadModule fastcgi_module libexec/mod_fastcgi.so
LoadModule suexec_module
Hi,
I want to set up a system like this :
/var/www/user/htdocs/abc.com
/var/www/user/htdocs/def.com
...
To serve php ( and maybe later other systems ) I chose fastcgi and
suexec that I modified to chroot, for flexibility and security.
I chroot to /var/www/user .
For each user I want a minimum
--- Jos Ewert [EMAIL PROTECTED] wrote:
Hi,
I want to set up a system like this :
/var/www/user/htdocs/abc.com
/var/www/user/htdocs/def.com
...
try with
/var/www/htdocs/user/ - trailing slash if putting
virtual hosts under this folder, since each vh need to
be given a unique document
Am 31.07.2007, 14:20 Uhr, schrieb Jaqui Greenlees
[EMAIL PROTECTED]:
--- Jos Ewert [EMAIL PROTECTED] wrote:
Hi,
I want to set up a system like this :
/var/www/user/htdocs/abc.com
/var/www/user/htdocs/def.com
...
try with
/var/www/htdocs/user/ - trailing slash if putting
virtual hosts
Joshua Slive schrieb:
On 2/7/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
Joshua Slive schrieb:
On 2/7/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
However, if I set modes for the files
to 600, i get 403. I don't see why this is happening, since the pages
should be read/run as foo.
Do you
On 2/14/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
Thanks for the detailed explanation. I'm running php as CGI now, but
I've run into a strange issue.
Firstly, I got this message:
[2007-02-12 20:37:45]: cannot get docroot information (/usr/local/www/data)
I wondered why I get this, since the
Hello list,
I'm setting up a webserver with php. Here, security is very important,
thus I want to use SuExec for running each website as a separate user.
I've set up a VirtualHost as:
VirtualHost *:80
SuexecUserGroup foo foo
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /var/www/www.foo.hu
On 2/7/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
However, if I set modes for the files
to 600, i get 403. I don't see why this is happening, since the pages
should be read/run as foo.
Do you understand that suexec affects only CGI scripts and not normal
requests or requests served by apache
Joshua Slive schrieb:
On 2/7/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
However, if I set modes for the files
to 600, i get 403. I don't see why this is happening, since the pages
should be read/run as foo.
Do you understand that suexec affects only CGI scripts and not normal
requests or
On 2/7/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
Joshua Slive schrieb:
On 2/7/07, Kövesdán Gábor [EMAIL PROTECTED] wrote:
However, if I set modes for the files
to 600, i get 403. I don't see why this is happening, since the pages
should be read/run as foo.
Do you understand that suexec
with it to change the page title.
Olivier
Olivier CHIROUZE
I0 Infrastructure
Volvo Information Technology
-Original Message-
From: Florian Effenberger [mailto:[EMAIL PROTECTED]
Sent: 31 January 2007 17:06
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] suEXEC and RewriteRule
Hi Olivier,
Hmm... mod_rewrite only rewrites the URL... It doens't change the
content.
I guess you use the dynamically generated listing?
So you should probably play with the directive that allows you to list
directories. I don't remember which one it is and don't use it myself.
But I guess you
Subject: [EMAIL PROTECTED] suEXEC and RewriteRule
Hello,
I have some virtual sites where UserDirs like /~michael should be
available under a different name, like /projects/design. These
directories contain CGI scripts run by suEXEC, which results in 500
Internal Server error when
Hi Olivier,
I'm not exactly sure RewriteRule accepts all sorts of regex, such as
?.
But if so, I guess the following should do:
RewriteRule ^/projects/design/(.?) http://www.mydoma.in/~michael/$1 [P]
And below:
RewriteRule ^/projects/design/ - [F]
Or even:
RewriteRule .* - [F]
That
Hello,
I have some virtual sites where UserDirs like /~michael should be
available under a different name, like /projects/design. These
directories contain CGI scripts run by suEXEC, which results in 500
Internal Server error when NOT being called as /~michael.
Right now, I do
RewriteRule
Hi everyone,
we are using a CGI under Apache that is spawned under a different user
through mod_suexec.
Everything is fine except the verbosity of the suEXEC mechanism, which
writes a notice for every request that is passed to the CGI:
[2006-10-03 11:52:11]: uid: (501/tmctaux) gid: (501/501)
On 10/3/06, Fabio Corazza [EMAIL PROTECTED] wrote:
What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?
Sorry, but I'm not going to give you advice on hacking suexec. The
consequences if I made a mistake or
Joshua Slive wrote:
On 10/3/06, Fabio Corazza [EMAIL PROTECTED] wrote:
What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?
Sorry, but I'm not going to give you advice on hacking suexec. The
consequences
Fabio Corazza wrote:
[snip]
Everything is fine except the verbosity of the suEXEC mechanism, which
writes a notice for every request that is passed to the CGI:
[snip]
With the help of a colleague we wrote a patch to get rid of excessive
verbosity of suEXEC, for whom they intend to run it on
On 6/18/06, Daniel Fernandez [EMAIL PROTECTED] wrote:
Hi.
I need a patch for the suexec to chroot every virtualsite.
Have any patch to it?
You've asked the same question three times, but it seems you haven't
spent much time with google:
http://www.apachesecurity.net/tools/index.html
I have
I am with google during one week, but this patch don´t work with
virtualhost, all the chroot paths are for chroot the apache, and i
need chroot for every virtualhost.
Thanks.
Daniel.
2006/6/19, Joshua Slive [EMAIL PROTECTED]:
On 6/18/06, Daniel Fernandez [EMAIL PROTECTED] wrote:
Hi.
I need
On 6/19/06, Daniel Fernandez [EMAIL PROTECTED] wrote:
I am with google during one week, but this patch don´t work with
virtualhost, all the chroot paths are for chroot the apache, and i
need chroot for every virtualhost.
Well, I know nothing about the issue. But if you're going to ask
Hi.
I need a patch for the suexec to chroot every virtualsite.
Have any patch to it?
Daniel
-
The official User-To-User support forum of the Apache HTTP Server Project.
See URL:http://httpd.apache.org/userslist.html for more
Hello,
I have a SuSe 9.3 server, with apache version 2.0.53 and suexec
configured. It was working for months. One day, it stopped working for
ALL virtual hosts. I might have misconfigured something, but I'm not
sure what is the problem. When I start up apache, I see this in the
error_log:
I need to use Suexec with apache and fastcgi, so I can got better performance but the article I followed are all missing something, any one know how?I am running apache 2 on Fedora 5Thanks in advanced.
Osama.
hi list
i m wondering that my cgi scripts are being access denied, i thin kits
matter of suexec
but i m not finding any help about how to use it
i placed
SuexecUserGroup mine mine
but when restarting it says
configuration broken, ignoring restart
is it a wrong placement of directive
Regards
Hi,
On Tue, 2006-01-24 at 13:22 -0500, Joshua Slive wrote:
On 1/24/06, Mario Ohnewald [EMAIL PROTECTED] wrote:
When i tried to write a file to my homedir with php´s fwrite i got
permission denied. So i guess its like you already told me.
Php is not using the suexec yet.
What
On 1/25/06, Mario Ohnewald [EMAIL PROTECTED] wrote:
The error i get now is the following:
---
[error] [client 192.168.1.201] Premature end of script headers: test.php
[error] [client 192.168.1.201] Error in suphp.c on line 256:
Hello List.
I am running apache2 (2.0.54-5) on Sarge.
Where can i go from here? How could i debug this problem a little
further?
Error:
-
cat /var/log/apache2/suexec.log
[2006-01-24 16:55:55]: too few arguments
Configs and Logs:
On 1/24/06, Mario Ohnewald [EMAIL PROTECTED] wrote:
Hello List.
I am running apache2 (2.0.54-5) on Sarge.
Where can i go from here? How could i debug this problem a little
further?
What's the problem exactly? You haven't told us exactly what you are
trying to do and how it is failing.
Hello Joshua,
On Tue, 2006-01-24 at 11:16 -0500, Joshua Slive wrote:
On 1/24/06, Mario Ohnewald [EMAIL PROTECTED] wrote:
Hello List.
I am running apache2 (2.0.54-5) on Sarge.
Where can i go from here? How could i debug this problem a little
further?
What's the problem exactly?
On 1/24/06, Mario Ohnewald [EMAIL PROTECTED] wrote:
When i tried to write a file to my homedir with php´s fwrite i got
permission denied. So i guess its like you already told me.
Php is not using the suexec yet.
What documentation will i need next?
(i found a few, but they are mostly buggy,
On 12/28/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hey guys.
Trying to get this thing to work. But am getting this error.
[2005-12-28 13:36:30]: uid: (514/dspam) gid: (514/514) cmd: dspam.cgi
[2005-12-28 13:36:30]: command not in docroot (/web/spam/html/dspam.cgi)
the users home is
Hey guys.
Trying to get this thing to work. But am getting this error.
[2005-12-28 13:36:30]: uid: (514/dspam) gid: (514/514) cmd: dspam.cgi
[2005-12-28 13:36:30]: command not in docroot (/web/spam/html/dspam.cgi)
the users home is /web/spam/html
the doc root (default host) is /web
the
Rob - What is the full definition for your virtual host
container please?
Keith
On Wed, 28 Dec 2005 [EMAIL PROTECTED] wrote:
To: users@httpd.apache.org
From: [EMAIL PROTECTED]
Subject: [EMAIL PROTECTED] suexec
Hey guys.
Trying to get this thing to work. But am getting
Hi All,
I have made progress with my previous suexec + mod_ldap_user
+ multiple vhosts issue, however I am now getting a strange problem where
suexec is being called when I try accessing a cgi in one vhost but not another:
[pid 23260] read(43, [EMAIL PROTECTED]
Available\0/u/a/[EMAIL
not doing something stupid, and if
there really is an issue then I will lodge a bug report.
Adam.
-Original Message-
From: Adam Hewitt
Sent: Wednesday, 30 November 2005 2:03 PM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] suexec + mod_ldap_user + multiple realms
Hi All,
I have a setup
On 12/1/05, Adam Hewitt [EMAIL PROTECTED] wrote:
As you can see here, Apache finds the correct home directory after
looking it up from LDAP (/u/0/3/1572830/) and allows the 'filedel.cgi'
script to be run. It then tries to lookup the details from nscd, but it
only passes sword instead of
Hi.
I have another question about SuExec and symlinks. Now I've found out
that linking to executables via symlinks violates SuExecs security
model.
However, suexec only checks for things inside docroot doesn't it? If a
symlink is present outside of that it wouldn't violate the security
Hi All,
I have a setup where I have roughly 14 different realms (aquired ISP's)
and users in each realm are listed in LDAP using [EMAIL PROTECTED]
straight forward.
I have configured apache2 with mod_ldap_userdir such that if
[EMAIL PROTECTED] accesses http://homepages.domain1.com/~bill that the
On 11/11/05, Sven Karlsson [EMAIL PROTECTED] wrote:
Hello,
I'm setting up a hosting site with virtual domains, and to increase security
I intend to run suexec'd php and cgi's.
I'd also like to keep redundancy to a minimum; i.e. only one copy of php in
/usr/lib/cgi-bin . If I need to
Hello,I'm setting up a hosting site with virtual domains, and to increase security I intend to run suexec'd php and cgi's.I'd also like to keep redundancy to a minimum; i.e. only one copy of php in /usr/lib/cgi-bin . If I need to upgrade php, I'd like
to do it in one place, not messing with users
I see your point regarding sudo. This opens up a can of security-related
worms. Could anyone suggest a safe, reliable way to authenticate users
via Apache and then execute code as the user to do things like:
* change passwords
* turn off/on vacation
Regards,
Joshua Slive wrote:
On
On 10/26/05, Gordon Thagard [EMAIL PROTECTED] wrote:
I see your point regarding sudo. This opens up a can of security-related
worms. Could anyone suggest a safe, reliable way to authenticate users
via Apache and then execute code as the user to do things like:
* change passwords
* turn
Hello All,
I'm unclear as to how one part of suEXEC works. Specifically, I'm
refering to the documentation located at
http://httpd.apache.org/docs/1.3/suexec.html#usage:
*User directories:*
The suEXEC wrapper can also be used to execute CGI programs as the user
to which the request is being
On 10/25/05, Gordon Thagard [EMAIL PROTECTED] wrote:
After reading the security checks list it seems somewhat clear that only
the apache (perhaps the nobody user, as that's how I've set mine) user
can execute cgi or PHP code. I want users to be able to authenticate and
then be able to:
a.
On 9/19/05, Oscar Haeger [EMAIL PROTECTED] wrote:
What I'd like to know is if SuExec somehow prevents me from running scripts
via
symlinks.
I have a webserver with SuExec installed and I'd like to be able to run
scripts
that resides in other peoples cgi-bin directories. I've tested this
On 7/20/05, dAniel hAhler [EMAIL PROTECTED] wrote:
Hi,
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
with suexec complaining:
[2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
php4-fcgi-starter
[2005-07-20 06:28:13]: command not in docroot
Joshua Slive wrote:
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
with suexec complaining:
[2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
php4-fcgi-starter
[2005-07-20 06:28:13]: command not in docroot
: dAniel hAhler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 12:58 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] suexec with mod_chroot: command not in docroot
Hi,
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
with suexec complaining:
[2005-07
On 7/20/05, dAniel hAhler [EMAIL PROTECTED] wrote:
Joshua Slive wrote:
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now
problems
with suexec complaining:
[2005-07-20 06:28:13]: uid: (1003/x) gid: (1003/1003) cmd:
php4-fcgi-starter
[2005-07-20
.
-Original Message-
From: dAniel hAhler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 20, 2005 12:58 AM
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] suexec with mod_chroot: command not in docroot
Hi,
I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now
Hi,
Thanks for all your help, it was a very stupid mistake of myself..
/fcgi-scripts/.. still was not in the docroot, because the suexec2 in the
chroot was still the old one... :/
I thought I had hardlinked it there, but it seems to have been copied only.
Sorry.
57 matches
Mail list logo