[users@httpd] suexec policy violation

Thu, 20 Feb 2014 08:49:28 -0800 

I am trying to setup forms/ldap based authentication for an existing
site.  I am getting an error with suexec.  Not sure what is causing
it.   Below, are log and configuration.

Log

[Thu Feb 20 10:47:35.867218 2014] [core:notice] [pid 26384] AH00094:
Command line: '/usr/sbin/apache2'
[Thu Feb 20 10:47:51.311666 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of Require valid-user : denied (no authenticated
user yet)
[Thu Feb 20 10:47:51.311744 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of <RequireAny>: denied (no authenticated user
yet)
[Thu Feb 20 10:47:51.333617 2014] [authnz_ldap:debug] [pid 26392]
mod_authnz_ldap.c(501): [client 192.168.0.209:55675] AH01691:
auth_ldap authenticate: using URL
ldap://192.168.0.22:389/ou=People,dc=doman,dc=local?mail?sub
[Thu Feb 20 10:47:51.334139 2014] [ldap:debug] [pid 26392]
util_ldap.c(372): AH01278: LDAP: Setting referrals to On.
[Thu Feb 20 10:47:51.339220 2014] [authnz_ldap:debug] [pid 26392]
mod_authnz_ldap.c(593): [client 192.168.0.209:55675] AH01697:
auth_ldap authenticate: accepting user@domain.local
[Thu Feb 20 10:47:51.339335 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of Require valid-user : granted
[Thu Feb 20 10:47:51.339426 2014] [authz_core:debug] [pid 26392]
mod_authz_core.c(802): [client 192.168.0.209:55675] AH01626:
authorization result of <RequireAny>: granted
[Thu Feb 20 10:47:51.342397 2014] [cgi:error] [pid 26392] [client
192.168.0.209:55675] AH01215: suexec policy violation: see suexec log
for more details
[Thu Feb 20 10:47:51.342765 2014] [cgi:error] [pid 26392] [client
192.168.0.209:55675] End of script output before headers: dspam.cgi
[Thu Feb 20 10:47:51.364314 2014] [core:debug] [pid 26392]
util_cookies.c(59): [client 192.168.0.209:55675] AH00007: ap_cookie:
user 'user@domain.local' set cookie:
'session=5NdUE0kHQSGYA+ui0Q3tfOQ9Xe6nEXQIi2bINcDzE5QGKSFto6pcNFFvQFZK4yW+fz9zCqCgK02ibacwHPH+84uyEbqwwuq2h2ZzgD/DvJU9s4g/NUUk13SfoVQdFwyDoFqFxjY2CJYKTUP6dJ9AfoWDMD/EN4uYPQ7/+TzccJ0=;path=/'


Directory /var/www/dspam Permissions

drwxr-xr-x 2 dspam dspam  4096 Feb 20 10:10 .
drwxr-xr-x 3 root  root   4096 Feb 19 19:34 ..
-rwxr-xr-x 1 dspam dspam 29602 Apr  4  2013 admin.cgi
-rwxr-xr-x 1 dspam dspam  5853 Apr  4  2013 admingraph.cgi
-rwxr-xr-x 1 dspam dspam   562 Feb 11 15:47 authenticate.php
-rwxr-xr-x 1 dspam dspam  3179 Feb  7 10:17 base.css
-rwxr-xr-x 1 dspam dspam  7137 Feb  7 10:17 configure.pl
-rw-r--r-- 1 dspam dspam  1394 Feb  6 18:52 default.prefs
-rw-r--r-- 1 dspam dspam  4792 Feb  7 10:17 dspam-logo-small.gif
-rwxr-xr-x 1 dspam dspam 55543 Feb 11 13:07 dspam.cgi
-rw-r--r-- 1 dspam dspam   822 Feb  7 10:17 dspam.js
-rw-r--r-- 1 dspam dspam 15774 Feb  6 18:52 favicon.ico
-rwxr-xr-x 1 dspam dspam  4655 Apr  4  2013 graph.cgi
-rwxr-xr-x 1 dspam dspam 61390 Feb  6 18:52 htmlize.pl
-rwxr-xr-x 1 dspam dspam    20 Feb 19 19:01 info.php
-rw-r--r-- 1 root  root    416 Feb 11 17:16 login.html
-rw-r--r-- 1 root  root    337 Feb 11 15:37 loginb.html
-rwxr-xr-x 1 dspam dspam   718 Feb  6 18:52 logout.cgi
-rwxr-xr-x 1 dspam dspam  1192 Feb 20 10:05 logout.php
-rwxr-xr-x 1 dspam dspam   245 Feb 11 13:34 logout2.php
-rw-r--r-- 1 dspam dspam 17168 Feb  6 18:52 rgb.txt
-rw-r--r-- 1 dspam dspam   589 Feb  6 18:52 rtl.css



site config


<VirtualHost *:80>


LogLevel debug
SuexecUserGroup dspam dspam
Addhandler cgi-script .cgi
Options +ExecCGI -Indexes

DocumentRoot /var/www/dspam

    ErrorDocument 401 /login.html

    Session On
    SessionCookieName session path=/
    SessionCryptoPassphrase secret

    <Location />
        AuthFormProvider ldap
        AuthType form
        AuthName "DSPAM Authentication"
        AuthFormLoginRequiredLocation http://192.168.0.36/login.html
        AuthLDAPURL
"ldap://192.168.0.22:389/ou=People,dc=domain,dc=local?mail?sub";
        AuthLDAPBindDN "CN=LDAP Lookup,OU=Service
Accounts,OU=People,DC=domain,DC=local"
        AuthLDAPBindPassword "password"
        Require valid-user
    </Location>

    <Location /login.html>
        Order allow,Deny
        Allow from all
        require all granted
    </Location>

    <location /logout>
        SetHandler form-logout-handler
        AuthName "DSPAM Authentication"
        AuthFormLogoutLocation http://192.168.0.36/login.html
    </location>

    <Location /dologin.html>
      SetHandler form-login-handler
      AuthType form
      AuthName "DSPAM Authentication"
      AuthFormProvider ldap
      AuthFormLoginRequiredLocation http://192.168.0.36/login.html
    </Location>

#    ErrorLog logs/DSPAMError_log
#    CustomLog logs/DSPAMAccess_log common
</VirtualHost>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to