On Wednesday 20 July 2005 17:12, Gold, Samuel (Contractor) wrote: > Cwd is current working directory, it is an environment variable. At least > from what I understand. I am not sure what dwd is though. Have you tried > to use truss or strace to see if you are missing a command in your chrooted > environment? What OS are you using?
I've used makejail to make sure that all libs are there. It does not seem to be a lib thing IMHO. I find it interesting what Joshua writes: > Your problem is probably that getcwd is returning the full > (non-chrooted) path to AP_DOC_ROOT inside the jail. I don't know how > to get around that. Does anybody have a idea, how I could test for that? My other plan is to try sbox - it may handle the situation better. Now, I'm rebuilding the Ubuntu apache2 package from source (the second time), with a more informative error message (outputting dwd). Let's see. > > -----Original Message----- > From: dAniel hAhler [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 20, 2005 12:58 AM > To: users@httpd.apache.org > Subject: [EMAIL PROTECTED] suexec with mod_chroot: "command not in docroot" > > > Hi, > > I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems > with suexec complaining: > > [2005-07-20 06:28:13]: uid: (1003/xxxxx) gid: (1003/1003) cmd: > php4-fcgi-starter > [2005-07-20 06:28:13]: command not in docroot > (/fcgi-scripts/web2/php4-fcgi-starter) > > php4-fcgi-starter is a script that should start php-fcgi (I'm using > mod_fastcgi). > > My suexec-docroot is "/", because of mod_chroot: > # /usr/lib/apache2/suexec2 -V > -D AP_DOC_ROOT="/" > -D AP_GID_MIN=100 > -D AP_HTTPD_USER="www-data" > -D AP_LOG_EXEC="/var/log/apache2/suexec.log" > -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" > -D AP_UID_MIN=100 > -D AP_USERDIR_SUFFIX="public_html" > > Therefor I have rebuild the Ubuntu package from source (got the error > "cannot > get docroot information (/var/www)" before). > > From suexec.c it is this part that throws the error: > if ((strncmp(cwd, dwd, strlen(dwd))) != 0) { > log_err("command not in docroot (%s/%s)\n", cwd, cmd); > exit(114); > } > > I'm not sure, what cwd and dwd are set to, but it errors here.. :( > > btw: this error message should be changed into something more verbose: > log_err("command (%s/%s) not in docroot (%s)\n", cwd, cmd, dwd); like some > of the others, too. > > It is really frustrating and would be much easier in my humble opinion, if > suexec would have a chroot() functianality. > > Do you have any suggestions? Is it a bug in suexec? > > Thanks for any ideas and suggestions. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. To > unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: [EMAIL PROTECTED] > " from the digest: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
