These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for suexec does not work... on the new forum.
Hi there, I've juste setup a CentOS 5.4 machine with Virtualmin GPL (what a breeze as for e-mail setup!!!) and so I've got got Apache installed, with PHP running in FastCGI mode with suexec wrapper.
suexec seems ok, but as a matter of fact, apache always runs as apache:apache, resulting in files and folders created with that user:group settings, which renders them difficult to read/edit through FTP, and other applications have trouble running...
Could someone help ?
Pleeeaaase ! This is really annoying
Thanks in advance !!!
Here are the versions :
Name : httpd
Arch : x86_64
Epoch : 1
Version : 2.2.3
Release : 22.el5.1vm
Name : php
Arch : x86_64
Version : 5.2.10
Release : 1.el5.centos
Here's Apache build info :
# /usr/sbin/httpd -V
Server version: Apache/2.2.3
Server built: Jun 18 2009 17:10:28
Server's Module Magic Number: 20051115:3
Server loaded: APR 1.2.7, APR-Util 1.2.7
Compiled using: APR 1.2.7, APR-Util 1.2.7
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/httpd"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="logs/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
Here's suexec config :
# /usr/sbin/suexec -V
-D AP_DOC_ROOT="/home"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="public_html"
Here are the relevant part of httpd.conf :
LoadModule suexec_module modules/mod_suexec.so
(so I guess it loads!)
Here is a sample config from a vhost :
<VirtualHost x.x.x.x:80>
SuexecUserGroup "#501" "#501"
ServerName blah.tld
ServerAlias webmail. blah.tld
RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail. blah.tld
RewriteRule ^(.*) http://blah2.tld/webmail/ [R]
DocumentRoot "/var/www/html"
DirectoryIndex index.html index.htm index.php
Alias /webmail /usr/share/squirrelmail/
</VirtualHost>
Everything is up-to-date and no errors occured at install time... Please help !!!
Howdy,
It doesn't look like you have a wrapper script setup to get calls to PHP to actually run via fcgid or cgi... which probably means that mod_php is executing them (and doing so as the apache user, as you're seeing).
You can read through this forum topic here to get a feel for how you'd setup the wrapper script to handle PHP/fcgid requests:
http://www.virtualmin.com/node/8462
You'll note that there's some manual configuration to be done in getting all that ready.
The good news is that the next Virtualmin release, version 3.78, will include a built-in way of handling all that on the GPL version.
-Eric
Thanks Eric, but it doesn't seem to work either.
So, here's what I did :
- Create fcgi-bin folder in /home/guzabi - Paste the script for php5.fcgi (found here : http://www.virtualmin.com/node/8462) - Chown and chmod everything correctly (user ok, perms at 755)
But it does not work, though. Apache is still executing as apache:apache. I just see it by looking at cache files that are created when I visit de website. I delete them, re-launch apache, then visit the site, then chekc them and they are still owned by apache:apache.
I've dug a little, though, and found this in my /var/log/httpd/suexec.log :
Does this point you to something else ?
Ahh, I see... the VirtualHost you're working with has a DocumentRoot in /var/www... whereas, suexec expects everything to be in /home.
Try creating a new Virtual Server, which will be created in /home, and setup your website in there... that should do the trick for you :-)
-Eric
Well, sorry but no...
DocumentRoot for that VHOST is /home/guzabi/public_html (that's default Virtualmin setting, btw)
[edit] well, it really is /home/username/public_html. My first post is wrong. Sorry ! [/edit]
and suexec docroot is /home [edit] This one at least was right... [/edit]
I might have found something.
First, I noticed that the errors in the suexec.log I had noticed were old and probably dated back to a priod where I was experimenting to try and get things working. No new errors appeared, so I guess this is a dead lead.
However, digging into Apache conf files, I found this :
This one seems ok, but see this :
What ? Handler for PHP files is php5-script directly? How come ?!
How do I write a correct handler that would use fcgid to handle PHP files, and take suexec settings ?
Please, please help...
I'll try and review all that in a bit, though I'm not quite sure what the problem is... but as a reminder, as soon as the new Virtualmin version releases here shortly, this problem will all go away since it's handled automatically in that version :-)
-Eric
Great. But do you have a time frame for that eagerly awaited new version ? Thanks...
Sorry, all I know is "soon". Joe is working on packaging it up now, I'm not sure how long it'll take.
-Eric
Okay, here's the trick : Suexec does NOT work in Virtualmin 2.77 on CentOS 5.4.
Here's what I did : - Install a fresh CentOS 5.4 (on a virtual machine, but it's a regular CentOS, no tricks)
Install (full automatic) Virtualmin on that server
Create a server (not the default Apache VHost, a regular server just as if it was a client of mine)
Create a PHP script that does fopen(), fwrite() and fclose()
Check the created file : tadaaaa, it's owned by apache:apache.
So please, there clearly is a serious but in here. I can post an issue report if needed, but most of all I desperately need this to work because I have lots of websites that are not working because of this!
Thanks in advance for any help. I can post anything if asked for.
As planned, solved by updating to 3.78. Thanks for your help anyway :-)
Find the fcgid configurations with this command:
The wrapper must be written in the directory: AP_DOC_ROOT to be accessed and run.