SuexecUserGroup configured, but suEXEC is disable

Howdy -- hmm, what is the output of these commands:

It looks like part of the output from the package listings was cut off... could you run this command:

That will show whether the apache2-suexec-custom is installed, which we want rather than just apache2-suexec.

The difference between those two things you created, is that one is using suexec, and the other isn't. What we're trying to do here is discover why suexec isn't working on your system.

What is the output of this command:

Out of curiosity, is this on a dedicated server, or on a VPS you setup? Or is this on a VPS controlled by a provider, using an image they made?

However, what you could try doing is running this command:

chmod 4755 /usr/lib/apache2/suexec-custom

Does Apache start after that?

The title of this post matches my problem and I've posted a question to stackoverflow.com about it.

Here's the output of the afore-requested commands:

~# ls -l /usr/lib/apache2/suexec
lrwxrwxrwx 1 root root 24 Aug 12  2019 /usr/lib/apache2/suexec -> /etc/alternatives/suexec
~# dpkg -l 'apache2*'
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                            Version          Architecture Description
+++-===============================-================-============-=============================================================
ii  apache2                         2.4.38-3+deb10u3 amd64        Apache HTTP Server
un  apache2-api-20120211                              (no description available)
un  apache2-api-20120211-openssl1.1                   (no description available)
ii  apache2-bin                     2.4.38-3+deb10u3 amd64        Apache HTTP Server (modules and other binary files)
ii  apache2-data                    2.4.38-3+deb10u3 all          Apache HTTP Server (common files)
ii  apache2-doc                     2.4.38-3+deb10u3 all          Apache HTTP Server (on-site documentation)
un  apache2-suexec                                    (no description available)
ii  apache2-suexec-custom           2.4.38-3+deb10u3 amd64        Apache HTTP Server configurable suexec program for mod_suexec
un  apache2-suexec-pristine                           (no description available)
ii  apache2-utils                   2.4.38-3+deb10u3 amd64        Apache HTTP Server (utility programs for web servers)
un  apache2.2-bin                                     (no description available)
un  apache2.2-common                                  (no description available)
~# ls /etc/apache2/mods-enabled
access_compat.load  auth_basic.load   authz_host.load  cgi.load      dav_svn.load  env.load     mime.load         php7.3.conf          proxy_connect.load  rewrite.load        ssl.conf
actions.conf        auth_digest.load  authz_svn.load   dav_fs.conf   deflate.conf  fcgid.conf   mpm_prefork.conf  php7.3.load          proxy_http.load     setenvif.conf       ssl.load
actions.load        authn_core.load   authz_user.load  dav_fs.load   deflate.load  fcgid.load   mpm_prefork.load  proxy_balancer.conf  proxy.load          setenvif.load       status.conf
alias.conf          authn_file.load   autoindex.conf   dav.load      dir.conf      filter.load  negotiation.conf  proxy_balancer.load  reqtimeout.conf     slotmem_shm.load    status.load
alias.load          authz_core.load   autoindex.load   dav_svn.conf  dir.load      mime.conf    negotiation.load  proxy.conf           reqtimeout.load     socache_shmcb.load  suexec.load
~# ls -l /usr/lib/apache2/suexec-custom
-rwsr-xr-- 1 root www-data 26696 Oct 15 19:53 /usr/lib/apache2/suexec-custom

Hi,

Start looking at:

Once you don't have packages apache2-suexec and apache2-suexec-pristine installed, which is good (you only need apache2-suexec-custom in your case), I would look at:

.. and made sure that suexec document root and the suexec userdir suffix really set to /home and public_html accordingly, like this:

/home
public_html

Re /var/log/apache2/suexec.log it's empty.

In the rotated log /var/log/apache2/suexec.log.1 the last entry was a few days ago -- when I upgraded Debian to buster.

Re /var/log/apache2/suexec.log it had public_html/cgi-bin rather than public_hml. I changed it to public_html and restarted apache but phpinfo.php still reports www-data as the user rather than the virtualhost's user.

Upon service apache2 restart /var/log/apache2/error.log shows:

What is the output of:

cat /etc/apache2/suexec/www-data

.. and

ls -lsa /etc/apache2/suexec/www-data

PS: In #11 above someone edited my markup to remove the code tag and replace it with a superior tag rendering as a scrolling text block. I tried to edit that comment to see what markup tag was used but was not permitted to edit. What is that markup? I didn't see it documented in "More information about text formats(?)".

It would also be useful:

1. Did it ever worked for you?
2. If it did, what have you done prior to that, when it stopped. (like enabled some feature, run updates and etc)

Since this problem appeared when I upgraded the Debian version to Buster, and Buster is not yet supported by Virtualmin, I think it best that I just suss this out myself. Thanks for the help you've provided so far.

We support Debian 10 officially by the way.

You are welcome. Have you just tried going to Website Options and trying toggling PHP modes, right? Does it work for you, by the way?

I expect that you have libapache2-mod-fcgid module installed but that is obvious.

For the future always start a new issue instead of commenting on the old one. Many times I checked the initial post for OS version, which is Ubuntu 16.04 and it made very confused.

While creating an issue for support, Debian 10 is not offered as an option.

Hi, I encountered an identical problem while setting up virtualmin on a raspberry pi buster. I noticed that php engine is disabed by default in public_html/

I changed that in /etc/apache2/mods-enabled/php7.3.conf and it worked (at the end, comment those directives as the comments say there)

Also, i still get this error after adding a new server, even if suexec apache module is enabled in webmin

"SuexecUserGroup configured, but suEXEC is disabled: Missing suexec binary /usr/lib/apache2/suexec"

but a workaround to this was to edit the conf of the domain in /etc/apache2/sites-available and remove the SuexeUserGroup line, and it worked, but i am not yet aware of the implications of this change.

Hope this helps someone ps. its first time in my life i setup a webserver with webmin/virtualmin so if i am missing something obvious here i appologise

I faced similar problem using raspberrypi 4b, and solved it using what was suggested by @maxlumnar above. However, it would be great if someone can elaborate more on the implications or provide an alternate solution. One possible problem that could be faced is if there are different user accounts in the system, as mentioned in this link: https://community.bitnami.com/t/how-to-enable-suexec/49300/4

That change might enable PHP, but run is as the apache user instead of the domain owner. This works, but has security implications on a shared hosting system.