- 1 Heptio Debuts Gimbal Kubernetes Load Balancer Project
- 2 Spectre and Meltdown's Critical Impact on Cloud Providers and Customers
- 3 Tips and Tricks for Detecting Insider Threats
- 4 Red Hat Enterprise Linux 7.5 Debuts with Improved Server Admin Features
- 5 Opportunity Lost: Enterprises Could Slash Cloud Costs by 36 Percent
Suexec and Apache: A Tutorial Page 6
suexec
facility unusable, and Apache won't even try to involve it.
To verify that your action has had the desired effect, verify (if you're
running Apache 1.3.11 or later) with the
"/usr/local/web/apache/bin/httpd -l
" command. If
the output says suexec
is enabled, you haven't done enough yet.
Testing Your Installation
The simplest way to verify that suexec
is functioning properly
is to install a script that will tell you the username under which it's being
invoked.
# cd /usr/local/web/apache/cgi-bin/ # cat > showuser.cgi << EOS #!/bin/sh echo "Content-type: text/plain" echo "" echo "Username="'whoami' EOS
# chmod 755 showuser.cgi # chown user1.group1 . ./showuser.cgi
(By calling it "showuser.cgi
" you can copy it
directly into a user's directory without having to rename it. Filename
extensions on scripts in ScriptAlias
ed directories are ignored, so
it does no harm to keep the .cgi
extension.)
Note that the cgi-bin/
directory isn't under the DocumentRoot,
which is why the --suexec-docroot
value was bumped up one
level--that way it covers both the ServerRoot (including the
cgi-bin/
directory) and the DocumentRoot.
Since there are two ways in which suexec
can be invoked, you
should test both of them:
- Server-wide
suexec
ution - First, create a
<VirtualHost>
container (or use an existing one) in your server configuration files, and addUser
andGroup
directives to it. Pick some username and group that are different from the normal server user. Next, make sure that you have aScriptAlias
directive that points to the directory where you put your test script. Next, make sure that thecgi-bin/
directory and the test script are owned by the user and group you've chosen, and are mode 755. Finally, (re)start the Apache server and request the test script with some URL like<URL:http://myvirtualhost/cgi-bin/showuser.cgi>
. If you get an error, examine the server error log and thesuexec
log.
- User directory
suexec
ution - To test that
suexec
will properly handle a CGI script in a user's directory, copy yourshowuser.cgi
script into that user'spublic_html/
directory, make sure that both the script and thepublic_html/
directory itself are mode 755 and owned by the user, and then request the script with a URL such as<URL:http://myhost/~user/showuser.cgi>
. If you get an error page, look at the Apache andsuexec
logs.
Debugging
Debugging a suexec
problem can be frustrating, particularly
since almost any problem with a CGI script in a
suexec
-enabled environment turns out to be related to the wrapper.