Suexec and Apache: A Tutorial Page 6

By Ken Coar (Send Email)
Posted Jul 12, 2000

and then restart the Apache server. Doing any one of these will render the suexec facility unusable, and Apache won't even try to involve it. To verify that your action has had the desired effect, verify (if you're running Apache 1.3.11 or later) with the "/usr/local/web/apache/bin/httpd -l" command. If the output says suexec is enabled, you haven't done enough yet.

Testing Your Installation

The simplest way to verify that suexec is functioning properly is to install a script that will tell you the username under which it's being invoked.

    # cd /usr/local/web/apache/cgi-bin/
    # cat > showuser.cgi << EOS
    #!/bin/sh
    echo "Content-type: text/plain"
    echo ""
    echo "Username="'whoami'
    EOS

    # chmod 755 showuser.cgi
    # chown user1.group1 . ./showuser.cgi

(By calling it "showuser.cgi" you can copy it directly into a user's directory without having to rename it. Filename extensions on scripts in ScriptAliased directories are ignored, so it does no harm to keep the .cgi extension.)

Note that the cgi-bin/ directory isn't under the DocumentRoot, which is why the --suexec-docroot value was bumped up one level--that way it covers both the ServerRoot (including the cgi-bin/ directory) and the DocumentRoot.

Since there are two ways in which suexec can be invoked, you should test both of them:

Server-wide suexecution: First, create a <VirtualHost> container (or use an existing one) in your server configuration files, and add User and Group directives to it. Pick some username and group that are different from the normal server user. Next, make sure that you have a ScriptAlias directive that points to the directory where you put your test script. Next, make sure that the cgi-bin/ directory and the test script are owned by the user and group you've chosen, and are mode 755. Finally, (re)start the Apache server and request the test script with some URL like <URL:http://myvirtualhost/cgi-bin/showuser.cgi>. If you get an error, examine the server error log and the suexec log.

User directory suexecution: To test that suexec will properly handle a CGI script in a user's directory, copy your showuser.cgi script into that user's public_html/ directory, make sure that both the script and the public_html/ directory itself are mode 755 and owned by the user, and then request the script with a URL such as <URL:http://myhost/~user/showuser.cgi>. If you get an error page, look at the Apache and suexec logs.

Debugging

Debugging a suexec problem can be frustrating, particularly since almost any problem with a CGI script in a suexec-enabled environment turns out to be related to the wrapper.

Page 6 of 9

Previous Page 1 2 3 4 5 6 7 8 9 Next Page

IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD

Which topic are you interested in?

Mobile

Security

Networks/IoT

Cloud

Data Storage

Applications

Development

IT Management

Other

What is your company size?

What is your job title?

What is your job function?

Searching our resource database to find your matches...

0 Comments (click to add your comment)

Advertiser Disclosure: Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.

Thanks for your registration, follow us on our social networks to keep up-to-date