Suexec and Apache: A Tutorial Page 7
suexecproblem is a request for a CGI script that results in a '500 Internal Server Error' page. The appropriate response behaviour to such an error is to look in the server's error log. Unfortunately, because the wrapper is applying its own restrictions and rules on the script, the server log may be quite unrevealing, containing only a single line such as the following for the failed request:
[Sun Dec 26 20:02:55 1999] [error] [client n.n.n.n] Premature end of script headers: script
The real error message will be found in your
(which is located at
according to the assumptions section of this
suexec error message may look like this:
[1999-12-26 20:02:55]: uid: (user/user) gid: (group/group) cmd: test.cgi [1999-12-26 20:02:55]: command not in docroot (/home/user/public_html/test.cgi
Here are a couple of other common
directory is writable by others: (path)
target uid/gid (uid-1/gid-1) mismatch with directory (uid-2/gid-2) or program (uid-3/gid-3)
If it's still not clear what's going wrong, review the list of requirements and make sure they're all being met.
"Danger, Will Robinson!"
suexec-enable your Apache Web server, a lot of
CGI scripts in
ScriptAliased directories will be executed under the identity of the username specified in the
CGI scripts in user directories (as specified by the
USERDIR_SUFFIXdefinition, set by the
--suexec-userdiroption) will be executed as the owning user if and only if
the script was requested using the
- all of the ownership and permission requirements are met
~usernameURL format is used but the permissions/ownerships aren't correct, the result will be a '500 Internal Server Error' page, not the script being executed by the server user as in a non-
- the script was requested using the
CGI scripts in all user directories accessed through
~usernameURLs will go through the
suexecprocess--even those that you didn't consider or expect.
One effect of these changes is that previously-functioning user scripts may
suddenly begin to fail, giving the visitor the fatal '500 Internal Server
Error' page, and giving you, the Webmaster, an unrevealing
Premature end of script headers" message in the server
error log. This is where it becomes easy to get frustrated by simply forgetting
to check the
suexec error log.
Another aspect of the use of
suexec is that, if you have
virtual hosts with different
they cannot share
ScriptAliased directories--because one of the
requirements is that the script and the directory must be owned by the user and
suexec is being told to use. So you may have to duplicate a
lot of your
cgi-bin/ stuff into per-vhost directories that
are owned and protected appropriately.
Frequently Asked Suexec Questions
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...