Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian 3.x & Fedora Core 3, Debie on IBM Thinkpad
Posts: 68
Rep:
problems with enablin SUexec w/ apache
Hi,
I just upgraded tp apache 2.5 from 1.3 and found out that my virtual sites do not work properly. When I try starting the httpd, I get:
User cannot occur within <VirtualHost> section.
I found out that Suexec is disabled by default.
I did a lilttle research on how to enable it, but got lost. I believe that I have to reinstall the package, is this true?
When I look at the apache 2.5 package, I see that there are suexec files, how can I insstall these without recompiling everything?
Following is taken from my httpd.conf file:
NameVirtualHost *:80
<VirtualHost *:80>
User "#1152"
Group "#1014"
ServerName virtuser.com
ServerAlias www.virtuser.com
DocumentRoot /home/virtuser/public_html
ErrorLog /home/virtuser/logs/error_log
CustomLog /home/virtuser/logs/access_log common
ScriptAlias /cgi-bin/ /virtuser/bdavis/cgi-bin/
<Directory /home/virtuser/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks
</Directory>
</VirtualHost>
I am also wondering why I have httpd is running with version 2..xx, whereas I used to have apache runnig when I used to have apache 1.3 ?
PS: I am using Debian 3.x...
I will appreciate any suggestion, thanks...
Distribution: Debian 3.x & Fedora Core 3, Debie on IBM Thinkpad
Posts: 68
Original Poster
Rep:
This is me again,
I found this link on how to enable suexec, http://httpd.apache.org/docs-2.0/suexec.html ;however I do not understand the configuring and installing part, WHEN and WHERE do I do this?
Couple of things... Apache is currently at 2.0.53.... not 2.5.
Next... it's not "user" and "group". The directive you want is...
SuexecUserGroup username group
So you just need this one line added to your virtualhost section. Just change the username and group to whatever you want.
Once you have added the directive, you should be able to start apache. Once you do, check to see if you have a "suexec" log. It should be under /var/log, or somewhere else if you have specified an alternate location in your config file. Checking the log, you should see any problems listed. When you successfully execute a script on your website, you should see the name of the script, the user, and the group showing up in the suexec log, or you'll see an error instead.
Distribution: Debian 3.x & Fedora Core 3, Debie on IBM Thinkpad
Posts: 68
Original Poster
Rep:
Donboy,
Sorry, could not reply earlier coz I was at school, appreciate your reply though..Also, I should admit I was sluggish about versioning apache..
Okay,
when I do
SuexecUserGroup nameofthegroup nameoftheuser
if I try to start/stop the apache server, I get error similar to SuexecUserGroup is mispelled..
As I am new to linux world, I am thinking that SuexecUserGroup belongs to a module, which should have been loaded, so right after loading php module I added:
After editing the conf file as above, I could not even save the file to exit it as I gave errors about the module doesnot belong usr/lib/apache2/modules/mod_suexec.c file and/or class...
I think the cause of the error message is that I never enable the module so the server can load..Again if so, how do I enable it?
Please correct me if I am wrong..
Instead of loading, should I have done something similar to adding type as following??
You'll note the last one.... mod_so.c which is arguably the most valuable. The reason is because it allows you to include new modules using the config file instead of having to compile them into the base package using configure/make/make install. My assumption is that you DONT have this included in yours.
If that's the case, then you'll want to run configure/make/make install again and be sure to enable mod_so during this step. All you really need to enable are the ones I've listed in my example above. If you enable any others, they will be statically compiled into the apache binary. While this will make your apache binary faster and lighter it will also make it harder to add/remove these modules later becasue you'll have to run configure/make/make install again, which is a royal pain.
My advice would be to include any modules you MUST have (like mod_so and the suexec module) and compile them into the apache binary. The rest, you can plan to include "dynamically" using statements added to the config file.
You can look here for the different options you can give your configure command.
the suexec caller is the user apache will use in the event that none is specified in your httpd.conf file. The docroot is the part of your tree you want governed by suexec. /home makes sense because normally you probably want to have user's home directories running suexec'd files. The uid and gid minimum are the lowest ID's on the system who are allowed to call suexec. So if you have users beginning at user #500 on your system, you can set this for 500 and all the rest are assumed to be "system" accounts that were created for other purposes and will not be running suexec'd files.
Hmmm... the only thing I can figure is your user and group needs to be the actual username and groupname instead of their numeric ID's. The User comes first and the group second.
Either that, or your module isn't found at the location you specified.
Distribution: Debian 3.x & Fedora Core 3, Debie on IBM Thinkpad
Posts: 68
Original Poster
Rep:
I try their actual user and group name, no luck...
As for module not being loaded from a specified location, I tried:
less /usr/lib/apache2/modules/mod_suexec.so
"/usr/lib/apache2/modules/mod_suexec.so" may be a binary file. See it anyway?
Does that mean that I have the location??
Also, I do not know if mentioned this earlier or not, but I have apache 1.3.xx laying around the server, do you think it is interfering with anything I am doing here..
Let's say that all fails, I would like to remove all apache related stuff and reinstall it again, but I do not want to lose any of the public_html dirs under home.. How would I do this??
Thanks again....
The two versions sitting on the same machine should not interfere with each other. And it looks like everything is where it belongs.
Did you actually run the configure command again? Or did you just add the module lines to the config file only?
Removing the old apache will not remove your public html directories.
Remind me again... what is the error you're getting? I looked up earlier in the thread but I didn't see it. Are you getting an error when trying to start apache? You should check all of your apache error logs and see what errors are being given when you try to start.
Distribution: Debian 3.x & Fedora Core 3, Debie on IBM Thinkpad
Posts: 68
Original Poster
Rep:
Hey there,
"Did you actually run the configure command again? Or did you just add the module lines to the config file only?">>>>>>>
I just added the lined to conf file..I am sure this is not the way it supposed to be...
After I added the above mentioned lined to the conf file, I tried restarting the server, but I got:
Syntax error on line 1036 of /usr/local/conf/httpd.conf:
Invalid command '--enable-suexec', perhaps mis-spelled or defined by a module not included in the server configuration
Above is the only error I can find..
Thanks in advance again..
Obviously I am doing something wrong, but I feel that I am almost there..
When you say --enable and alike commands go with --configuire command for apache, how do I do this at this point? Is it possible??
Thanks again..
(notice all of the lines end with a slash except the last one. This is so we continue the same command on subsequent lines)
But the deal is... there could be a LOT more statements you need to add to this configure line. You probably need to look at the link I provided here...
and see if there are any statements you need to add or remove. I know this sucks having to read all of these, but it's better to know what you're doing instead of just taking the defaults. By getting specific, you can better secure your system by not enableing things you will never use. You are going to open port 80 on your box. This means, ALL of apache is available to public scrutiny. So you should disable as much of this junk as possibile so you're running only what you need. Just my opinion and advice.
Anyway, run apachectl -l again to see what modules you have included. You can adjust your configure statement to get the desired results.
When you've run the ./configure command with all of those arguments, then run make, make install and you're in business.
Distribution: Debian 3.x & Fedora Core 3, Debie on IBM Thinkpad
Posts: 68
Original Poster
Rep:
I am game, finally
Donboy,
THanks a million for your help, only after your tips and tricks I understood what I was doing..
The whole apache manual began to make sense..thanks again..
I have the same error
Warning: SuexecUserGroup directive requires SUEXEC wrapper
Just I rent a VPS with debian and VHCS Control Panel. By default suexec is disabled.
I put in virtual host definition something like
SuexecUserGroup vu2001 vu2001
After I put
In /etc/apache2/mods-available I found suexec.load and I put a symlink in /etc/apache2/mods-enabled suexec.load contain:
LoadModule suexec_module /usr/lib/apache2/modules/mod_suexec.so
Also I found /usr/lib/apache2/suexec2
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.