LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Struggling to set up suexec (https://www.linuxquestions.org/questions/linux-newbie-8/struggling-to-set-up-suexec-882580/)

andrew111 05-25-2011 02:56 AM
Struggling to set up suexec
 
Having difficulties in figuring out how to set suexec up on my debian lenny - for the purpose of allowing users to to run their own php without compromising security of others. I have installed and enabled mod_fcgid etc and everything is running fine thru fast cgi ().

My problem is that I am not sure what I have done/not done correctly with setting up suexec. Most of the articles I came across described how to set it with virtual hosts. My structure is this: 1 virtual host (actually I have a couple of other smaller sites on here but I could shift them off if I need to so irrelevant), and several user directories under this. e.g. http://virtualhostname/username/index.php etc. In actual fact ideally I would like to protect the files in the username directory and add an uploads subdirectory but am guessing that might not be possible. The reason being this is a SAAS type system and the username directories contain a few config files etc that users really shouldn't be able to get at - as well as symbolic links to appropriate php scripts that run the application.

I have also installed mod_userdir and it is working fine i.e. if within my virtualhost config I set UserDir to /var/www/virtualhostname/*/uploads, the request http://virtualhostname/~username will display the contents of /var/www/virtualhostname/username/uploads - hence I think the only thing I am missing is somehow getting suexec in on it. I have enabled suexec but am guessing their are some settings I need to adjust before it will work with this structure - if it will work with this structure? Or do I need to somehow set this up under /home/user/public_html?

Following another debian example I installed apache2-suexec-custom also - not sure if I was meant to uninstall anything else first. I can't see anything about suexec in the logs so I don't think it is even trying to be started meaning my configuration is mucked up a bit I guess.

Any guidance would be much appreciated. 6pm here now in New Zealand but I will keep watching thru till midnight in the hope for a miracle cure.

Was kind of hoping that enabling suexec and mod_userdir would just let this work but nothing is ever that simple!

rustek 06-20-2011 07:10 AM
My log is in:
/var/log/apache2/suexec.log

In one of my virtualhost definitions I have:
SuexecUserGroup user1 user1

it is near the top and outside of any
Directory definitions.

user1's html dir is:
/home/user1/html

user1's cgi dir is:
/home/user1/cgi
chown user1:user1
chmod 705
all the cgi files are chown user1:user1 chmod 700

/home/user1
chown user1:user1
chmod 755

in the file /etc/apache2/suexec/www-data I have:
/home

The cgi files have to below /home in the dir tree.

suexe is really picky about permissions.
The log will help a lot!
It will tell you if it ran the cgi or why it didn't.

I only have one virtualhost setup using suexe and
it works correctly, all cgi's execute as user1
while all other users still run as www-data.

I have no experience with mod_userdir.
I hope you can adapt some of this to help in your setup.
Good luck.


All times are GMT -5. The time now is 09:51 AM.