LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-18-2004, 05:28 PM   #1
codedv
Member
 
Registered: Nov 2003
Location: Slough, UK
Distribution: Debian
Posts: 146

Rep: Reputation: 15
Angry Apache 2 Suexec PHP and Virtual Hosts


Before I installed Debian I used to have my Apache server set up as follows with three virtual hosts:

VHOST1: Local Intranet
VHOST2: WWW Server
VHOST3: WWW Server with SSL

I had PHP configured and working on all three Virtual Hosts using the suexec wrapper. Each Virtual Host had its php.ini file so I got around this problem by using a bash script to execute the PHP binary with my desired php.ini file.

All this aside I have now put Apache and PHP on my new Debian server. The suexec wrapper appears to be working fine and I can execute simple shell scripts. However, when I came to test PHP it dumped the contents of the script in my browser.

I then placed a copy of the actual PHP binary in my cgi-bin and attempted to request my PHP page again. This time however, it dumped the entire contents of the PHP binary into my browser.

PHP is working becuase calling the PHP binary directly gives me the old force-cgi-redirect error message. It just appears that Apache or suexec are refusing to execute PHP. I am completely bewildered by this problem. Here is a copy of my virtual host config:
Code:
# local network (intranet)
<VirtualHost 192.168.0.2:80>
     SuExecUserGroup phplocal phplocal

     DocumentRoot "/home/web/local/htdocs"

     ErrorLog logs/delves_s-error_log
     CustomLog logs/delves_s-access_log common env=!attack-attempt

     # cgi config
     ScriptAlias /cgi-bin/ "/home/web/local/cgi-bin/"


     # php cgi config
     AddType application/x-httpd-php .php
     Action application/x-httpd-php /cgi-bin/php


     <Directory /home/web/local/cgi-bin>
          Options +ExecCGI
          AllowOverride none

          Order allow,deny
          Allow from all
     </Directory>
</VirtualHost>
Any suggestions on what is causing this would be gladly welcomed. I have probably missed something really simple
 
Old 02-20-2004, 06:06 PM   #2
codedv
Member
 
Registered: Nov 2003
Location: Slough, UK
Distribution: Debian
Posts: 146

Original Poster
Rep: Reputation: 15
I am still tearing my hair out over this problem. I've performed a series of tests to try and narrow down the exact cause and these are as follows:
  • Firstly I needed to find out whether or not suexec was causing the problem. I wrote a short bash script which is below:
    Code:
    #!/bin/sh
    
    # output a header
    echo Content-Type: text/html
    echo
    echo
    
    # print the environment variables which have been set
    echo environment:
    echo
    env
    I called this script testsuexec and navigated to it directly from the browser http://192.168.0.2/cgi-bin/testsuexec. It appears that after running the script suexec does clear all of the environment variables. The output of the env command is blank.
  • From the first test it appeared that suexec may be causing the problem. So I deleted the following line from the the virtual host configuration:
    SuExecUserGroup phplocal phplocal
    I then attempted to navigate to the cgi script testsuexec again and I got the following output:

    environment:

    SERVER_PORT=80
    GATEWAY_INTERFACE=CGI/1.1
    PWD=/home/web/local/cgi-bin
    HTTP_USER_AGENT=Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040206 Firefox/0.8
    HTTP_VIA=1.1 delves-s:8080 (squid/2.5.STABLE4)
    REMOTE_PORT=2266
    HTTP_HOST=192.168.0.2
    HTTP_CONNECTION=keep-alive
    SERVER_PROTOCOL=HTTP/1.0
    HTTP________________=
    SERVER_ADDR=192.168.0.2
    SCRIPT_FILENAME=/home/web/local/cgi-bin/testsuexec
    HTTP_KEEP_ALIVE=300
    SCRIPT_NAME=/cgi-bin/testsuexec
    REMOTE_ADDR=192.168.0.2
    QUERY_STRING=
    HTTP_PRAGMA=no-cache
    SERVER_SIGNATURE=Apache/2.0
    SERVER_NAME=192.168.0.2
    HTTP_CACHE_CONTROL=no-cache, max-age=259200
    SHLVL=1
    HTTP_ACCEPT=text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/gif;q=0.2,*/*;q=0.1
    REQUEST_URI=/cgi-bin/testsuexec
    HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5
    DOCUMENT_ROOT=/home/web/local/htdocs
    REQUEST_METHOD=GET
    HTTP_X_FORWARDED_FOR=192.168.0.3
    PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin
    HTTP_ACCEPT_CHARSET=ISO-8859-1,utf-8;q=0.7,*;q=0.7
    SERVER_SOFTWARE=Apache/2.0
    _=/usr/bin/env
  • I then copied the PHP CGI binary to my cgi-bin directory and attempted to request it directly through: http://192.168.0.2/cgi-bin/php and received the following output:

    Security Alert! The PHP CGI cannot be accessed directly.

    This PHP CGI binary was compiled with force-cgi-redirect enabled. This means that a page will only be served up if the REDIRECT_STATUS CGI variable is set, e.g. via an Apache Action directive.

    This confirmed the PHP cgi was working.
  • I then went on to parse a simple PHP script containing one line:
    <?php phpinfo(); ?>
    and requested it through the browser http://192.168.0.2/phpinfo.php
    On requesting this page, the entire PHP binary was delivered to my browser. So the problem still persists.
  • Next I tried to establish exactly what was going on and why instead of the php cgi being executed - it was in fact sent to my browser. To do this I created another shell script and called it testphp:
    Code:
    #!/bin/sh
    
    # send the header through
    echo Content-Type: text/html
    echo
    echo
    
    # call php directly and do nothing else
    /usr/local/bin/php
    I changed the Action directive in my virtual host configuration to the test script:
    Action application/x-httpd-php "/cgi-bin/testphp".

    Then I requested the page http://192.168.0.2/phpinfo.php from my browser and got the following output:
    Code:
    Content-type: text/html
    X-Powered-By: PHP/4.3.4
    
    
    # send the header through
    echo Content-Type: text/html
    echo
    echo
    
    # call php directly and do nothing else
    /usr/local/bin/php
    INTERESTING: The cgi script has been executed along with PHP. However, PHP has parsed the actual cgi script. Shouldn't it be the phpinfo.php script which is parsed by PHP???
  • Finally I wrote a short C program which would tell me how many command line argument's Apache is passing to the cgi script and relay any data from stdin to stdout. The program is as follows:
    Code:
    include <stdio.h>
    
    int main (int argc, char * argv[])
    {
      int x, c;
    
      puts ("Content-Type: text/html\n\n");
    
      printf ("Number of command line arguments: %d\n\n", argc);
    
      for (x=0; x < argc; x++)
        printf ("Argument %d: %s\n", x + 1, argv[x]);
    
      puts ("\nStdin:\n");
    
    
      while ((c = getchar()) != EOF)
      {
        putchar (c);
      }
    
      return 0;
    }
    I compiled the program and called it testcgi and changed the Action in my virtual host configuration:
    Action application/x-httpd-php "/cgi-bin/testcgi"

    I then requested the same phpinfo.php script from the browser and got the following output:
    Code:
    Number of command line arguments: 1
    
    Argument 1: /home/web/local/cgi-bin/testcgi
    
    Stdin:
    There was no input at stdin. Isn't Apache ment to send the phpinfo script to stdin????
I am still completely baffled by this problem. I'm not really sure whether it is down to Apache or PHP. I've spent the past two days trying to figure out what is causing and I am still at square one.

If anyone can help in anyway or give me any ideas I would be most grateful.
 
Old 02-26-2004, 04:56 PM   #3
codedv
Member
 
Registered: Nov 2003
Location: Slough, UK
Distribution: Debian
Posts: 146

Original Poster
Rep: Reputation: 15
I have found the cause of the problem. As it appears no one else knew what was wrong I'll post what I found out for future reference.

When compiling PHP as a CGI specifying the --enable-discard-path configure option breaks the CGI binary. After recompiling PHP and omitting this option it worked fine.

I use PHP 4.3.4 - I'm not sure whether the same problem occurs when compiled for servers other than PHP or on other non unix operating systems.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
Apache, suexec and virtual hosts :\ chibi Linux - Software 1 05-02-2005 12:17 PM
PHP include() file paths in Apache virtual hosts tawalker Linux - Software 0 09-23-2004 02:16 PM
Webmin Vitualmin SUEXEC Apache Virtual Named Based Server Setup Questions ? Confused! wishiwas Linux - Software 0 12-02-2003 09:47 PM
Apache Virtual Hosts gbg Linux - Software 4 10-02-2003 08:35 AM


All times are GMT -5. The time now is 06:27 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration