I tried installing suexec by rebuilding apache and choosing the suexec option as one of the option installed in buildapache.sea. Everything was successful, but when I run the script from scgi-bin it kept telling me I need to choose a GID 99. Since i chmoded the script to nobody which had an GID 99 it should've worked. So i go to apache source tree and look for suexec.h and when i opened it, it looks like it was not even configured properly, meaning wrong userid, wrong dir. Nothing was poperly configured, and everything was commented out. So i ask, does using buildapache.sea install suexec support properly?

Hello,

I have used buildapache.sea w/ SuEXEC on a lot of servers and it works... However, you might want to look into 2 things:

1) In your httpd.conf file, look to see if your group directive is set to:
Group "#-1"
If so, change it to:
Group nobody

2) You don't need to use the scgi-bin anymore if you have SuEXEC installed since all scripts will now run under the user ID no matter where you put them. In fact, the scgi-bin might not even work anymore with SuEXEC since it is not needed.

In the virutalhost I have entires like:

User mod
Group mod

mod:mod is my user ane group.
What is the point of running the script as nobody? Wouldn't it defeats the whole purpose of SuEXEC since apache also runs as nobody.

Look at the group directive in the global values, not in the virtual host values.

The scgi-bin does not use the values in the virtual host section of the domain... It runs off the custom cgiwrap script at: /usr/local/cpanel/cgi-sys/scgiwrap

Thanking about it more... I bet is #2 is right, it just doesn't work anymore anymore with SuEXEC since there is no point in using it.

My /usr/local/cpanel/cgi-sys/scgiwrap has a bunch of weird characters which don't make any sense.

Yep, that script like most of the other CPanel scripts are compiled/encrypted or whatever CPanel does. If we could see the code, it would be a lot easier to fix these problems ourselves... However, then people would also seal the code.

Do you still have an entry like this in your httpd.conf file?
ScriptAlias /scgi-bin /usr/local/cpanel/cgi-sys/scgiwrap

If so, comment it out and restart Apache. Then try your script in the scgi-bin directory after you change the ownership back to the username of the account and chmod it 755.

One thing I don't understand is why MAILMAN effected by this? For some reason suexec includes the admin script from mailman, and basically the whole mailman tree. It should only be effecting files in /scgi-bin.

So is suexec.h some how involved in this?