Hi

I just recompiled my apache with suexec support, when i did the ./configure for apache, i included these "switches" or whatever

-enable-suexec --suexec-logfile=/var/log/suexec_log

So then i went to /home/bd/public_html/cgi-bin
created a test.cgi file that had this in it:

#!/usr/bin/perl

print "Content-Type: text/html\n\n";
print "<B>What's your id</b>\n";
print "<pre>";
system('id');
print "</pre>";

But it says uid=99(nobody) gid=4294967295 groups=4294967295

cs:/home# ll /home/bd/public_html/cgi-bin/test.cgi
-rwxr-xr-x 1 xsweb xsweb 133 Mar 10 03:58 /home/bd/public_html/cgi-bin/test.cgi

I want it so the id is xsweb

What am i doing wrong? can anyone help?

okay
For that domain / for that virtualhost directive in httpd.conf

I put

User xsweb
Group xsweb

then i restarted the webserver
now the error_log says:
[Sun Mar 10 05:55:51 2002] [error] [client 24.141.23.15] Premature end of script headers: /home/bd/public_html/cgi-bin/test.cgi

When visiting the page i get
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, root@cs.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Hi,

Try this in the configuration when compiling Apache:

--enable-suexec --suexec-caller=nobody --suexec-docroot=/home --suexec-userdir=public_html --suexec-safepath=/usr/local/bin:/usr/bin:/bin --suexec-logfile=/var/log/suexec_log

Making sure the global user and group for Apache is nobody, or matches whatever user and group you set it at. The above will make it so CGI will work anywhere in the user's own home directory path, not just in their public_html web root -- after all, many people use script alias directories out of the web root for security reasons (so you'll want to keep that open). Also, check your permissions not only on the CGI script itself, but the directory it's in (i.e., if the directory is set to 777 or something, SuEXEC will refuse to execute the script [the reason; It knows that due to the permissions of the directory alone, that other user's would be able to upload files to that directory, not just the user that owns it]).

Of course, follow the regular CGI rules too, such as the permissions, proper headers and creating it online with an editor or uploading it in ASCII mode -- and assuming it was all compiled and configured properly to run CGI (with SuEXEC too), it'll have no reason to fail. Once you do this, you can also test out lower permissions -- i.e., start setting scripts to 700, instead of 755, and directories it reads, writes to and creates files (or other directories in) to 700 as well. Finally, it looks like the user, by the /home/username path is actually "bd", not the "xsweb" user/group you put in the Vhost -- it has to match the account owner's user (and group) name. If you do have that as the actual username and just use "db" for their directory, then it's fine though.

hmm.

What if my websites are

/home/sites/set1/domain.com/htdocs/cgi-bin

All the websites are /home/sites/set1/*/htdocs ?

What would the docroot be?

ive tried:
/configure --enable-module=ssl --enable-module=most --enable-module=so --enable-suexec --suexec-caller=nobody --suexec-docroot=/home/sites/set1 --suexec-userdir=htdocs --suexec-safepath=/usr/local/bin:/usr/bin:/bin --suexec-logfile=/var/log/suexec_log --activate
module=src/modules/php4/libphp4.a --prefix=$prefix/apache

Ive also tried docroot=/home
and /home/sites

but anyway
The site is:
www.ppforums.com/cgi-bin/test.cgi

located:
/home/sites/set1/ppforums.com/htdocs/cgi-bin/test.cgi

[root@sandton cgi-bin]# cat /home/sites/set1/ppforums.com/htdocs/cgi-bin/test.cgi
#!/usr/bin/perl

print "Content-Type: text/html\n\n";
print "<B>fusion status.</b>\n";
print "<pre>";
system('id');
print "</pre>";

#!/usr/bin/perl

print "Content-Type: text/html\n\n";
print "<B>fusion status.</b>\n";
print "<pre>";
system('id');
print "</pre>";



Still says nobody though.
Can anyone help?

Well, if it's saying it's the user nobody, it's running, so that's good. The configuration using the path where your user's directories are, seems right by what you said -- so yes, make that change. The wrong path with SuEXEC (and with SuEXEC enabled, as well as the user and group, that is) will produce errors. If the CGI script works, then you likely only have a few things that will cause it to run as nobody still. I am assuming that you didn't put in the user and group directives in with ppforums.com virtualhost block? Afer all, if you did, the script will not run as nobody.

I.e.;

<VirtualHost ppforums.com>
.. stuff...
User ppforums.com
Group ppforums.com

(or whatever that site's user and group is).


... blah...
</VirtualHost>


Then stop and restart Apache and it will either work with their username, or it'll error due to permissions, paths, etc. If you don't put in the user and group for SuEXEC to see, it will run the scripts as the web server's global user still. If you make that change and get errors on the script, then you know changes are being read -- and to check the ownership and permission of the CGI script and the directory it's in, and then you should be set.