suexec

[bdraco]

I\'m trying to get an idea of what breaks when suexec is turned on. Any comments would be helpful.

[bdraco]

I know frontpage and cgi-sys don\'t work and I can hack around that problem. However I\'d like to know if there is anything else anyone can think of ..

[MrHits]

My experience.... due to an unforunate mis-type of the keyboard..

1) all shopping carts cease working until you execute \"fixcartwithsuexec\"

2) yes.. cgi-sys which affects the coutners.. banner rotators...FormMail..etc

3) For whatever reason, scripts that call server applications such as sendmail, mysql, or any other application not owned by them cease to function.

Suggestions:

Make a \"suexec off\" script.

Otherwise, the same problem I had, might happen to others:

My story....

After suexec is turned on. There is no going back. (at least for me)

If you try and turn suexec off, by commenting out all the Group/User additions from the httpd.conf file, every time a new account is created, all of the User/Group entries are re-added again.

Fine...so figure out what is addig this entry..logically, it would be wwwaccct

Bingo...

Comment out the system call that calls initsuexec in wwwacct.

Excellent..that worked...BUT!

When mysteriously, wwwacct was recreated by some kind of daemon. The server knew i chagned the file, and it repaired itself :-(

So.. next step,


cat /dev/null>/scripts/initsuexec

oh no.. this file keeps recreating itself..
FINE, we have to get nasty:

LOCK initsuexec to preven ANYTHING being written to it.

chattr +i /scripts/initsuexec

Excellent. Now User/Group is not added to httpd.conf anymore. And even though wwwacct keeps getting re-written, nothing can be written to initsuexec, which is fine with me.

Maybe there was an easier way, and I just did not know what it was.

Thanks Bradco,
cpanel has made my life eaier, its an awesome application.

- Jeremy



[Edited on 12/16/01 by MrHits]

[Edited on 12/16/01 by MrHits]

[bdraco]

everything should be fixed except for the cart .. but that can be fixed with the script.

[moronhead]

Nick, [quote:a1466b1762]everything should be fixed except for the cart .. but that can be fixed with the script.
[/quote:a1466b1762]
Do you have any timing on fixing this stuff?

Will PHP scripts be affected by suexec (when creating directories and files through a script for example)? Just now, the scipt creates the files as nobody.

[Gadget]

suexec does not affect php at all, nor does it limit or control it.

[pfmartin]

cgi-sys scripts are not working for me. Do I need to do anything to get them to work? What\'s the hack mentioned above to get around this? I see a script fpsuexec. Is this supposed to fix the cgi-sys problem?

[pfmartin]

By the way, if you install the new apachebuild.sea, even if you do not run initsuexec, the suexec is started. I did not want to enable SUEXEC, but the apachebuild did it for me. FYI, beware.

[pfmartin]

Had to disable all suexec because burst didn\'t have a fix for it when i called. The quickest way to disable it is to remove the suexec binary. Look at the apache startup log. You should see:

[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)


Simply rename suexec to something else. That will turn it off.

[bdraco]

You should no longer have to use the fixcartwithsuexec for new cart installs. Just going to the cart in the users cpanel will also fix the cart with suexec.

-Nick

[WildWayz]

Thank you SO much MrHits!

--James

[feanor]

Just FYI on this thread :

On most machines, I still have FrontPage with \"security violations\".... \"blah de blah target program is not secure\"... and YES that is after running the FPsuexec patches, etc.

And, the interchange cart still yields \"Internal Server error, explicitive explicitive\"..... FUN.
That is after running the fix cartwithsuexec saviour script and after restarting interchange/apache.

So basically, I don\'t think that Frontpage/Interchange is anywhere near workable with suexec, unless I am doing something wrong/missing a step.

[dzevad]

I have suexec enabled and Front page is working ok, and interchange too (i don\'t even have to run fix script). I have latest fp-update5.sea and apacheasp.sea installed. So it works . Thing is to find out what breaks on your server.

Dzevad

[feanor]

Yea- I have better luck on some machines than others. What are the exact specs of that particular box that things are running flawlessly on?

What exact flavor of Redhat/Mandrake? What kernel? If you are using the latest apache_upgrade.sea , then you have apache version 1.3.22 right?

I realize these things have zer0 bearing for the most part I am just curious, trying to find a common theme or two.

Thanks.

[dzevad]

Red Hat 7.1
Kernel 2.4.2-2
Apache 1.3.22
suexec working
I first installed buildapache.sea then fp-upgrade5.sea then apacheasp.sea
and i didn\'t do any customization on it.