suexec stuff cart.cgi etc...

[zex]

I have preaty hard head and
I decide to use suexec, after day of playing with it I was disapointed..
there was no way to use it with cpanel scripts becouse od script/dir mismatch.
Scripts are owned by user root and they are called by someuser and dir was owned by user cpanel...
Bloody mess...
And that didn\'t work suexec was not very happy with that situation and he didn\'t work...
I was not able to use even redirect.cgi
for www.domain.com/cpanel.


After few day\'s I decide that suexec will work and only if the sky fall on my head that will stop me from doing that.

So i decide to modify suecec code (Yes i saw README file of suexec) so i cut couple of suexec lines and add some stuff. After that suexec and cpanel are working beutiful.

Everything works just fine, until i notice that cart.cgi needs to be SUID? and off course apache suexec say\'s \"NOT in my backyard baby\" and cart.cgi does not work..
:D:D:D:D



I will be gratefull if someone explains me why cart.cgi needs to be suid and where that script need write permision, I mean in wich dir. I done have time to check that so if someone was already doing this please post you info\'s about that.

Tnx.
:D

 

[jumpdomain]

[quote:54605f40d1]So i decide to modify suecec code (Yes i saw README file of suexec) so i cut couple of suexec lines and add some stuff. After that suexec and cpanel are working beutiful.[/quote:54605f40d1]

Can you let us know what you added and removed to get suexec working with the CPanel supplied scripts? I know a lot of us would like to get suexec working on a CPanel server.

 

[bdraco]

Note: suexec is not a supported configuration.



/scripts/fixcartwithsuexec

 

[zex]

[quote:3081224b9d] By hacking the SuEXEC source code to work in a way it\'s not supposed to, means you have opened up a security issue, and likely a very, very large one. [/quote:3081224b9d]
Well not really i\'m aware of all problems that may come becouse of hacking suexec and after all kernel is modifyed to prevent all known attacks. But i know what are thinking when you say that security is compromised, but there was no other acceptable solution for me becouse cgi-sys scripts does not work execept if I copy all scripts to users dir(uneeded wasting of space). Oh btw by default suexec options DocumentRoot is set to \"/\". There is no other solution to make
scripts that are owned by user cpanel that are in dir wichis owned by root and group cpanel to be executed except removing that check and writing to logfile each such execution. After I was implement suexec that is modifyed by myself I dont have troubles with my users becouse of cgi\'s etc stuff.
I will post url after i make diff\'s of suexec that i modify so that you can see that is very simple. I\'m aware of all problems that may come becouse of playing suexec (that\'s why I\'m study suexec code for week) but this works for me better than SimpleCGI wrapper.

[quote:3081224b9d]To be blunt, if you hacked the SuEXEC code to allow user\'s to run scripts out of their own account directory, and even one\'s owned by root on top of that, then you have a large problem. [/quote:3081224b9d]
Nop users can\'t run root owned scripts, except that they can\'t go out from $HOME.