The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

suexec

Discussion in 'General Discussion' started by bdraco, Dec 16, 2001.

  1. bdraco

    bdraco Guest

    I\'m trying to get an idea of what breaks when suexec is turned on. Any comments would be helpful.
     
  2. bdraco

    bdraco Guest

    I know frontpage and cgi-sys don\'t work and I can hack around that problem. However I\'d like to know if there is anything else anyone can think of ..
     
  3. MrHits

    MrHits Well-Known Member

    Joined:
    Oct 31, 2001
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    My experience.... due to an unforunate mis-type of the keyboard..

    1) all shopping carts cease working until you execute \"fixcartwithsuexec\"

    2) yes.. cgi-sys which affects the coutners.. banner rotators...FormMail..etc

    3) For whatever reason, scripts that call server applications such as sendmail, mysql, or any other application not owned by them cease to function.

    Suggestions:

    Make a \"suexec off\" script.

    Otherwise, the same problem I had, might happen to others:

    My story....

    After suexec is turned on. There is no going back. (at least for me)

    If you try and turn suexec off, by commenting out all the Group/User additions from the httpd.conf file, every time a new account is created, all of the User/Group entries are re-added again.

    Fine...so figure out what is addig this entry..logically, it would be wwwaccct

    Bingo...

    Comment out the system call that calls initsuexec in wwwacct.

    Excellent..that worked...BUT!

    When mysteriously, wwwacct was recreated by some kind of daemon. The server knew i chagned the file, and it repaired itself :-(

    So.. next step,


    cat /dev/null>/scripts/initsuexec

    oh no.. this file keeps recreating itself..
    FINE, we have to get nasty:

    LOCK initsuexec to preven ANYTHING being written to it.

    chattr +i /scripts/initsuexec

    Excellent. Now User/Group is not added to httpd.conf anymore. And even though wwwacct keeps getting re-written, nothing can be written to initsuexec, which is fine with me.

    Maybe there was an easier way, and I just did not know what it was.

    Thanks Bradco,
    cpanel has made my life eaier, its an awesome application.

    - Jeremy



    [Edited on 12/16/01 by MrHits]

    [Edited on 12/16/01 by MrHits]
     
  4. bdraco

    bdraco Guest

    everything should be fixed except for the cart .. but that can be fixed with the script.
     
  5. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    Nick, [quote:a1466b1762]everything should be fixed except for the cart .. but that can be fixed with the script.
    [/quote:a1466b1762]
    Do you have any timing on fixing this stuff?

    Will PHP scripts be affected by suexec (when creating directories and files through a script for example)? Just now, the scipt creates the files as nobody.
     
  6. Gadget

    Gadget Member

    Joined:
    Sep 4, 2001
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    suexec does not affect php at all, nor does it limit or control it.
     
  7. pfmartin

    pfmartin Well-Known Member

    Joined:
    Aug 18, 2001
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    cgi-sys scripts are not working for me. Do I need to do anything to get them to work? What\'s the hack mentioned above to get around this? I see a script fpsuexec. Is this supposed to fix the cgi-sys problem?
     
  8. pfmartin

    pfmartin Well-Known Member

    Joined:
    Aug 18, 2001
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    By the way, if you install the new apachebuild.sea, even if you do not run initsuexec, the suexec is started. I did not want to enable SUEXEC, but the apachebuild did it for me. FYI, beware.
     
  9. pfmartin

    pfmartin Well-Known Member

    Joined:
    Aug 18, 2001
    Messages:
    167
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    Had to disable all suexec because burst didn\'t have a fix for it when i called. The quickest way to disable it is to remove the suexec binary. Look at the apache startup log. You should see:

    [notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)


    Simply rename suexec to something else. That will turn it off.
     
  10. bdraco

    bdraco Guest

    You should no longer have to use the fixcartwithsuexec for new cart installs. Just going to the cart in the users cpanel will also fix the cart with suexec.

    -Nick
     
  11. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    Thank you SO much MrHits!

    --James
     
  12. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    Just FYI on this thread :

    On most machines, I still have FrontPage with \"security violations\".... \"blah de blah target program is not secure\"... and YES that is after running the FPsuexec patches, etc.

    And, the interchange cart still yields \"Internal Server error, explicitive explicitive\"..... FUN.
    That is after running the fix cartwithsuexec saviour script and after restarting interchange/apache.

    So basically, I don\'t think that Frontpage/Interchange is anywhere near workable with suexec, unless I am doing something wrong/missing a step.

    :)
     
  13. dzevad

    dzevad Well-Known Member

    Joined:
    Oct 7, 2001
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    6
    I have suexec enabled and Front page is working ok, and interchange too (i don\'t even have to run fix script). I have latest fp-update5.sea and apacheasp.sea installed. So it works :) . Thing is to find out what breaks on your server.

    Dzevad
     
  14. feanor

    feanor Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    836
    Likes Received:
    0
    Trophy Points:
    16
    Yea- I have better luck on some machines than others. What are the exact specs of that particular box that things are running flawlessly on?

    What exact flavor of Redhat/Mandrake? What kernel? If you are using the latest apache_upgrade.sea , then you have apache version 1.3.22 right?

    I realize these things have zer0 bearing for the most part I am just curious, trying to find a common theme or two.

    Thanks.

    :cool:
     
  15. dzevad

    dzevad Well-Known Member

    Joined:
    Oct 7, 2001
    Messages:
    95
    Likes Received:
    0
    Trophy Points:
    6
    Red Hat 7.1
    Kernel 2.4.2-2
    Apache 1.3.22
    suexec working
    I first installed buildapache.sea then fp-upgrade5.sea then apacheasp.sea
    and i didn\'t do any customization on it.
     
Loading...

Share This Page