B
bdraco
Guest
I\'m trying to get an idea of what breaks when suexec is turned on. Any comments would be helpful.
B
bdraco
Guest
I know frontpage and cgi-sys don\'t work and I can hack around that problem. However I\'d like to know if there is anything else anyone can think of ..
My experience.... due to an unforunate mis-type of the keyboard..
1) all shopping carts cease working until you execute \"fixcartwithsuexec\"
2) yes.. cgi-sys which affects the coutners.. banner rotators...FormMail..etc
3) For whatever reason, scripts that call server applications such as sendmail, mysql, or any other application not owned by them cease to function.
Suggestions:
Make a \"suexec off\" script.
Otherwise, the same problem I had, might happen to others:
My story....
After suexec is turned on. There is no going back. (at least for me)
If you try and turn suexec off, by commenting out all the Group/User additions from the httpd.conf file, every time a new account is created, all of the User/Group entries are re-added again.
Fine...so figure out what is addig this entry..logically, it would be wwwaccct
Bingo...
Comment out the system call that calls initsuexec in wwwacct.
Excellent..that worked...BUT!
When mysteriously, wwwacct was recreated by some kind of daemon. The server knew i chagned the file, and it repaired itself :-(
So.. next step,
cat /dev/null>/scripts/initsuexec
oh no.. this file keeps recreating itself..
FINE, we have to get nasty:
LOCK initsuexec to preven ANYTHING being written to it.
chattr +i /scripts/initsuexec
Excellent. Now User/Group is not added to httpd.conf anymore. And even though wwwacct keeps getting re-written, nothing can be written to initsuexec, which is fine with me.
Maybe there was an easier way, and I just did not know what it was.
Thanks Bradco,
cpanel has made my life eaier, its an awesome application.
- Jeremy
[Edited on 12/16/01 by MrHits]
[Edited on 12/16/01 by MrHits]
1) all shopping carts cease working until you execute \"fixcartwithsuexec\"
2) yes.. cgi-sys which affects the coutners.. banner rotators...FormMail..etc
3) For whatever reason, scripts that call server applications such as sendmail, mysql, or any other application not owned by them cease to function.
Suggestions:
Make a \"suexec off\" script.
Otherwise, the same problem I had, might happen to others:
My story....
After suexec is turned on. There is no going back. (at least for me)
If you try and turn suexec off, by commenting out all the Group/User additions from the httpd.conf file, every time a new account is created, all of the User/Group entries are re-added again.
Fine...so figure out what is addig this entry..logically, it would be wwwaccct
Bingo...
Comment out the system call that calls initsuexec in wwwacct.
Excellent..that worked...BUT!
When mysteriously, wwwacct was recreated by some kind of daemon. The server knew i chagned the file, and it repaired itself :-(
So.. next step,
cat /dev/null>/scripts/initsuexec
oh no.. this file keeps recreating itself..
FINE, we have to get nasty:
LOCK initsuexec to preven ANYTHING being written to it.
chattr +i /scripts/initsuexec
Excellent. Now User/Group is not added to httpd.conf anymore. And even though wwwacct keeps getting re-written, nothing can be written to initsuexec, which is fine with me.
Maybe there was an easier way, and I just did not know what it was.
Thanks Bradco,
cpanel has made my life eaier, its an awesome application.
- Jeremy
[Edited on 12/16/01 by MrHits]
[Edited on 12/16/01 by MrHits]
B
bdraco
Guest
Nick, [quote:a1466b1762]everything should be fixed except for the cart .. but that can be fixed with the script.
[/quote:a1466b1762]
Do you have any timing on fixing this stuff?
Will PHP scripts be affected by suexec (when creating directories and files through a script for example)? Just now, the scipt creates the files as nobody.
[/quote:a1466b1762]
Do you have any timing on fixing this stuff?
Will PHP scripts be affected by suexec (when creating directories and files through a script for example)? Just now, the scipt creates the files as nobody.
Had to disable all suexec because burst didn\'t have a fix for it when i called. The quickest way to disable it is to remove the suexec binary. Look at the apache startup log. You should see:
[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)
Simply rename suexec to something else. That will turn it off.
[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)
Simply rename suexec to something else. That will turn it off.
B
bdraco
Guest
You should no longer have to use the fixcartwithsuexec for new cart installs. Just going to the cart in the users cpanel will also fix the cart with suexec.
-Nick
-Nick
Just FYI on this thread :
On most machines, I still have FrontPage with \"security violations\".... \"blah de blah target program is not secure\"... and YES that is after running the FPsuexec patches, etc.
And, the interchange cart still yields \"Internal Server error, explicitive explicitive\"..... FUN.
That is after running the fix cartwithsuexec saviour script and after restarting interchange/apache.
So basically, I don\'t think that Frontpage/Interchange is anywhere near workable with suexec, unless I am doing something wrong/missing a step.
On most machines, I still have FrontPage with \"security violations\".... \"blah de blah target program is not secure\"... and YES that is after running the FPsuexec patches, etc.
And, the interchange cart still yields \"Internal Server error, explicitive explicitive\"..... FUN.
That is after running the fix cartwithsuexec saviour script and after restarting interchange/apache.
So basically, I don\'t think that Frontpage/Interchange is anywhere near workable with suexec, unless I am doing something wrong/missing a step.
Yea- I have better luck on some machines than others. What are the exact specs of that particular box that things are running flawlessly on?
What exact flavor of Redhat/Mandrake? What kernel? If you are using the latest apache_upgrade.sea , then you have apache version 1.3.22 right?
I realize these things have zer0 bearing for the most part I am just curious, trying to find a common theme or two.
Thanks.
What exact flavor of Redhat/Mandrake? What kernel? If you are using the latest apache_upgrade.sea , then you have apache version 1.3.22 right?
I realize these things have zer0 bearing for the most part I am just curious, trying to find a common theme or two.
Thanks.
