RE: [users@httpd] suexec with mod_chroot: "command not in docroot "

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Cwd is current working directory, it is an environment variable.  At least
from what I understand.  I am not sure what dwd is though.  Have you tried
to use truss or strace to see if you are missing a command in your chrooted
environment?  What OS are you using?

-----Original Message-----
From: dAniel hAhler [mailto:apache-users@xxxxxxxxxx] 
Sent: Wednesday, July 20, 2005 12:58 AM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] suexec with mod_chroot: "command not in docroot"


Hi,

I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems 
with suexec complaining:

[2005-07-20 06:28:13]: uid: (1003/xxxxx) gid: (1003/1003) cmd: 
php4-fcgi-starter
[2005-07-20 06:28:13]: command not in docroot 
(/fcgi-scripts/web2/php4-fcgi-starter)

php4-fcgi-starter is a script that should start php-fcgi (I'm using 
mod_fastcgi).

My suexec-docroot is "/", because of mod_chroot:
# /usr/lib/apache2/suexec2 -V
 -D AP_DOC_ROOT="/"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="www-data"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

Therefor I have rebuild the Ubuntu package from source (got the error
"cannot 
get docroot information (/var/www)" before).

>From suexec.c it is this part that throws the error:
   if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
        log_err("command not in docroot (%s/%s)\n", cwd, cmd);
        exit(114);
    }

I'm not sure, what cwd and dwd are set to, but it errors here.. :(

btw: this error message should be changed into something more verbose:
log_err("command (%s/%s) not in docroot (%s)\n", cwd, cmd, dwd); like some
of the others, too.

It is really frustrating and would be much easier in my humble opinion, if 
suexec would have a chroot() functianality.

Do you have any suggestions? Is it a bug in suexec?

Thanks for any ideas and suggestions.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux