On Wednesday 20 July 2005 17:12, Gold, Samuel (Contractor) wrote:
> Cwd is current working directory, it is an environment variable. At least
> from what I understand. I am not sure what dwd is though. Have you tried
> to use truss or strace to see if you are missing a command in your chrooted
> environment? What OS are you using?
I've used makejail to make sure that all libs are there. It does not seem to
be a lib thing IMHO.
I find it interesting what Joshua writes:
> Your problem is probably that getcwd is returning the full
> (non-chrooted) path to AP_DOC_ROOT inside the jail. I don't know how
> to get around that.
Does anybody have a idea, how I could test for that?
My other plan is to try sbox - it may handle the situation better.
Now, I'm rebuilding the Ubuntu apache2 package from source (the second time),
with a more informative error message (outputting dwd).
Let's see.
>
> -----Original Message-----
> From: dAniel hAhler [mailto:apache-users@xxxxxxxxxx]
> Sent: Wednesday, July 20, 2005 12:58 AM
> To: users@xxxxxxxxxxxxxxxx
> Subject: [users@httpd] suexec with mod_chroot: "command not in docroot"
>
>
> Hi,
>
> I've installed mod_chroot for Apache (2.0.53-Ubuntu), but have now problems
> with suexec complaining:
>
> [2005-07-20 06:28:13]: uid: (1003/xxxxx) gid: (1003/1003) cmd:
> php4-fcgi-starter
> [2005-07-20 06:28:13]: command not in docroot
> (/fcgi-scripts/web2/php4-fcgi-starter)
>
> php4-fcgi-starter is a script that should start php-fcgi (I'm using
> mod_fastcgi).
>
> My suexec-docroot is "/", because of mod_chroot:
> # /usr/lib/apache2/suexec2 -V
> -D AP_DOC_ROOT="/"
> -D AP_GID_MIN=100
> -D AP_HTTPD_USER="www-data"
> -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
> -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
> -D AP_UID_MIN=100
> -D AP_USERDIR_SUFFIX="public_html"
>
> Therefor I have rebuild the Ubuntu package from source (got the error
> "cannot
> get docroot information (/var/www)" before).
>
> From suexec.c it is this part that throws the error:
> if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
> log_err("command not in docroot (%s/%s)\n", cwd, cmd);
> exit(114);
> }
>
> I'm not sure, what cwd and dwd are set to, but it errors here.. :(
>
> btw: this error message should be changed into something more verbose:
> log_err("command (%s/%s) not in docroot (%s)\n", cwd, cmd, dwd); like some
> of the others, too.
>
> It is really frustrating and would be much easier in my humble opinion, if
> suexec would have a chroot() functianality.
>
> Do you have any suggestions? Is it a bug in suexec?
>
> Thanks for any ideas and suggestions.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info. To
> unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|