Hi, On Tue, 2006-01-24 at 13:22 -0500, Joshua Slive wrote: > On 1/24/06, Mario Ohnewald <mario@xxxxxxxxx> wrote: > > > When i tried to write a file to my homedir with php´s fwrite i got > > permission denied. So i guess its like you already told me. > > Php is not using the suexec yet. > > > > What documentation will i need next? > > (i found a few, but they are mostly buggy, incomplete or wrong) > > It depends on what you want to do. If you want to use php and suexec, > then you need to use php as a cgi script rather than an apache module. My documentation source: http://download1.swsoft.com/Confixx/ConfixxPro3.1/docs/manuals/en/en_install.pdf (...) 1.1.1 Apache (www.apache.org) If you want to permit CGI access to Apache, you should ensure that suEXEC has been set up accordingly. Without suEXEC, each CGI will be executed under the Apache user. For this reason, the CGI scripts have the same privileges as Apache users. Apache has “read only” privileges for system files/folders and for all user directories. This means that one Apache user can accesses other users’ data by running a simple CGI script. If suEXEC has been activated, CGI scripts are executed under the user who is registered in the Apache configuration file. (/...) Thats what i want to acomplish. (...) The virtual host entries generated by Confixx contain this information. If suEXEC is running on your system, you will find an entry in your Apache error log file similar to the following one: [notice] suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec) (/...) Thats what i get in my logs. (...) If there is no such entry, please check which path has been compiled in Apache for suEXEC by executing a “httpd -V” command. Please make sure that suEXEC can be called up using this path. (/...) apache2 -V Server version: Apache/2.0.54 Server built: Sep 5 2005 11:15:09 Server's Module Magic Number: 20020903:9 Architecture: 32-bit Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT="" -D SUEXEC_BIN="/usr/lib/apache2/suexec2" -D DEFAULT_PIDLOG="/var/run/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf" (...) Furthermore, the SUID bit must be set for the program suEXEC. suEXEC must be owned by user ’root’. (/...) ls -alh /usr/lib/apache2/suexec2 -rwsr-x--- 1 root www-data 11K Jan 15 22:42 /usr/lib/apache2/suexec2 (...) To enable CGI scripts operation in user directories while suEXEC is activated, ensure these directories are located in the document root of suEXEC. (/...) /usr/lib/apache2/suexec2 -V -D AP_DOC_ROOT="/home/www" -D AP_GID_MIN=100 -D AP_HTTPD_USER="www-data" -D AP_LOG_EXEC="/var/log/apache2/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="html" (...) If the input is similar, it means that any directory inside /home/www would be appropriate. If you are unable to move user directories to this document root, you must re-compile suEXEC. [Wed Jan 25 15:15:08 2006] [error] [client 192.168.1.201] Premature end of script headers: test.php [Wed Jan 25 15:15:08 2006] [error] [client 192.168.1.201] Error in suphp.c on line 256: Inappropriate permissions set on script (/...) Okay, so far it looks like i am on track. The error i get now is the following: ------------------------------------------------------------------- [error] [client 192.168.1.201] Premature end of script headers: test.php [error] [client 192.168.1.201] Error in suphp.c on line 256: Inappropriate permissions set on script ls -alh /home/www/web7/html/joomla/test.php -rwxrwxrwx 1 web7 web7 761 Jan 24 18:12 /home/www/web7/html/joomla/test.php Any further ideas? Thanks, Mario --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|