Suexec problem

Discussion in 'General' started by MicioMax, Dec 19, 2013.

  1. MicioMax

    MicioMax New Member

    Hi, I'm installng Liquidfeedback on my ispconfig3 managed virtual host, on an Ubuntu 12.04 server. The app is composed by a bunch of LUA scripts.

    Scripts are located inside a subfolder of virtualhost path:

    lrwxrwxrwx 1 web8 client1   19 Dec 18 16:23 cgi-bin -> lqfb/webmcp/cgi-bin
    drwxr-xr-x 2 web8 client1 4096 Dec 19 09:46 log
    drwxr-xr-x 6 web8 client1 4096 Dec 18 16:21 lqfb
    cgi-bin is a symlink INSIDE web root, so from suexec docs it should work.

    with DEFAULT ubuntu permissions on suexec :
    -rwsr-xr-- 1 root www-data 18456 Jul 12 15:38 /usr/lib/apache2/suexec
    I get following error, in virtual host log :

    [Thu Dec 19 10:23:00 2013] [error] [client] (13)Permission denied: exec of '/usr/lib/apache2/suexec' failed
    [Thu Dec 19 10:23:00 2013] [error] [client] Premature end of script headers: webmcp-wrapper.lua
    So suexec wrapper isnt' executed.
    If I change suexec permissions and group (got from some other forums) like this :
    -rwsr-xr-x 1 root root 18456 Jul 12 15:38 /usr/lib/apache2/suexec
    I get following error from virtual host log:
    [Thu Dec 19 10:25:54 2013] [error] [client] suexec policy violation: see suexec log for more details
    [Thu Dec 19 10:25:54 2013] [error] [client] Premature end of script headers: webmcp-wrapper.lua
    and this one in suexec log:
    [2013-12-19 10:25:54]: user mismatch (web8 instead of www-data)
    Which shows suexec being executed as web8 user instead of www-data user.
    I tried different virtual host setups, the SuexecUserGroup directve is there and correct, but no way.

    Any suggestion ?

  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    www-data group owner for suexec should be correct, not root.
    Maybe your main apache is configured to run under a different user than www-data?
  3. MicioMax

    MicioMax New Member

    Nope, it runs some processes as root and spawns some processes as www-data.
    But I've seen that suexec calls are done as web8 (owner of virtual host) and not as www-data, which is weird. At least, it seems to me from suexec log.

    The only way I've found so far is to install suexec-custom, which allows suexec runs from other users than www-data.
    If I configure it to allow runs from web8 user it's ok.
    But I don't like this solution.

Share This Page