Contributed by jose on from the help! dept.
I've been trying to get suexec running for a few hours now: searched google and mailling lists, chatted with a few people, but I can't find the solution.
I enabled suexec by doing this:
# chmod u+s /usr/sbin/suexecAs far as I know I've configured the VirtualHost ok, but when I try to run a CGI script with suexec, I get this error:
(9)Bad file descriptor: getpwuid: invalid userid 1010When I unchroot apache, everything works fine, but I just can't find out what I need to have into the chroot. I am running OpenBSD 3.3 -stable and I could really use some help." Sounds like a lack of a complete chroot environment and a missing password database. Is there anything else missing or that should be stated?
(Comments are closed)
By Anonymous Coward () on
sin the suexec executable is /usr/sbin... apache won't be able to access it..
By Anonymous Coward () on
file..
By Wouter () on
It looks like suexec is accessed outside the chroot anyway.
By Anonymous Coward () on
But what are the security implications of it? Having a SUID executable inside the chroot is a risk, right? Or has suexec been thoroughly audited, that it isn't that much of a risk?
Could maybe someone shed some light on this?
Comments
By Anonymous Coward () on
By dptth () on
/var is mounted nosuid by default, so suid programs will not work as expected here
Comments
By Wouter () on
Comments
By dptth () on
Comments
By Anonymous Coward () on
?
Not by definition. Depends on setup.
Comments
By dptth () on
Comments
By Anonymous Coward () on
Comments
By dptth () on
By Wouter () on
Now I get this error:
[2003-06-19 18:55:14]: emerg: cannot get docroot information (/var/www/htdocs)
DocumentRoot of the site is /var/www/htdocs/domain.com/ So I really don't know what's the problem now...
Comments
By jose () on http://monkey.org/~jose/
Comments
By Wouter () on
By Anonymous Coward () on
Comments
By Anonymous Coward () on
/var/www/var -> .
/var/www/www -> .
^_^
By Anonymous Coward () on
By chris humphries () on unixfu.net
By Piotr Kapczuk () on
Here's my hint.
I didn't want to touch MTU on physical interfaces, because sometimes it
can cause problems. I found 'scrub max-mss' feature in PF very helpful.
Thanks to these lines I don't have to worry about MTU anymore. TCP/IP
negotiation takes care about this, and bigger packets will newer show
up.
scrub in on enc0 all max-mss 1300
scrub out on enc0 all max-mss 1300
Comments
By Piotr Kapczuk () on