HPE Community
Operating System - HP-UX
1753821 Members
9552 Online
108805 Solutions
New Discussion

suEXEC support for HP Apache

 
Ralph Grothe
Honored Contributor

‎01-17-2005 03:39 AM

‎01-17-2005 03:39 AM

suEXEC support for HP Apache

Hi,

before I give up with that HP port of the Apache webserver, and built it anew from the sources I think I should first try to search for help here.
There must be other admins that managed to enable suEXEC or someone from the HP personnel who knows where I went wrong.

Currently I've got this HP Apache installed on an L-Class running HP-UX 11.00

# swlist|grep -i web
B9416AA 2.0.39.05.03 HP Apache-based Web Server

Admitedly it isn't the latest (and thus possibly a bit patchy at parts more seldom used, like suEXEC), but the people who demanded an Apache claimed exactly this releaase (probably because they got used to it from another box)

Of course did I read carefully what suEXEC is all about and how it should be set up from the coders' docs here

http://httpd.apache.org/docs/suexec.html

If I had the sources, and header files (to be snatched when all this HP Apache fumbling continues to be misfortunate) there's also a receipe how to change the preprocessor's declarations directly

http://httpd.apache.org/docs/suexec_1_2.html


But also does the HP depot include instructions on how to activate suEXEC support for their port, as it was built with such.
So I read this document, and followed the instructions

# ll /opt/hpapache2/hp_apache_docs/suexec.admin.guide
-r--r--r-- 1 bin bin 11291 Aug 12 2002 /opt/hpapache2/hp_apache_docs/suexec.adm
in.guide

So I renamed the suexec.hide binary to suexec and checked that ownership an setuid as well as x-bits were set correctly

# ll /opt/hpapache2/bin/suexec
-rwsr-xr-x 1 root sys 92836 Aug 12 2002 /opt/hpapache2/bin/suexec


The httpd.conf was changed by me at points that looked relevant to me as far as CGI script execution as well as suEXEC support is concerned.
My requirement is to enable suEXEC for user accounts and their CGIs in their $HOME/public_html

To meet these my basic httpd.conf looks like so



LoadModule suexec_module modules/mod_suexec.so

ScriptAlias /cgi-bin/ "/opt/hpapache2/cgi-bin/"


AllowOverride None
Options None
Order allow,deny
Allow from all


AddHandler cgi-script .cgi .pl

UserDir public_html


AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec ExecCGI

Order allow,deny
Allow from all


Order deny,allow
Deny from all







Not to get interfered by mod_perl I commented these lines (were uncommented before)

#
# PerlModule ModPerl::Registry
#
# SetHandler perl-script
# PerlHandler ModPerl::Registry::handler
# Options +ExecCGI
# PerlOptions +ParseHeaders
#
#


As you can see from above the default ScriptingAlias in /cgi-bin/ was left untouched.
I only added the AddHandler for cgi-script to scatter ExecCGI here and there for certain locations as for the UserDir

I wrote a small Perl script (see attachment) that only displays EUID and EGID together with the process' environment.

Then I did a syntax check of httpd.conf and stopped and started the webserver.

In the error_log I could see that suEXEC was enabled.
But when I invoked the same showenv.cgi script (ownership of user saz) through the URL
http://localhost/~saz/showenv.cgi
I got a 503 as server response and the error_log recorded a segmentation fault. :-(


# tail -8 logs/error_log
[Mon Jan 17 16:49:50 2005] [notice] caught SIGTERM, shutting down
[Mon Jan 17 16:49:56 2005] [notice] suEXEC mechanism enabled (wrapper: /opt/hpapache2/bin/suexec)
[Mon Jan 17 16:49:56 2005] [notice] Digest: generating secret for digest authentication ...
[Mon Jan 17 16:49:56 2005] [notice] Digest: done
[Mon Jan 17 16:49:56 2005] [notice] HP Apache-based Web Server/2.0.39 (Unix) DAV/2 configured -- r
esuming normal operations
[Mon Jan 17 16:51:33 2005] [error] [client 10.25.8.8] Premature end of script headers: showenv.cgi

[Mon Jan 17 16:51:34 2005] [notice] child pid 24553 exit signal Segmentation fault (11)
[Mon Jan 17 16:51:39 2005] [error] [client 10.35.6.8] (3)No such process: cgid daemon is gone; is
Apache terminating?: /opt/hpapache2/cgi-bin/showenv.cgi
Madness, thy name is system administration
0 Kudos
Reply
1 REPLY 1
James Calfas
Occasional Advisor

‎01-12-2014 01:23 PM

‎01-12-2014 01:23 PM

Re: suEXEC support for HP Apache

suexec works on some versions of Apache and not others.  It doesn't work, for example, on version 2.2.15.  However it does work on later versions, such as 2.4.7.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.