Apache :: Warning - SuexecUserGroup Directive Requires SUEXEC Wrapper
Nov 27, 2013
Why this error might have started to appear? I am fairly new to apache and was trying to harden it up.
I am use CentOS:
Server version: Apache/2.2.25 (Unix)
Server built: Oct 7 2013 17:21:18
Cpanel::Easy::Apache v3.22.14 rev9999
I was trying to add a group to control access to specific groups to enforce some security:
chown -R root:root /usr/local/apache/bin
chmod -R 770 /usr/local/apache/bin
chown -R root:root /usr/local/apache/conf
chmod -R 770 /usr/local/apache/conf
groupadd apacheadmin
groupadd apache
useradd -d /usr/local/apache/htdocs -g apache -s /bin/false apache
I think this is a permission issue.
View 1 Replies
ADVERTISEMENT
Oct 20, 2009
I need to change the server configuration on Plesk such that the SuexecUserGroup directive is removed, so the user's cgi scripts run as the apache user (www-data), rather than as the user specified in that directive (the domain user), as on an unshared (non-VPS) server. I don't care about security from other domains because only one domain runs on it anyway, so making the user domain-specific is irrelevant from a security point of view and stops some of the user's code working.
This directive is found in
/var/www/vhosts/domainname.com/conf/httpd.include
and is:
SuexecUserGroup user psacln
(this line appears twice, for ports 443 and 80)
I understand that this file can't be modified, as it may be overwritten by Plesk. Therefore additional directives must go in the vhost.conf file.
Will the following vhost.conf file do the trick and override the directives in httpd.include?
<VirtualHost domainIP:443>
SuexecUserGroup www-data www-data
</VirtualHost>
<VirtualHost domainIP:80>
SuexecUserGroup www-data www-data
</VirtualHost>
View 1 Replies
View Related
Dec 17, 2008
I have just switched from mod_php to fastcgi + suexec, but now trying to use the ab command times out :
ab -n 10000 -c 100 [url]
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, [url]
Copyright 2006 The Apache Software Foundation, [url]
Benchmarking www.example.com (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
apr_poll: The timeout specified has expired (70007)
Total of 7422 requests completed
Then I get a bunch of emails from LFD ....
View 0 Replies
View Related
Jan 3, 2007
First uninstall your existing PHP.
Install httpd-devel
Second compile a new PHP with support of cgi/fcgi:
Code:
./configure --prefix=/usr/local/php-fcgi --enable-fastcgi --enable-memory-limit --with-mysql=shared,/usr --enable-discard-path --enable-force-cgi-redirect --with-imap=shared,/usr --with-gd=shared,/usr --with-libxml=shared,/usr --with-mbstring=shared --with-freetype-dir=/usr --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-kerberos --with-imap-ssl
make
make install
To solve the errors during configure problems take a look at this:
[url]
Next you'll need to download/install fcgid:
Code:
wget http://www.fastcgi.com/dist/fcgi-2.4.1-SNAP-0311112127.tar.gz
tar xfvz fcgi-2.4.1-SNAP-0311112127.tar.gz
cd fcgi-2.4.1-SNAP-0311112127
./configure
make
make install
Next you'll need to compile/install mod_fastcgi for Apache 2.2.2:
Code:
wget [url]
tar xfvz mod_fastcgi-SNAP-0404142202.tar.gz
cd fcgi-2.4.1-SNAP-0311112127
Now we need to apply a patch so mod_fastcgi compiles with Apache 2.2. Put the following into a file:
Code:
diff -ruN mod_fastcgi-2.4.2/Makefile.AP2 mod_fastcgi-2.4.2.for22/Makefile.AP2
--- mod_fastcgi-2.4.2/Makefile.AP2Mon Jul 29 03:36:34 2002
+++ mod_fastcgi-2.4.2.for22/Makefile.AP2Mon Dec 5 13:05:21 2005
@@ -20,8 +20,6 @@
all: local-shared-build
-install: install-modules
-
clean:
-rm -f *.o *.lo *.slo *.la
diff -ruN mod_fastcgi-2.4.2/fcgi_buf.c mod_fastcgi-2.4.2.for22/fcgi_buf.c
--- mod_fastcgi-2.4.2/fcgi_buf.cTue Feb 4 00:07:37 2003
+++ mod_fastcgi-2.4.2.for22/fcgi_buf.cMon Dec 5 12:59:01 2005
@@ -50,7 +50,7 @@
{
Buffer *buf;
- buf = (Buffer *)ap_pcalloc(p, sizeof(Buffer) + size);
+ buf = (Buffer *)apr_pcalloc(p, sizeof(Buffer) + size);
buf->size = size;
fcgi_buf_reset(buf);
return buf;
@@ -487,7 +487,7 @@
char *new_elts;
int new_nalloc = (arr->nalloc <0>nelts + n;
- new_elts = ap_pcalloc(arr->pool, arr->elt_size * new_nalloc);
+ new_elts = apr_pcalloc(arr->pool, arr->elt_size * new_nalloc);
memcpy(new_elts, arr->elts, arr->nelts * arr->elt_size);
arr->elts = new_elts;
diff -ruN mod_fastcgi-2.4.2/fcgi_config.c mod_fastcgi-2.4.2.for22/fcgi_config.c
--- mod_fastcgi-2.4.2/fcgi_config.cThu Oct 30 02:08:34 2003
+++ mod_fastcgi-2.4.2.for22/fcgi_config.cMon Dec 5 12:59:01 2005
@@ -50,7 +50,7 @@
/* Convert port number */
tmp = (u_short) strtol(portStr, &cvptr, 10);
if (*cvptr != '' || tmp <1> USHRT_MAX)
- return ap_pstrcat(p, "bad port number "", portStr, """, NULL);
+ return apr_pstrcat(p, "bad port number "", portStr, """, NULL);
*port = (unsigned short) tmp;
@@ -75,11 +75,11 @@
tmp = strtol(txt, &ptr, 10);
if (*ptr != '') {
- return ap_pstrcat(p, """, txt, "" must be a positive integer", NULL);
+ return apr_pstrcat(p, """, txt, "" must be a positive integer", NULL);
}
if (tmp <min> USHRT_MAX) {
- return ap_psprintf(p, ""%u" must be >= %u and <u>= %u and <u cp=''>= %d", *num, min);
+ return apr_psprintf(p, ""%d" must be >= %d", *num, min);
}
return NULL;
@@ -126,9 +126,9 @@
*num = (u_int)strtol(val, &ptr, 10);
if (*ptr != '')
- return ap_pstrcat(p, """, val, "" must be a positive integer", NULL);
+ return apr_pstrcat(p, """, val, "" must be a positive integer", NULL);
else if (*num < min)
- return ap_psprintf(p, ""%u" must be >= %u", *num, min);
+ return apr_psprintf(p, ""%u" must be >= %u", *num, min);
return NULL;
}
@@ -147,9 +147,9 @@
*num = (float) strtod(val, &ptr);
if (*ptr != '')
- return ap_pstrcat(p, """, val, "" is not a floating point number", NULL);
+ return apr_pstrcat(p, """, val, "" is not a floating point number", NULL);
if (*num <min> max)
- return ap_psprintf(p, ""%f" is not between %f and %f", *num, min, max);
+ return apr_psprintf(p, ""%f" is not between %f and %f", *num, min, max);
return NULL;
View 2 Replies
View Related
Dec 19, 2008
i have apache 2 and centos with plesk . when i see my apache error log it shows me :
[Fri Dec 19 05:56:35 2008] [error] [client ::1] Directory index forbidden by Options directive: /var/
www/html/
View 1 Replies
View Related
Jun 18, 2007
i am trying to setup a VPS with:
Apache Suexec, so that each VHosts runs under there own username
FTP for each of the vhosts.
I have made a username aplushost and FTP works fine when i login, however when i try and get Suexec to work it shows a 403 permision dined, even know the whole directroy path is with correct permsions.
"/home/aplushost/www"
However if i chown the directroy "aplushost" to apaches username , currently "nobody" i have tried with "apache" and many others the page is displayed correctly.
The weird thing is that the www directroy can still be set to the aplushost username and files work inside.
However due to changing the privalages of the folder aplushost ftp now fails to login due to the folder not being owned by the ftp user "aplushost".
So im stuck between only having one item working at a time.
i have put some content of my config files.
----------httpd.conf vhosts------------------
<VirtualHost 87.117.196.247>
DocumentRoot "/home/aplushost/www"
ServerName aplushost.co.uk
SuexecUserGroup aplushost aplushost
<Directory "/home/aplushost/www">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
---------------passwd file----------------
aplushost:x:500:99::/home/aplushost/www:/sbin/nologin
(Have tried with many different shells, no difference, also tried with home directroy as just /home/aplushost)
View 6 Replies
View Related
Mar 20, 2015
I have manually removed a user from the Ubuntu OS. The user isn't present in the Plesk-UI too.On my Vhosts SuexecUserGroup is still set to this non existent user. So the apache can't restart...
Apache message:
bad user name xxx
Action 'configtest' failed.
Are there corresponding UI-fields in Plesk or can I edit any Plesk-Db-Table to fix this?How is SuexecUserGroup set by Plesk?
View 2 Replies
View Related
May 1, 2009
I have been seeing this error in my apache error log for a while
Quote:
WARNING: MaxClients of 1024 exceeds ServerLimit value of 10 servers,
lowering MaxClients to 10. To increase, please see the ServerLimit
directive.
why apache give out this warning, when its configured as "ServerLimit 1024" in httpd.conf
Quote:
<IfModule prefork.c>
StartServers 10
MinSpareServers 5
MaxSpareServers 75
ServerLimit 1024
MaxClients 1024
MaxRequestsPerChild 1000
</IfModule>
View 14 Replies
View Related
Dec 10, 2008
I moved my whole account from one server to another but now the add-on domains inside the main domain are not working. When I try to re-add the domains in the new host's cpanel, it says:
Quote:
Error from park wrapper: domain.org is already configured.
What file is it on the server that holds this information? I really need to remove this domain name from there so I can re-add it.
View 5 Replies
View Related
Apr 16, 2007
I am using joomla and a script called Olate Download for my site. So I have made olate to display in a joomla wrapper.
what i want to know is how to redirect the olate pages to the joomla wrapper. the pages when indexed in google etc are linked directly to the olate without the wrapper. so what i would like to do is redirect all the incoming olate links to the joomla wrapper ( i understand it will be same page) but also want the search engines to index the olate pages without any problems.
i think this can be done using htaccess. so someone please tell me how to create such a rule. it should redirect all the users which is not reffered from my site to the joomla wrapper except search engine spiders.
View 0 Replies
View Related
Feb 28, 2008
OS: Linux Red Hat 5
Control Panel: CPanel
Our customer lately complained to us about parked domain.
He parked a domain domain.name but the problem is that i can't find that an entry for that domain. I mean its not in "Parked Domains" where i ussually find normally created domains.
When i attempt to recreate a parked domain, it says that
Quote:
Error from park wrapper: domain.name is already configured.
And whenever i make a query
[url]it says that
Quote:
Unable to find out which user owns the parked domain domain.name.
However the domain seem to work correctly. Whenever i visit it in browser i see a preconfigured message "Server Online"
View 4 Replies
View Related
Jan 29, 2014
I use Windows 7, running Apache VC10 in the XAMPP environment. It worked well, I am a newbie, it runned smoothly to programe a brief static page. Now I have everytime this logerror... I didn't change anything in the files and scripts of my apache folder...
[Wed Jan 22 21:12:15.178559 2014] [ssl:warn] [pid 3392:tid 264] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Jan 22 21:12:15.272159 2014] [core:warn] [pid 3392:tid 264] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Code].....
View 2 Replies
View Related
May 12, 2009
What is the technical obligation to have a dedicated IP address for SSL?
Can a different SSL certificate not just be setup for each vhost individually? The certs are based on hostname, right?
what's stopping me from using one IP per server as opposed to one IP per website for active services/projects.
View 6 Replies
View Related
Aug 8, 2008
We host for a company that has its email on another server. Everything works fine with the DNS changes already made.
However, Outlook has an autodiscover feature that requires an additional DNS entry and I am at a loss as to what record type to use.
They had it set up on their old host as:
autodiscover.lif?.com to point to "autodiscoverredirect003.in?.net"
Does anyone know which record type to use for this?
View 0 Replies
View Related
May 31, 2009
I'm used to CPanel in which I can access phpMyAdmin without getting prompted for an additional login. With DirectAdmin, when I access phpMyAdmin I get a popup asking me for username/password. Is this standard behavior, or something with my DirectAdmin config? I prefer not having to type in an additional login to access phpMyAdmin.
View 4 Replies
View Related
May 20, 2014
I have a freshly installed 'Microsoft Windows Server 2008 R2 Service Pack 1' VPS with Plesk 11.5.30.When installing certain applications (for example, Dolphin, Elgg), it halts with the following error message: Requirements: Apache module - The app requires the 'rewrite' web server module
When I check in Windows IIS Manager under Modules, I see RewriteModule is installed as a native module.When checking the KB about this issue: URL..it says to enable the rewrite module by ticking it in the 'Configure native modules' box.However, that module is not even listed there, even though it clearly is listed in the main module overview as a native module.
Also, in Plesk > Tools & Settings > Server Management > Panel Components, URL rewrite is also listed: URL Rewrite [Active] IIS URL Rewrite Module 2 7.2.2
View 1 Replies
View Related
Jun 20, 2008
I am currently installing lxadmin in my webserver, but during the intallation i received a alert message from my "settroubleshootebrowser" saying:
SummarySELinux is preventing /usr/local/lxlabs/ext/php/php from loading /usr/local/lxlabs/ext/php/lib/mysql.so which requires text relocation.
Allowing AccessIf you trust:
/usr/local/lxlabs/ext/php/lib/mysql.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so
This message was for thwe SQL and Zend optimizer.
My Question is, where do i find the "chcon -t textrel_shlib_t" file allow access?
View 3 Replies
View Related
Oct 11, 2007
I am having this problem my mail server does not work i am having this message: 500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!
View 2 Replies
View Related
Jan 14, 2007
I am getting this error in apache,
[warn] VirtualHost xx.xx.xx.xxx:xx overlaps with VirtualHost xx.xx.xx.xxx:xx, the first has precedence, perhaps you need a NameVirtualHost directive
View 1 Replies
View Related
Feb 17, 2015
If you rename a domain, fail2ban will stop working, since it still tries to open the old path the the web access log.
One workaround is to restart the server after renaming the domain, then fail2ban paths are updated.
I'm using plesk 12.0.18.
View 8 Replies
View Related
Jun 6, 2009
For the RLimitCPU directive in httpd.conf
when i set a limit say RLimitCPU 20 30
for a dual core or quad core, does that mean 20% of each cpu, so for a dual core its will be 40% total (20% x 2 cpu) or is it 20% total of all cpu?
View 1 Replies
View Related
Jul 20, 2009
I am having the error in all the cpanel of the server when i contactected the cpanel they asked to change the permission of the all the domains using the bash command can one can help in running the commands so that all the permission changes properly ....
View 10 Replies
View Related
Oct 28, 2007
We switched to Debian Etch on our server. But we are facing a real big problem. We can not increase the MaxClients directive on Apache. It gives this error:
WARNING: MaxClients of 500 exceeds ServerLimit value of 256 servers,
lowering MaxClients to 256. To increase, please see the ServerLimit
directive.
ServerLimit is already listed on our httpd.conf. But it does not make any difference.
<IfModule prefork.c>
StartServers 20
MinSpareServers 10
MaxSpareServers 15
StartServers 5
MaxClients 500
MaxRequestsPerChild 3000
ServerLimit 600
</IfModule>
How can we increase the ServerLimit?
View 2 Replies
View Related
Jan 9, 2006
HI
I'm using CPANEL/WHM in my server
I tried to change the the backup bath to /backup
but it show's this error
[a fatal error or timeout occurred while processing this directive]
any idea ??
View 9 Replies
View Related
Jul 11, 2007
Getting this error constantly when accessing user's cpanel.
This shows up in the dedicated IP address column/row only
a fatal error or timeout occurred while processing this directive
I did /scripts/upcp --force numerous times, did not fix the error.
My resolv.conf is fine too
View 6 Replies
View Related
Nov 7, 2007
I got a dedicated box recently and have made quite a few changes some of which I learnt about while making them. While this may sound like a silly thing to do I think it's a great learning curve.
I've come across an issue that I cannot find a fix for it is
Quote:
Unable to understand response from admin bin: apache sent: GETDOMAINIP xxxxx received:[]: Illegal seek at /usr/local/cpanel/Cpanel/AdminBin.pm line 140.
Cpanel::AdminBin::adminfetch('apache', '/usr/local/apache/conf/httpd.conf', 'GETDOMAINIP', 'scalar', 'xxx.com') called at /usr/local/cpanel/Cpanel/UserDomainIp.pm line 23
Cpanel::UserDomainIp::getdomainip('xxx.com') called at /usr/local/cpanel/Cpanel/ExpVar.pm line 184
Cpanel::ExpVar::expvar('$hasdedicatedip') called at cpanel.pl line 1748
main::execiftag('<cpanelif $hasdedicatedip>') called at cpanel.pl line 4419
main::dotag(undef) called at cpanel.pl line 4308
main::cpanel_parseblock('SCALAR(0x90e7eb8)') called at cpanel.pl line 4262
main::cpanel_parse('GLOB(0x9336048)') called at cpanel.pl line 1104
note I have changed the domain values to xxx.
View 0 Replies
View Related
Apr 23, 2009
Do you have any idea for patch PHP suEXEC with "ln" command?
View 9 Replies
View Related
