Apache :: Warning - SuexecUserGroup Directive Requires SUEXEC Wrapper

Nov 27, 2013

Why this error might have started to appear? I am fairly new to apache and was trying to harden it up.

I am use CentOS:

Server version: Apache/2.2.25 (Unix)
Server built: Oct 7 2013 17:21:18
Cpanel::Easy::Apache v3.22.14 rev9999

I was trying to add a group to control access to specific groups to enforce some security:

chown -R root:root /usr/local/apache/bin
chmod -R 770 /usr/local/apache/bin

chown -R root:root /usr/local/apache/conf
chmod -R 770 /usr/local/apache/conf

groupadd apacheadmin

groupadd apache
useradd -d /usr/local/apache/htdocs -g apache -s /bin/false apache

I think this is a permission issue.

View 1 Replies


ADVERTISEMENT

Using Vhost.conf To Override Suexec Directive In Httpd.include

Oct 20, 2009

I need to change the server configuration on Plesk such that the SuexecUserGroup directive is removed, so the user's cgi scripts run as the apache user (www-data), rather than as the user specified in that directive (the domain user), as on an unshared (non-VPS) server. I don't care about security from other domains because only one domain runs on it anyway, so making the user domain-specific is irrelevant from a security point of view and stops some of the user's code working.

This directive is found in
/var/www/vhosts/domainname.com/conf/httpd.include
and is:
SuexecUserGroup user psacln
(this line appears twice, for ports 443 and 80)

I understand that this file can't be modified, as it may be overwritten by Plesk. Therefore additional directives must go in the vhost.conf file.

Will the following vhost.conf file do the trick and override the directives in httpd.include?

<VirtualHost domainIP:443>
SuexecUserGroup www-data www-data
</VirtualHost>
<VirtualHost domainIP:80>
SuexecUserGroup www-data www-data
</VirtualHost>

View 1 Replies View Related

FastCGI- (apache 2.2, Php 5.1, Suexec)

Dec 17, 2008

I have just switched from mod_php to fastcgi + suexec, but now trying to use the ab command times out :

ab -n 10000 -c 100 [url]
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, [url]
Copyright 2006 The Apache Software Foundation, [url]
Benchmarking www.example.com (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
apr_poll: The timeout specified has expired (70007)
Total of 7422 requests completed

Then I get a bunch of emails from LFD ....

View 0 Replies View Related

Apache 2.2 + Suexec + Mod_fastcgi

Jan 3, 2007

First uninstall your existing PHP.

Install httpd-devel

Second compile a new PHP with support of cgi/fcgi:

Code:
./configure --prefix=/usr/local/php-fcgi --enable-fastcgi --enable-memory-limit --with-mysql=shared,/usr --enable-discard-path --enable-force-cgi-redirect --with-imap=shared,/usr --with-gd=shared,/usr --with-libxml=shared,/usr --with-mbstring=shared --with-freetype-dir=/usr --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-kerberos --with-imap-ssl

make

make install
To solve the errors during configure problems take a look at this:
[url]

Next you'll need to download/install fcgid:

Code:
wget http://www.fastcgi.com/dist/fcgi-2.4.1-SNAP-0311112127.tar.gz
tar xfvz fcgi-2.4.1-SNAP-0311112127.tar.gz
cd fcgi-2.4.1-SNAP-0311112127
./configure
make
make install
Next you'll need to compile/install mod_fastcgi for Apache 2.2.2:

Code:
wget [url]
tar xfvz mod_fastcgi-SNAP-0404142202.tar.gz
cd fcgi-2.4.1-SNAP-0311112127
Now we need to apply a patch so mod_fastcgi compiles with Apache 2.2. Put the following into a file:

Code:

diff -ruN mod_fastcgi-2.4.2/Makefile.AP2 mod_fastcgi-2.4.2.for22/Makefile.AP2
--- mod_fastcgi-2.4.2/Makefile.AP2Mon Jul 29 03:36:34 2002
+++ mod_fastcgi-2.4.2.for22/Makefile.AP2Mon Dec 5 13:05:21 2005
@@ -20,8 +20,6 @@

all: local-shared-build

-install: install-modules
-
clean:
-rm -f *.o *.lo *.slo *.la

diff -ruN mod_fastcgi-2.4.2/fcgi_buf.c mod_fastcgi-2.4.2.for22/fcgi_buf.c
--- mod_fastcgi-2.4.2/fcgi_buf.cTue Feb 4 00:07:37 2003
+++ mod_fastcgi-2.4.2.for22/fcgi_buf.cMon Dec 5 12:59:01 2005
@@ -50,7 +50,7 @@
{
Buffer *buf;

- buf = (Buffer *)ap_pcalloc(p, sizeof(Buffer) + size);
+ buf = (Buffer *)apr_pcalloc(p, sizeof(Buffer) + size);
buf->size = size;
fcgi_buf_reset(buf);
return buf;
@@ -487,7 +487,7 @@
char *new_elts;
int new_nalloc = (arr->nalloc <0>nelts + n;

- new_elts = ap_pcalloc(arr->pool, arr->elt_size * new_nalloc);
+ new_elts = apr_pcalloc(arr->pool, arr->elt_size * new_nalloc);
memcpy(new_elts, arr->elts, arr->nelts * arr->elt_size);

arr->elts = new_elts;
diff -ruN mod_fastcgi-2.4.2/fcgi_config.c mod_fastcgi-2.4.2.for22/fcgi_config.c
--- mod_fastcgi-2.4.2/fcgi_config.cThu Oct 30 02:08:34 2003
+++ mod_fastcgi-2.4.2.for22/fcgi_config.cMon Dec 5 12:59:01 2005
@@ -50,7 +50,7 @@
/* Convert port number */
tmp = (u_short) strtol(portStr, &cvptr, 10);
if (*cvptr != '' || tmp <1> USHRT_MAX)
- return ap_pstrcat(p, "bad port number "", portStr, """, NULL);
+ return apr_pstrcat(p, "bad port number "", portStr, """, NULL);

*port = (unsigned short) tmp;

@@ -75,11 +75,11 @@
tmp = strtol(txt, &ptr, 10);

if (*ptr != '') {
- return ap_pstrcat(p, """, txt, "" must be a positive integer", NULL);
+ return apr_pstrcat(p, """, txt, "" must be a positive integer", NULL);
}

if (tmp <min> USHRT_MAX) {
- return ap_psprintf(p, ""%u" must be >= %u and <u>= %u and <u cp=''>= %d", *num, min);
+ return apr_psprintf(p, ""%d" must be >= %d", *num, min);
}

return NULL;
@@ -126,9 +126,9 @@
*num = (u_int)strtol(val, &ptr, 10);

if (*ptr != '')
- return ap_pstrcat(p, """, val, "" must be a positive integer", NULL);
+ return apr_pstrcat(p, """, val, "" must be a positive integer", NULL);
else if (*num < min)
- return ap_psprintf(p, ""%u" must be >= %u", *num, min);
+ return apr_psprintf(p, ""%u" must be >= %u", *num, min);
return NULL;
}

@@ -147,9 +147,9 @@
*num = (float) strtod(val, &ptr);

if (*ptr != '')
- return ap_pstrcat(p, """, val, "" is not a floating point number", NULL);
+ return apr_pstrcat(p, """, val, "" is not a floating point number", NULL);
if (*num <min> max)
- return ap_psprintf(p, ""%f" is not between %f and %f", *num, min, max);
+ return apr_psprintf(p, ""%f" is not between %f and %f", *num, min, max);
return NULL;

View 2 Replies View Related

Apache Logs :: Directory Index Forbidden By Options Directive

Dec 19, 2008

i have apache 2 and centos with plesk . when i see my apache error log it shows me :
[Fri Dec 19 05:56:35 2008] [error] [client ::1] Directory index forbidden by Options directive: /var/
www/html/

View 1 Replies View Related

PAM Authentication Failure With FTP And Apache Suexec

Jun 18, 2007

i am trying to setup a VPS with:

Apache Suexec, so that each VHosts runs under there own username
FTP for each of the vhosts.

I have made a username aplushost and FTP works fine when i login, however when i try and get Suexec to work it shows a 403 permision dined, even know the whole directroy path is with correct permsions.

"/home/aplushost/www"

However if i chown the directroy "aplushost" to apaches username , currently "nobody" i have tried with "apache" and many others the page is displayed correctly.

The weird thing is that the www directroy can still be set to the aplushost username and files work inside.

However due to changing the privalages of the folder aplushost ftp now fails to login due to the folder not being owned by the ftp user "aplushost".

So im stuck between only having one item working at a time.

i have put some content of my config files.

----------httpd.conf vhosts------------------
<VirtualHost 87.117.196.247>
DocumentRoot "/home/aplushost/www"
ServerName aplushost.co.uk
SuexecUserGroup aplushost aplushost
<Directory "/home/aplushost/www">
allow from all
Options +Indexes
</Directory>
</VirtualHost>

---------------passwd file----------------
aplushost:x:500:99::/home/aplushost/www:/sbin/nologin

(Have tried with many different shells, no difference, also tried with home directroy as just /home/aplushost)

View 6 Replies View Related

Plesk 11.x / Linux :: SuexecUserGroup - Bad User Name

Mar 20, 2015

I have manually removed a user from the Ubuntu OS. The user isn't present in the Plesk-UI too.On my Vhosts SuexecUserGroup is still set to this non existent user. So the apache can't restart...

Apache message:
bad user name xxx
Action 'configtest' failed.

Are there corresponding UI-fields in Plesk or can I edit any Plesk-Db-Table to fix this?How is SuexecUserGroup set by Plesk?

View 2 Replies View Related

Apache ServerLimit Warning

May 1, 2009

I have been seeing this error in my apache error log for a while

Quote:

WARNING: MaxClients of 1024 exceeds ServerLimit value of 10 servers,
lowering MaxClients to 10. To increase, please see the ServerLimit
directive.

why apache give out this warning, when its configured as "ServerLimit 1024" in httpd.conf

Quote:

<IfModule prefork.c>
StartServers 10
MinSpareServers 5
MaxSpareServers 75
ServerLimit 1024
MaxClients 1024
MaxRequestsPerChild 1000
</IfModule>

View 14 Replies View Related

Add-On Domain Park Wrapper

Dec 10, 2008

I moved my whole account from one server to another but now the add-on domains inside the main domain are not working. When I try to re-add the domains in the new host's cpanel, it says:

Quote:

Error from park wrapper: domain.org is already configured.

What file is it on the server that holds this information? I really need to remove this domain name from there so I can re-add it.

View 5 Replies View Related

Joomla Wrapper And Redirection

Apr 16, 2007

I am using joomla and a script called Olate Download for my site. So I have made olate to display in a joomla wrapper.

what i want to know is how to redirect the olate pages to the joomla wrapper. the pages when indexed in google etc are linked directly to the olate without the wrapper. so what i would like to do is redirect all the incoming olate links to the joomla wrapper ( i understand it will be same page) but also want the search engines to index the olate pages without any problems.

i think this can be done using htaccess. so someone please tell me how to create such a rule. it should redirect all the users which is not reffered from my site to the joomla wrapper except search engine spiders.

View 0 Replies View Related

Error From Park Wrapper: Domain.name Is Already Configured

Feb 28, 2008

OS: Linux Red Hat 5

Control Panel: CPanel

Our customer lately complained to us about parked domain.
He parked a domain domain.name but the problem is that i can't find that an entry for that domain. I mean its not in "Parked Domains" where i ussually find normally created domains.

When i attempt to recreate a parked domain, it says that

Quote:

Error from park wrapper: domain.name is already configured.

And whenever i make a query
[url]it says that

Quote:

Unable to find out which user owns the parked domain domain.name.

However the domain seem to work correctly. Whenever i visit it in browser i see a preconfigured message "Server Online"

View 4 Replies View Related

Apache :: XAMPP Fails To Start RSA Certificate Warning

Jan 29, 2014

I use Windows 7, running Apache VC10 in the XAMPP environment. It worked well, I am a newbie, it runned smoothly to programe a brief static page. Now I have everytime this logerror... I didn't change anything in the files and scripts of my apache folder...

[Wed Jan 22 21:12:15.178559 2014] [ssl:warn] [pid 3392:tid 264] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Wed Jan 22 21:12:15.272159 2014] [core:warn] [pid 3392:tid 264] AH00098: pid file C:/xampp/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?

[Code].....

View 2 Replies View Related

SSL Requires Dedicated IP

May 12, 2009

What is the technical obligation to have a dedicated IP address for SSL?

Can a different SSL certificate not just be setup for each vhost individually? The certs are based on hostname, right?

what's stopping me from using one IP per server as opposed to one IP per website for active services/projects.

View 6 Replies View Related

Outlook Autodiscover Requires A DNS Change

Aug 8, 2008

We host for a company that has its email on another server. Everything works fine with the DNS changes already made.

However, Outlook has an autodiscover feature that requires an additional DNS entry and I am at a loss as to what record type to use.

They had it set up on their old host as:

autodiscover.lif?.com to point to "autodiscoverredirect003.in?.net"

Does anyone know which record type to use for this?

View 0 Replies View Related

Accessing PhpMyAdmin Through DirectAdmin Requires Login

May 31, 2009

I'm used to CPanel in which I can access phpMyAdmin without getting prompted for an additional login. With DirectAdmin, when I access phpMyAdmin I get a popup asking me for username/password. Is this standard behavior, or something with my DirectAdmin config? I prefer not having to type in an additional login to access phpMyAdmin.

View 4 Replies View Related

Plesk 11.x / Windows :: App Requires Rewrite Web Server Module

May 20, 2014

I have a freshly installed 'Microsoft Windows Server 2008 R2 Service Pack 1' VPS with Plesk 11.5.30.When installing certain applications (for example, Dolphin, Elgg), it halts with the following error message: Requirements: Apache module - The app requires the 'rewrite' web server module

When I check in Windows IIS Manager under Modules, I see RewriteModule is installed as a native module.When checking the KB about this issue: URL..it says to enable the rewrite module by ticking it in the 'Configure native modules' box.However, that module is not even listed there, even though it clearly is listed in the main module overview as a native module.

Also, in Plesk > Tools & Settings > Server Management > Panel Components, URL rewrite is also listed: URL Rewrite [Active] IIS URL Rewrite Module 2 7.2.2

View 1 Replies View Related

LXADMIN :: SummarySELinux Is Preventing From Loading ..requires Text Relocation.

Jun 20, 2008

I am currently installing lxadmin in my webserver, but during the intallation i received a alert message from my "settroubleshootebrowser" saying:

SummarySELinux is preventing /usr/local/lxlabs/ext/php/php from loading /usr/local/lxlabs/ext/php/lib/mysql.so which requires text relocation.

Allowing AccessIf you trust:

/usr/local/lxlabs/ext/php/lib/mysql.so to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so"The following command will allow this access:chcon -t textrel_shlib_t /usr/local/lxlabs/ext/php/lib/mysql.so

This message was for thwe SQL and Zend optimizer.

My Question is, where do i find the "chcon -t textrel_shlib_t" file allow access?

View 3 Replies View Related

Proper Forging Of Mail Requires Recognizable SMTP Commands

Oct 11, 2007

I am having this problem my mail server does not work i am having this message: 500 Bloody Amateur! Proper forging of mail requires recognizable SMTP commands!

View 2 Replies View Related

VirtualHost Directive

Jan 14, 2007

I am getting this error in apache,

[warn] VirtualHost xx.xx.xx.xxx:xx overlaps with VirtualHost xx.xx.xx.xxx:xx, the first has precedence, perhaps you need a NameVirtualHost directive

View 1 Replies View Related

Plesk 12.x / Linux :: Renaming Of Domain Requires Server Restart To Keep Fail2ban Working?

Feb 17, 2015

If you rename a domain, fail2ban will stop working, since it still tries to open the old path the the web access log.

One workaround is to restart the server after renaming the domain, then fail2ban paths are updated.

I'm using plesk 12.0.18.

View 8 Replies View Related

For The RLimitCPU Directive In Httpd.conf

Jun 6, 2009

For the RLimitCPU directive in httpd.conf

when i set a limit say RLimitCPU 20 30

for a dual core or quad core, does that mean 20% of each cpu, so for a dual core its will be 40% total (20% x 2 cpu) or is it 20% total of all cpu?

View 1 Replies View Related

Error Or Timeout Occurred While Processing This Directive

Jul 20, 2009

I am having the error in all the cpanel of the server when i contactected the cpanel they asked to change the permission of the all the domains using the bash command can one can help in running the commands so that all the permission changes properly ....

View 10 Replies View Related

ServerLimit Directive Does Not Work On Debian Etch

Oct 28, 2007

We switched to Debian Etch on our server. But we are facing a real big problem. We can not increase the MaxClients directive on Apache. It gives this error:

WARNING: MaxClients of 500 exceeds ServerLimit value of 256 servers,
lowering MaxClients to 256. To increase, please see the ServerLimit
directive.

ServerLimit is already listed on our httpd.conf. But it does not make any difference.

<IfModule prefork.c>
StartServers 20
MinSpareServers 10
MaxSpareServers 15
StartServers 5
MaxClients 500
MaxRequestsPerChild 3000
ServerLimit 600
</IfModule>

How can we increase the ServerLimit?

View 2 Replies View Related

[a Fatal Error Or Timeout Occurred While Processing This Directive]

Jan 9, 2006

HI

I'm using CPANEL/WHM in my server

I tried to change the the backup bath to /backup

but it show's this error

[a fatal error or timeout occurred while processing this directive]

any idea ??

View 9 Replies View Related

A Fatal Error Or Timeout Occurred While Processing This Directive

Jul 11, 2007

Getting this error constantly when accessing user's cpanel.

This shows up in the dedicated IP address column/row only

a fatal error or timeout occurred while processing this directive

I did /scripts/upcp --force numerous times, did not fix the error.

My resolv.conf is fine too

View 6 Replies View Related

Cpanel Issue [an Error Occurred While Processing This Directive]

Nov 7, 2007

I got a dedicated box recently and have made quite a few changes some of which I learnt about while making them. While this may sound like a silly thing to do I think it's a great learning curve.

I've come across an issue that I cannot find a fix for it is

Quote:

Unable to understand response from admin bin: apache sent: GETDOMAINIP xxxxx received:[]: Illegal seek at /usr/local/cpanel/Cpanel/AdminBin.pm line 140.
Cpanel::AdminBin::adminfetch('apache', '/usr/local/apache/conf/httpd.conf', 'GETDOMAINIP', 'scalar', 'xxx.com') called at /usr/local/cpanel/Cpanel/UserDomainIp.pm line 23
Cpanel::UserDomainIp::getdomainip('xxx.com') called at /usr/local/cpanel/Cpanel/ExpVar.pm line 184
Cpanel::ExpVar::expvar('$hasdedicatedip') called at cpanel.pl line 1748
main::execiftag('<cpanelif $hasdedicatedip>') called at cpanel.pl line 4419
main::dotag(undef) called at cpanel.pl line 4308
main::cpanel_parseblock('SCALAR(0x90e7eb8)') called at cpanel.pl line 4262
main::cpanel_parse('GLOB(0x9336048)') called at cpanel.pl line 1104

note I have changed the domain values to xxx.

View 0 Replies View Related

Ln And PHP SuEXEC Bug

Apr 23, 2009

Do you have any idea for patch PHP suEXEC with "ln" command?

View 9 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved