On 03/10/10 19:36, Juan J. MartÃnez wrote:
El dom, 03-10-2010 a las 18:28 +1100, David Taylor escribió:
Hi,
I have configured a MoinMoin wiki vServer in Cherokee 1.08. I am
getting 503 Service Unavailable whenever I request a page.
It looks like Cherokee is failing to execute spawn-fcgi.
Once Cherokee drops privileges and switches user (I don't know your
case, www-data may be?), it can't spawn the CGI process with a different
user (it needs to run as root to do that).
Hola Juan,
Cherokee is running as www-data:www-data.
Cherokee is not trying to exec spawn-fcgi as a different user -- there
is no -u or -g specified in the command line. It's using exec to run it
in a separate process with inherited privileges:
PID 1765: launched '/bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1
-p 53993 -- /usr/share/moin/server/moin.fcg' with uid=33, gid=33,
env=inherited
PID 1765: exited re=1
On my system, uid 33 and gid 33 are www-data:www-data:
r...@hal:/var/log/cherokee# grep 33 /etc/passwd
www-data:x:33:33:www-data:/var/www:/bin/sh
r...@hal:/var/log/cherokee# grep 33 /etc/group
www-data:x:33:david
r...@hal:/var/log/cherokee#
In my earlier e-mail I gave an example that was executed by user
www-data, without -u or -g, to inherit the privileges of
www-data:www-data. This was to mimic the behaviour of Cherokee and
verify that it should work.
www-d...@hal:~$ /usr/bin/spawn-fcgi -n -a 127.0.0.1 -p 53993 --
/usr/share/moin/server/moin.fcg
2010-10-03 18:11:43,957 WARNING MoinMoin.log:120 using logging
configuration read from built-in fallback in MoinMoin.log module!
2010-10-03 18:12:12,414 INFO MoinMoin.config.multiconfig:90 using farm
config: /etc/moin/farmconfig.py
2010-10-03 18:12:12,420 INFO MoinMoin.config.multiconfig:124 using wiki
config: /etc/moin/cloudartisan.py
It does work from the command line. But when Cherokee does it, it fails.
Perplexed! :-)
Any idea why the same command with the same privileges works at the
command line but fails from Cherokee?
Cheers,
David.
ps. I just noticed this mailing list doesn't set reply-to, so this is a
re-send. Sorry for the duplicate e-mail, Juan.
Any hints/suggestions on what I should do?
Can you tell us the users you're trying to use for Cherokee and you CGI?
I guess one solution it's to run the CGI with the same user than
Cherokee (as long as Cherokee isn't running as root, in that case you
could run the CGI with any user you want).
Another solution would be set the suid flag in the CGI span-fcgi, and
chown the file to the user/group you want to use to run it. In that way
Cherokee should be able to ejecute the file with the right user without
being root.
Cheers,
Juanjo
_______________________________________________
Cherokee mailing list
[email protected]
http://lists.octality.com/listinfo/cherokee
