Problems with fcgid 2.3.5 + Apache 2.2.15 + suEXEC

Michael Rack Mon, 03 May 2010 10:16:27 -0700

Dear Apache-Developer-List,

i have some stupid issues with my current configuration:


* fcgid 2.3.5
* Apache 2.2.15
* suEXEC

i started by point zero on an fresh unix-system (Gentoo Stage 3) and
compiled all sources by hand to get the newest codes for my new
server.

So, everything works find except suEXEC. If i enable suEXEC in my
Virtual-Host i get a 500 Internal Server Error Page. If
SuexecUserGroup is commented out, everything works fine, but i need
the ability to change the user_id and group_id.

My configuration is attachted below.

These szenarios had been tested:

* created a htdocs/fcgid-bin/ folder and put an .cgi script in it.
VirtualHost set handler to fcgid-script for this folder.
* created a htdocs/cgi-bin/ folder and put the same .cgi script in it.
VirtualHost set handler to cgi-script for this folder.

The test.cgi-Script in htdocs/cgi-bin/ works with SuExecUserGroup and
without SuExecUserGroup directive.

The test.cgi-Script in htdocs/fcgid-bin/ only works without having
SuExecUserGroup enabled.

I had various setups running, before mod_fcgid walks into a Apache
Developement, with this versions mod_fcgid + suEXEC work fine. But
now, i dont know where is the right way...

Thanks in advance,
Michael Rack.

www htdocs # httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   May  2 2010 06:21:03
Server's Module Magic Number: 20051115:24
Server loaded:  APR 1.4.2, APR-Util 1.3.9
Compiled using: APR 1.4.2, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/usr/apache"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="logs/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/httpd/conf/mime.types"
 -D SERVER_CONFIG_FILE="/etc/httpd/conf/httpd.conf"

www vhosts # ls -laR
.:
total 12
drwxr-xr-x 3 apache www    4096 Apr 27 21:35 .
drwxr-xr-x 4 root   root   4096 Apr 27 21:34 ..
drwxr-x--- 7 apache system 4096 May  1 10:54 admin.rsm-freilassing.de

./admin.rsm-freilassing.de:
total 28
drwxr-x--- 7 apache system 4096 May  1 10:54 .
drwxr-xr-x 3 apache www    4096 Apr 27 21:35 ..
dr-xr-x--- 2 system system 4096 Apr 27 21:35 config
drwxr-x--- 4 system system 4096 May  3 09:57 htdocs
drwxr-x--- 2 system system 4096 May  3 09:21 logs
drwxr-x--- 2 system system 4096 Apr 27 21:36 tmp

./admin.rsm-freilassing.de/config:
total 8
dr-xr-x--- 2 system system 4096 Apr 27 21:35 .
drwxr-x--- 7 apache system 4096 May  1 10:54 ..

./admin.rsm-freilassing.de/htdocs:
total 20
drwxr-x--- 4 system system 4096 May  3 09:57 .
drwxr-x--- 7 apache system 4096 May  1 10:54 ..
drwxr-x--- 2 system system 4096 May  3 09:49 cgi-bin
drwxr-x--- 2 system system 4096 May  3 09:49 fcgid-bin
-rw-r----- 1 system system   20 Apr 27 22:00 phpinfo.php

./admin.rsm-freilassing.de/htdocs/cgi-bin:
total 12
drwxr-x--- 2 system system 4096 May  3 09:49 .
drwxr-x--- 4 system system 4096 May  3 09:57 ..
-rwxr----- 1 system system   55 May  3 09:09 test.cgi

./admin.rsm-freilassing.de/htdocs/fcgid-bin:
total 12
drwxr-x--- 2 system system 4096 May  3 09:49 .
drwxr-x--- 4 system system 4096 May  3 09:57 ..
-rwxr----- 1 system system   55 May  3 09:09 test.cgi

./admin.rsm-freilassing.de/logs:
total 16
drwxr-x--- 2 system system 4096 May  3 09:21 .
drwxr-x--- 7 apache system 4096 May  1 10:54 ..
-rw-r--r-- 1 root   root    537 May  3 10:01 access.log
-rw-r--r-- 1 root   root    235 May  3 10:01 error.log

./admin.rsm-freilassing.de/tmp:
total 8
drwxr-x--- 2 system system 4096 Apr 27 21:36 .
drwxr-x--- 7 apache system 4096 May  1 10:54 ..

NameVirtualHost 10.200.0.210:80
<VirtualHost 10.200.0.210:80>
  ServerName  admin.rsm-freilassing.de
  ServerAdmin [email protected]

  DocumentRoot /opt/vhosts/admin.rsm-freilassing.de/htdocs
  CustomLog /opt/vhosts/admin.rsm-freilassing.de/logs/access.log combined
  ErrorLog /opt/vhosts/admin.rsm-freilassing.de/logs/error.log

  SuexecUserGroup system system

  FcgidWrapper /opt/vhosts/admin.rsm-freilassing.de/fcgi/php-fcgi-starter .php
  AddHandler fcgid-script .php

  <Location /fcgid-bin>
    SetHandler fcgid-script
    Options +ExecCGI
  </Location>

  <Location /cgi-bin>
    SetHandler cgi-script
    Options +ExecCGI
  </Location>

  <Directory /opt/vhosts/admin.rsm-freilassing.de/htdocs>
    Options FollowSymLinks +ExecCGI
  </Directory>

</VirtualHost>

www htdocs # cat /usr/apache/logs/error_log
[Mon May 03 10:20:39 2010] [warn] Init: Session Cache is not configured [hint: 
SSLSessionCache]
[Mon May 03 10:20:39 2010] [notice] suEXEC mechanism enabled (wrapper: 
/usr/sbin/suexec)
[Mon May 03 10:20:39 2010] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 
OpenSSL/0.9.8n DAV/2 mod_fcgid/2.3.5 configured -- resuming normal operations

www htdocs # cat /usr/apache/logs/suexec_log
[2010-05-03 10:22:32]: uid: (2000/system) gid: (2000/system) cmd: test.cgi

www htdocs # cat /opt/vhosts/admin.rsm-freilassing.de/logs/error.log
[Mon May 03 10:22:35 2010] [warn] [client 10.200.0.10] (104)Connection reset by 
peer: mod_fcgid: error reading data from FastCGI server
[Mon May 03 10:22:35 2010] [error] [client 10.200.0.10] Premature end of script 
headers: test.cgi

www htdocs # cat /opt/vhosts/admin.rsm-freilassing.de/logs/access.log
10.200.0.10 - - [03/May/2010:10:22:32 +0200] "GET /cgi-bin/test.cgi HTTP/1.1" 
200 30 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 
(KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
10.200.0.10 - - [03/May/2010:10:22:32 +0200] "GET /favicon.ico HTTP/1.1" 404 
209 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 
(KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
10.200.0.10 - - [03/May/2010:10:22:35 +0200] "GET /fcgid-bin/test.cgi HTTP/1.1" 
500 546 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 
(KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"
10.200.0.10 - - [03/May/2010:10:22:35 +0200] "GET /favicon.ico HTTP/1.1" 404 
209 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 
(KHTML, like Gecko) Chrome/4.1.249.1064 Safari/532.5"

www htdocs # ls -la /tmp/fcgidsock/
total 8
drwx------ 2 apache root 4096 May  3 10:22 .
drwxrwxrwt 5 root   root 4096 May  3 10:20 ..
srwx------ 1 apache www     0 May  3 08:50 3814.0
srwx------ 1 apache www     0 May  3 08:53 3855.0

www htdocs # ls -la /usr/sbin/suexec
-rwsr-x--- 1 root www 30107 May  2 06:23 /usr/sbin/suexec

Problems with fcgid 2.3.5 + Apache 2.2.15 + suEXEC

Reply via email to