subject:"Apache and suexec issue that wont let me run my python script"

Τη Τετάρτη, 5 Ιουνίου 2013 8:23:12 π.μ. UTC+3, ο χρήστης alex23 έγραψε:
 On Jun 5, 3:11 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 
  I'm not trolling, you are the one that do not understand.
 
 
 
  Here i swicthed the code from:
 
  path = /home/nikos/www/data/apps/
 
 
 
  to this since '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin' 
  as i said:
 
 
 
  # Compute a set of current fullpaths
 
  path = /home/nikos/public_html/data/apps/
 
 
 
  Same error.
 
 
 
 /home/nikos/public_html/data/apps/  /home/nikos/public_html/cgi-
 
 bin/
 
 
 
 Are you even reading the error messages?

What do you mean? Yes i have read the error messsage and i can't understand wht 
file it can't find.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 2:59 PM, alex23 wuwe...@gmail.com wrote:
 On Jun 5, 2:40 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Of course '/home/nikos/public_html/cgi-bin' = '/home/nikos/www/cgi-bin'
 What this has to do with what i asked?

 You display an error of No such file or directory and you wonder why
 I'm trying to confirm the two locations are the same.

 Can you finally admit you're trolling now?

In Nikos's defense (wow that feels wrong), linking public_html and www
is quite common, and his prompts have clearly shown that his username
is nikos. So the commonality is at least unsurprising. He ought to
have mentioned it, of course, but it's at least something well known.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
Good Day Chris, thanks for accepting.

Please mail me and i will send you the root login credentials.

Well, I wasn't sure whether this would actually happen or not, but it did.

I made it fairly clear to him in multiple posts that I was NOT going
to sort out all his problems, yet he clearly did not read that, and
has seen fit to compromise his security to the extreme extent of
giving his *ROOT PASSWORD* to a total stranger over the internet.

With that power, I could have done anything. I could have wiped out
all his clients' data. I could have searched through his database
content for credit cards, customer information, the works. But I
didn't; I merely placed a small file in the public_html directory of
each of the twelve web sites he has hosted:

http://superhost.gr/Hello_from_Rosuav
http://leonidasgkelos.com/Hello_from_Rosuav
http://parking-byzantio.gr/Hello_from_Rosuav
... and nine others

I have also contacted all the site owners who had a .contactemail file
in their home directories, informing them of the situation.

Oh, and I changed the root password, since the current one was sent in
clear text across the internet. Nikos, the new password has been
stored in /home/nikos/new_password - you should be able to access that
using your non-root login. I recommend you change it immediately.

Peanut gallery, did I make it sufficiently clear beforehand that
giving out your root password is a bad idea?

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 11:09:50 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 1:55 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

Good Day Chris, thanks for accepting.

Please mail me and i will send you the root login credentials.

Well, I wasn't sure whether this would actually happen or not, but it did.

I made it fairly clear to him in multiple posts that I was NOT going

to sort out all his problems, yet he clearly did not read that, and

has seen fit to compromise his security to the extreme extent of

giving his *ROOT PASSWORD* to a total stranger over the internet.

With that power, I could have done anything. I could have wiped out

all his clients' data. I could have searched through his database

content for credit cards, customer information, the works. But I

didn't; I merely placed a small file in the public_html directory of

each of the twelve web sites he has hosted:

http://superhost.gr/Hello_from_Rosuav

http://leonidasgkelos.com/Hello_from_Rosuav

http://parking-byzantio.gr/Hello_from_Rosuav

... and nine others

I have also contacted all the site owners who had a .contactemail file

in their home directories, informing them of the situation.

Oh, and I changed the root password, since the current one was sent in

clear text across the internet. Nikos, the new password has been

stored in /home/nikos/new_password - you should be able to access that

using your non-root login. I recommend you change it immediately.

Peanut gallery, did I make it sufficiently clear beforehand that

giving out your root password is a bad idea?

ChrisA

I gave you out of my good and trustworthy heart my root password so for you to
look upon my systrem configuration and all you did was trying to fuck me by
sending mails to my clients?

How am i suppose to change the roor password from a normal user
account?(nikos)?

Other 3 times i hve gavein people my root password and they all trid to help me
out, only you screwed me like this.

If i lose some of my clients, will you been paying for the money loss?
Do you think this server i rent comes for free with cPanel, Softaculous and
other licenses?

Fuck you.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 6:26 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

I gave you out of my good and trustworthy heart my root password so for you
to look upon my systrem configuration and all you did was trying to fuck me
by sending mails to my clients?

That would be trusting, not trustworthy, and I did make it pretty
clear what I was proposing.

How am i suppose to change the roor password from a normal user
account?(nikos)?

You don't. You log in as the normal user and look in your normal
user's home directory. In there, you will find a file giving you the
root password. It's safer that way; everything's done over SSH.

Other 3 times i hve gavein people my root password and they all trid to help
me out, only you screwed me like this.

If i lose some of my clients, will you been paying for the money loss?

No, I will not. I never made you any promise. If you lose some of your
clients, it is because you have made some very poor decisions,
including to tinker live with this server instead of having a staging
area. All I've done is give your clients a chance to know what you're
doing with their data, which I think is fair enough.

Do you think this server i rent comes for free with cPanel, Softaculous and
other licenses?

Of course not. (In my opinion, cpanel is ridiculously overpriced.)
Most of these sorts of things are either overkill, or utterly trivial;
if you need it, the price is immaterial, but most people simply don't.

Before you get too angry at me, ask yourself this question: Would you
stand for someone giving out access to your system to a third party?
Because that's exactly what you did to your clients. You gave me, a
perfect stranger, full access to *THEIR* data. Do you understand how
serious that is? In addition, you posted me the password in clear text
via email. That's why I changed it - it's entirely possible someone
saw the password in transmission.

This matter is far more serious than you seem to be giving it
consideration for. You complain that I violated your trust; you
violated the trust of people who are paying you money.

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 11:41:55 π.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 6:26 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

I gave you out of my good and trustworthy heart my root password so for you
to look upon my systrem configuration and all you did was trying to fuck me
by sending mails to my clients?

That would be trusting, not trustworthy, and I did make it pretty

clear what I was proposing.

How am i suppose to change the roor password from a normal user
account?(nikos)?

You don't. You log in as the normal user and look in your normal

user's home directory. In there, you will find a file giving you the

root password. It's safer that way; everything's done over SSH.

Other 3 times i hve gavein people my root password and they all trid to
help me out, only you screwed me like this.

If i lose some of my clients, will you been paying for the money loss?

No, I will not. I never made you any promise. If you lose some of your

clients, it is because you have made some very poor decisions,

including to tinker live with this server instead of having a staging

area. All I've done is give your clients a chance to know what you're

doing with their data, which I think is fair enough.

Do you think this server i rent comes for free with cPanel, Softaculous and
other licenses?

Of course not. (In my opinion, cpanel is ridiculously overpriced.)

Most of these sorts of things are either overkill, or utterly trivial;

if you need it, the price is immaterial, but most people simply don't.

Before you get too angry at me, ask yourself this question: Would you

stand for someone giving out access to your system to a third party?

Because that's exactly what you did to your clients. You gave me, a

perfect stranger, full access to *THEIR* data. Do you understand how

serious that is? In addition, you posted me the password in clear text

via email. That's why I changed it - it's entirely possible someone

saw the password in transmission.

This matter is far more serious than you seem to be giving it

consideration for. You complain that I violated your trust; you

violated the trust of people who are paying you money.

ChrisA

So, iam to blame this for trusting you?

YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF
CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY FOLDERS
AND MAIL THEM TOO.

IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT
FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT.

BUT NO, YOU WANTED TO MAKE AN IMPRESSION BY SCREWING ME.
I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT
TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME
OTHER FORUMS TOO.

YOU NEVER BOTHERED TAKING A LOOK AT THE ENCODING ISSUE.
I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN
SCREWED ME.
FUCK YOU AND NO I DONT MIND THE LANGUAGE.

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Jun 5, 6:53 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 So, iam to blame this for trusting you?

I'm sure you were smart enough to get Chris to sign a contract before
giving him the keys to your kingdom, no?

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 6:53 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 So, iam to blame this for trusting you?

Your clients trust you to not compromise their security. You
compromised their security by giving the root password to a stranger.

 YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF 
 CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY 
 FOLDERS AND MAIL THEM TOO.

 IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT 
 FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU OUT.

When did I ever give the impression that I wanted to help? When did I
ever actually ask you for that power? No, you kept trying to thrust it
on us as part of your demands for assistance.

 I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
 TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS 
 SOME OTHER FORUMS TOO.

So... your root account has fairly public access. Did you notify your
clients that half a dozen random people have full access to their
server? Can you prove to them that their private data is, indeed,
private?

 I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN 
 SCREWED ME.

What promise? I never promised to help. Go read my posts... I would
have said reread except that you never read them in the first place.

Just be aware, I didn't actually hurt you in any way. I changed your
root password to protect it, but you still have access. The only harm
that could come from this is that your clients are now aware of the
risks they are taking by remaining with you. I'm stripping away the
veil and exposing the truth. Nothing more.

And now, we're very much off-topic for python-list, but I think it's a
good thing for other potential server-maintainers to be aware of.
Trust is a very precious thing.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Jun 5, 6:41 pm, Chris Angelico ros...@gmail.com wrote:
 This matter is far more serious than you seem to be giving it
 consideration for. You complain that I violated your trust; you
 violated the trust of people who are paying you money.

I think the term I'm looking for here is: EPIC WIN :D

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 10:53, schrieb Νικόλαος Κούρας:

I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT 
TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS SOME 
OTHER FORUMS TOO.


You know what you're saying there? You've given (at least) four people 
you don't know at all (you know, on the internet nobody knows you're a 
dog and stuff) - and as such shouldn't trust them at all, either - free 
and full admission to a system that critical for you. That's like 
handing out keys to the front door of your home to any passer-by on the 
street who you feel like talking to - and then later wondering why your 
belongings are suddenly gone.


Seeing how riled up you get about this, what Chris did is for the 
better. At least it seems that you won't be able to change your root 
password back, either, and as such you won't have root access anymore to 
your system for the time being, which makes your system and the 
internets a safer place for now.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 11:59:28 π.μ. UTC+3, ο χρήστης alex23 έγραψε:
 On Jun 5, 6:41 pm, Chris Angelico ros...@gmail.com wrote:
 
  This matter is far more serious than you seem to be giving it
 
  consideration for. You complain that I violated your trust; you
 
  violated the trust of people who are paying you money.
 
 
 
 I think the term I'm looking for here is: EPIC WIN :D

I didnt violate anything. Chris violated my treust.
There would have been no violation if he just look into en encoding issue and 
not meddled with my customers mail and data.

Alex23, you are the *WORST* character i ever encountered in this list and 
forums in gernal. Idiot and ignorant too not knowing that ~/www is a symlink to 
~/public_html and pretending to help.

Fuck you too and sod off.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:05:36 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 6:53 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

So, iam to blame this for trusting you?

Your clients trust you to not compromise their security. You

compromised their security by giving the root password to a stranger.

YOU COULD HAVE ACTUALLY TRIED TO SEE WHATS WRONG WITH 'FILES.PY' INSTEAD OF
CREATING TEXT FIELS AND COPIED THEM ALL OVER THE CLIENTS HOME DIRECTORY
FOLDERS AND MAIL THEM TOO.

IF YOU DIDNT WANTED TO DO THAT THEN YOU COULD AHVE SAID TO ME, NIKOS I DONT
FEEL LIKE LOGGING TO YOUR SYSTEM BECAUSE I DONT REALLY WANTED TO HELP YOU
OUT.

When did I ever give the impression that I wanted to help? When did I

ever actually ask you for that power? No, you kept trying to thrust it

on us as part of your demands for assistance.

I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT
TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS
SOME OTHER FORUMS TOO.

So... your root account has fairly public access. Did you notify your

clients that half a dozen random people have full access to their

server? Can you prove to them that their private data is, indeed,

private?

I WONT TALK TO YOU AGAIN. YOU MADE A FALSE PROMISE OF HELPING ME AND THEN
SCREWED ME.

What promise? I never promised to help. Go read my posts... I would

have said reread except that you never read them in the first place.

Just be aware, I didn't actually hurt you in any way. I changed your

root password to protect it, but you still have access. The only harm

that could come from this is that your clients are now aware of the

risks they are taking by remaining with you. I'm stripping away the

veil and exposing the truth. Nothing more.

And now, we're very much off-topic for python-list, but I think it's a

good thing for other potential server-maintainers to be aware of.

Trust is a very precious thing.

ChrisA

TODAY I READ YOUR POSTS THAT YOU ACTUALLY OFFERED TO LOG INTO MY SERVER.
THAT WOULD IMPLY THAT YOU WANTED TO HELP OUT AND THATS WHY YOU OFFERED.
I AKSED YOU FOR YOUR MAIL THEN AND YOU SEND ME A PRIVATE MAIL TO SEND YOU THE
DATA.
THEN I AGVE IT TO YOU.

SHOULD I HAVE ASKED YOU EXPLICITLY BY MAIL TO 'ACTUALLY TRY TO HELP ME INSTEAD
OF SCREW MY BUSINESS'? I TRUSTED YOU BECASUE I WAS UNDER THE IMPRESSION YOU
COULD HELP ME WITH THIS ISSUES I;VE BEEN STRUGGLING.

NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE
SYSTEM OUT BY 'RM -RF /'

GO TO HELL.

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:04:15 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
Am 05.06.2013 10:53, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:

I ALSO HAVE GIVEN ROOT ACCESS TO ANOTHER MEMBER OF THIS LIST AND HE IN FACT
TRIED TO HELP ME INSTEAD OF DOING WHAT YOU DID. AND FROM 2 OTHER PEOPLE AS
SOME OTHER FORUMS TOO.

You know what you're saying there? You've given (at least) four people

you don't know at all (you know, on the internet nobody knows you're a

dog and stuff) - and as such shouldn't trust them at all, either - free

and full admission to a system that critical for you. That's like

handing out keys to the front door of your home to any passer-by on the

street who you feel like talking to - and then later wondering why your

belongings are suddenly gone.

Seeing how riled up you get about this, what Chris did is for the

better. At least it seems that you won't be able to change your root

password back, either, and as such you won't have root access anymore to

your system for the time being, which makes your system and the

internets a safer place for now.

I'am a perosn that eaisly trust other people to have ethics, especially python
programmers who knows how difficult its to debug a script and have it working.
Some people can be trusted, and actually try to help.
Some dont.
Chris is na example of the latter. At least he didnt wipe the whoile system out.
And i do have access of my system 30 mins now.
And yes i will again root access to another person, which i beleive he can be
trsuted and give me some friendly help.

Tha is all i have to say and i'm not naive or fool.
As i said some people can actually be trusted.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 7:04 PM, Heiko Wundram modeln...@modelnine.org wrote:
 Seeing how riled up you get about this, what Chris did is for the better. At
 least it seems that you won't be able to change your root password back,
 either, and as such you won't have root access anymore to your system for
 the time being, which makes your system and the internets a safer place for
 now.

Not quite accurate; he can change his root password back as soon as he
logs in as the non-root user and cats one little file. Actually, I
just tested, and the password I set is no longer valid, so I'm
guessing he's already done so... either that, or a third party who was
previously given access has now changed the password to something
else.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 7:14 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE WHOLE 
 SYSTEM OUT BY 'RM -RF /'

Yes. Actually, yes. Do you understand now what you have done by giving
your password to multiple people? This is *completely* different from
asking for help. You are giving someone complete access to do ANYTHING
and without even being logfiled (try it - can you find out what I did?
You'll be able to find a few things, like what IP addresses I logged
in from, but not everything); this is something that you simply do not
EVER do.

And rm -rf / (by the way, it wouldn't work if I shouted at your
computer the way you're shouting at me) is actually not the worst
thing I could do. If one of your clients accepts credit cards from his
customers and stores them, I could compromise your client's customers.
They have a measure of trust in the web server; you are betraying that
trust by letting me in.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 11:19, schrieb Chris Angelico:

Not quite accurate; he can change his root password back as soon as he
logs in as the non-root user and cats one little file.


I understood that - I rather got the impression that he (as a person) 
wasn't technically capable of changing it. Alas, the internets didn't 
remain a better place for long. :-)


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 7:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 I'am a perosn that eaisly trust other people to have ethics, especially 
 python programmers who knows how difficult its to debug a script and have it 
 working.
 Some people can be trusted, and actually try to help.
 Some dont.
 Chris is na example of the latter. At least he didnt wipe the whoile system 
 out.

I've actually tried on MANY occasions to help you. I have put in a
number of hours of volunteer time researching and posting for you,
which I don't regret only because the list is of value to more people
than just the one who asked the question. You are unhelpable.

 And i do have access of my system 30 mins now.
 And yes i will again root access to another person, which i beleive he can be 
 trsuted and give me some friendly help.

 Tha is all i have to say and i'm not naive or fool.
 As i said some people can actually be trusted.

So you'll casually give out your root password again, yet you think
you are not naive? The next person you meet might actually do you some
harm.

You most definitely *are* a fool.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:27:20 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 7:14 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

NEXT THIS YOU'RE GONNA TELL ME IS TO BE HAPPY THAT YOU DIDN'T WIPE THE
WHOLE SYSTEM OUT BY 'RM -RF /'

Yes. Actually, yes. Do you understand now what you have done by giving

your password to multiple people? This is *completely* different from

asking for help. You are giving someone complete access to do ANYTHING

and without even being logfiled (try it - can you find out what I did?

You'll be able to find a few things, like what IP addresses I logged

in from, but not everything); this is something that you simply do not

EVER do.

And rm -rf / (by the way, it wouldn't work if I shouted at your

computer the way you're shouting at me) is actually not the worst

thing I could do. If one of your clients accepts credit cards from his

customers and stores them, I could compromise your client's customers.

They have a measure of trust in the web server; you are betraying that

trust by letting me in.

iI got back root access and i

'rm -y /home/user/public_html/Hello_from_ROSUAV'
so to delete your deface. Thank God you just placed that text file there and
did not deface frontpages.

Then i run 'history' to see what exactly you ahve typed but the history log
only showed me my own commands.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:29:10 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
 Am 05.06.2013 11:19, schrieb Chris Angelico:
 
  Not quite accurate; he can change his root password back as soon as he
 
  logs in as the non-root user and cats one little file.
 
 
 
 I understood that - I rather got the impression that he (as a person) 
 
 wasn't technically capable of changing it. Alas, the internets didn't 
 
 remain a better place for long. :-)

It will remain, if you go away.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:31:37 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 7:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

I'am a perosn that eaisly trust other people to have ethics, especially
python programmers who knows how difficult its to debug a script and have
it working.

Some people can be trusted, and actually try to help.

Some dont.

Chris is na example of the latter. At least he didnt wipe the whoile system
out.

I've actually tried on MANY occasions to help you. I have put in a

number of hours of volunteer time researching and posting for you,

which I don't regret only because the list is of value to more people

than just the one who asked the question. You are unhelpable.

And i do have access of my system 30 mins now.

And yes i will again root access to another person, which i beleive he can
be trsuted and give me some friendly help.

Tha is all i have to say and i'm not naive or fool.

As i said some people can actually be trusted.

So you'll casually give out your root password again, yet you think

you are not naive? The next person you meet might actually do you some

harm.

You most definitely *are* a fool.

TheRE is this saying that applis to you:
A THIEF BELEIVES EVERYBODY STEALS.

You do not trust people because you think all of them are likely to screw you,
when its the other way around.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 7:32 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 iI got back root access and i

 'rm -y /home/user/public_html/Hello_from_ROSUAV'
 so to delete your deface. Thank God you just placed that text file there and 
 did not deface frontpages.

Indeed. That's one of the few truly accurate statements you've made. I
am a God-fearing man, a Christian, a man of ethics, and that is why I
did not deface anything. All I did was create those files and read a
few little pieces like the .contactemail nuggets (btw, thanks - those
are the very people who have the right to know about this).

 Then i run 'history' to see what exactly you ahve typed but the history log 
 only showed me my own commands.

Precisely. My commands are not in your .bash_history file. Someone
could have done anything and you wouldn't even know.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Jun 5, 7:46 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 And here us Alex23 private mail that sent out to me:

Which I spared the list from because it was off-topic, but I don't
think that's a concept you're overly familiar with given your posting
history.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 7:37 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 TheRE is this saying that applis to you:
 A THIEF BELEIVES EVERYBODY STEALS.

 You do not trust people because you think all of them are likely to screw 
 you, when its the other way around.

You really need to do a basic course in internet security. Why do we
have SSL? Is it because everyone's honest and trustworthy? Why do you
access your server using a password in the first place? I mean, if
people are honest, wouldn't it be fine to just use TELNET and simply
enter your name to get access?

Please don't misunderstand me. If I hated you, thought you worthless,
and/or was angry at you, I would not be trying to explain this; you
would have been in my killfile weeks ago and I would not even be aware
of your problems. I think you have the capacity to learn and improve,
but you really need to put some effort into figuring out what you're
doing.

I dread to think what you're charging your clients for the shoddy
service you're offering them. With ten clients, you're probably having
to charge them the equivalent of $US50/year just for cpanel, on top of
all your other costs. No wonder the economy of Greece is in trouble.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

And here us Alex23 private mail that sent out to me:

On Jun 5, 7:06 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 There would have been no violation if he just look into en encoding issue and 
 not meddled with my customers mail and data.

Waaah, why didn't this stranger do my job for me for free? I'm so
confused!

 Alex23, you are the *WORST* character i ever encountered in this list and 
 forums in gernal.

Hooray!

You probably haven't noticed because you don't give a shit about any
other problems here but your own, but I do help people on this list,
when it's clear they actually want to learn and not just palm off
their confusion onto other people. What I don't do is some lazy
dickwad's work for him; I get enough of that from my project managers.
I don't suffer fools gladly, and boy, are you ever a fool.

  Idiot and ignorant too not knowing that ~/www is a symlink to ~/public_html 
 and pretending to help.

Firstly, that's why I _asked_ if they were the same. Secondly, excuse
me if I don't set up my web servers using shitty obsolete mechanisms
like CGI.

And given I'm not the one who's handing out root access to his
commercial server like it's candy, you really shouldn't be throwing
terms like ignorant around.

 Fuck you too and sod off.

You're such a charmer 



What a fucker...
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 11:33, schrieb Νικόλαος Κούρας:

It will remain, if you go away.


Look, pal, I work as a programmer for a (medium size) network service 
provider, and due to that I (should) know my networking security 101. 
It's generally people like you who are:


1) extremely careless about their system
2) intolerably naive and persistently refusing to learn

and who as a consequence hand out root logins for hosts with big (!) 
pipes to people that should - under no circumstances ever, EVER - be 
trusted, who are in turn causing the scourge of the public internets 
that's called a botnet. It doesn't matter whether you're simply so 
stupid (yes, I said it!) as to hand out actual root logins or whether 
you refuse to update your system or whether you use weak passwords: in 
all cases, your system is compromised, and due to the rather big pipe 
that your system has it in turn compromises the integrity of the whole 
network that the system is connected to.


Chris is completely right: you shouldn't thank him for not doing 'rm -rf 
/' on your system (that's utter peanuts, and only hits you), you should 
rather thank him for not copying your complete client data (and in turn 
their client's data, let's talk about identity theft) and/or for not 
installing a bot on your system which would in turn cause me to have 
headaches when the bot's misused to DDoS or for any other form of 
network-based attack on the network that I need to administer.


It's you who's the untrustworthy, completely unreliable and utterly 
irresponsible member of the community of networks that's called the 
Internet. Please go somewhere else.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Jun 5, 7:48 pm, Chris Angelico ros...@gmail.com wrote:
 No wonder the economy of Greece is in trouble.

This isn't addressed just to Chris, as this isn't the first time the
joke has been made, but could we not? There's a term for applying the
failings of an individual to an entire genetic or cultural collective,
and it isn't a pretty one.

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 7:52 PM, alex23 wuwe...@gmail.com wrote:
 On Jun 5, 7:48 pm, Chris Angelico ros...@gmail.com wrote:
 No wonder the economy of Greece is in trouble.

 This isn't addressed just to Chris, as this isn't the first time the
 joke has been made, but could we not? There's a term for applying the
 failings of an individual to an entire genetic or cultural collective,
 and it isn't a pretty one.

Sorry. You're right, that was un-called-for. I retract that comment.

My main point I still stand by, though. These people are paying good
money for a service that probably seems fine, to them. It's probably
seemed fine for several years, even. But underneath, the systems admin
is constantly breaking stuff and then coming in a panic to an open
forum, begging for help, and then giving root access to strangers in
the hope that they'll magically fix everything. This is not the sort
of service I would pay for, and this is why I do not regret the
potential damage to Nikos's revenue. The complaint is equivalent to
begging a bank not to put in security cameras, because bank robbers
might get less income.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:55:49 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
 Am 05.06.2013 11:33, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:

 It's you who's the untrustworthy, completely unreliable and utterly 
 irresponsible member of the community of networks that's called the 
 Internet. 

I dont care what you do for a living, you never helped me a bit in anything, 
you just presented to me your self 1 hour ago to join the party.

 Please go somewhere else.

Please sod off from my thread. Thank you.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 12:21, schrieb Νικόλαος Κούρας:

I dont care what you do for a living, you never helped me a bit in anything, 
you just presented to me your self 1 hour ago to join the party.


Guess why I did so: you're presently touching a subject (network safety) 
that I hold dear, and not only being a troll.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 1:12:55 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 7:52 PM, alex23 wuwe...@gmail.com wrote:

On Jun 5, 7:48 pm, Chris Angelico ros...@gmail.com wrote:

No wonder the economy of Greece is in trouble.

This isn't addressed just to Chris, as this isn't the first time the

joke has been made, but could we not? There's a term for applying the

failings of an individual to an entire genetic or cultural collective,

and it isn't a pretty one.

Sorry. You're right, that was un-called-for. I retract that comment.

My main point I still stand by, though. These people are paying good

money for a service that probably seems fine, to them. It's probably

seemed fine for several years, even. But underneath, the systems admin

is constantly breaking stuff and then coming in a panic to an open

forum, begging for help, and then giving root access to strangers in

the hope that they'll magically fix everything. This is not the sort

of service I would pay for, and this is why I do not regret the

potential damage to Nikos's revenue. The complaint is equivalent to

begging a bank not to put in security cameras, because bank robbers

might get less income.

I dont own e-shops websites that require credit cards to make transactions.
I just host 10 peoples who happen to be my friends websites, most of them
created by Joomla CMS.

50 euros they pay me for the year for my services and some of them the half.
I barely make some money out of this which with your actions today might loose
them too. I hope you are happy.
What ever i try is expicitly under my user account for python issues and not
system wide, so hell brakes loose. And even if it did, my company whos server i
rent, would have been abel to fix that.

What you did is unforgivable, you should have decalred that:

Nik, i actually dont want to help you with your damn enodnig issue, bur rather
mess with your system to prove a point and i dont even regret if you loose some
of your customers.

Having said that, you could have been honest.
At some point i will pay someone here to modify my templates and python scripts
to use web frameworks.
You and Heiko of course would be excluded from the programmer for hire list.

Michael Torrie
Steven D'aprano
Lele Gaifax
Cameron Simpson

are possible candidates.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 12:30, schrieb Νικόλαος Κούρας:

You and Heiko of course would be excluded from the programmer for hire list.


Guess what: I have a job. And I don't give a damn.

--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 12:49:13 μ.μ. UTC+3, ο χρήστης alex23 έγραψε:
 On Jun 5, 7:46 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 
  And here us Alex23 private mail that sent out to me:
 
 
 
 Which I spared the list from because it was off-topic, but I don't
 
 think that's a concept you're overly familiar with given your posting
 
 history.

You spare it from the list because you wanted to bitch in private.
Now sod off.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Antoon Pardon

Op 05-06-13 11:19, Νικόλαος Κούρας schreef:
 I'am a perosn that eaisly trust other people to have ethics, especially 
 python programmers who knows how difficult its to debug a script and have it 
 working.
 Some people can be trusted, and actually try to help.
 Some dont.
 Chris is na example of the latter. At least he didnt wipe the whoile system 
 out.
 And i do have access of my system 30 mins now.
 And yes i will again root access to another person, which i beleive he can be 
 trsuted and give me some friendly help.
You believing so, is not enough.
 Tha is all i have to say and i'm not naive or fool.
 As i said some people can actually be trusted.
Yes you are naive and a fool. The existance of trustworthy people is not
the issue. The issue is how do you protect your server from the
untrustworthy ones.

Chris has shown you that your method for the latter sucks, yet here you
are publicly stating you will just proceed in the same way.

Someone with malice in mind has only to win your trust here or elsewhere
by faking he wants to help you and you seem willing to give them the
root password to your server. On top of that you have made it public
that this will likely work.

That certainly makes you naive and a fool.

-- 
Antoon Pardon
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 1:39:28 μ.μ. UTC+3, ο χρήστης Antoon Pardon έγραψε:
Op 05-06-13 11:19, οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ schreef:

I'am a perosn that eaisly trust other people to have ethics, especially
python programmers who knows how difficult its to debug a script and have
it working.

Some people can be trusted, and actually try to help.

Some dont.

Chris is na example of the latter. At least he didnt wipe the whoile system
out.

And i do have access of my system 30 mins now.

And yes i will again root access to another person, which i beleive he can
be trsuted and give me some friendly help.

You believing so, is not enough.

Tha is all i have to say and i'm not naive or fool.

As i said some people can actually be trusted.

Yes you are naive and a fool. The existance of trustworthy people is not

the issue. The issue is how do you protect your server from the

untrustworthy ones.

Chris has shown you that your method for the latter sucks, yet here you

are publicly stating you will just proceed in the same way.

Someone with malice in mind has only to win your trust here or elsewhere

by faking he wants to help you and you seem willing to give them the

root password to your server. On top of that you have made it public

that this will likely work.

I will understand by his attitude in general if he is likely to help me or not.
With Chris, being an expert and all, i was 60%-40% that he was likely to help
me, but i was rather worrying if he would solve the filename encoding and
suexec issues more that harming the server(whoch he did not)

Btw, since history doesnt show me his history comamnds when he logged in from
.au(why not really?), how can i tell what exactly did he do when he logged on
to the server?
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 13:07, schrieb Νικόλαος Κούρας:

Btw, since history doesnt show me his history comamnds when he logged in from 
.au(why not really?), how can i tell what exactly did he do when he logged on 
to the server?


As root has full access to your system (i.e., can change file contents 
and system state at will), and you gave him root access: you can't. And 
he made sure to remove things such as .bash_history and the syslog 
contents, I guess. At least that's what I'd have done to prove a point.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Jun 5, 9:07 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Btw, since history doesnt show me his history comamnds when he logged in from 
 .au(why not really?)

http://lmgtfy.com/?q=centos+clear+command+line+history

You're welcome.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
 Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:
 
 Btw, since history doesnt show me his history comamnds when he logged in 
 from .au(why not really?), how can i tell what exactly did he do when he
 logged on to the server?

 As root has full access to your system (i.e., can change file contents  
 and system state at will), and you gave him root access: you can't. And  
 he made sure to remove things such as .bash_history and the syslog  
 contents, I guess. At least that's what I'd have done to prove a point.

I see. Thanks.
Is there some logging utility i can use next time iam offering root access to 
someone(if i do it) or perhaps logging a normal's account activity?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script


Am 05.06.2013 13:19, schrieb Νικόλαος Κούρας:

Is there some logging utility i can use next time iam offering root access to 
someone(if i do it) or perhaps logging a normal's account activity?


Short answer: Not for root, no.

Long answer: as I've already said: root can change file contents, or 
more explicitly _any_ system state, and (s)he can do that at will, and 
as such you can't ever be sure that what any form of logging is telling 
you will be the truth in some form or another if you've had a 
malicious root user on your system.


Now: think again why it's such a plain stupid and incredibly bad idea to 
hand out root credentials to people you shouldn't trust, and why people 
(like me) keep telling you that you're naive and a fool to even consider 
handing out root logins.


PS: the same is true for normal logins. You don't know whether some form 
of privilege escalation exists on your system, so even by handing out 
supposedly safe non-root accounts, your installation might get 
compromised due to insecure SUID software or due to privilege escalation 
bugs in the kernel.


--
--- Heiko.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Mark Lawrence


On 05/06/2013 10:06, Νικόλαος Κούρας wrote:


Fuck you too and sod off.



You've got a bloody nerve.  You're charging people when you haven't the 
faintest idea what you're doing, won't pay for technical support, and 
then have the audacity to complain when people do try to help.  As I've 
said before, it's hardly surprising that the Greek economy is in such a 
mess if you're an example of what the workforce has to offer.  I was 
going to say professionally, except that word is clearly not applicable 
here.


--
Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green. Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Mark Lawrence


On 05/06/2013 11:32, Νικόλαος Κούρας wrote:

Τη Τετάρτη, 5 Ιουνίου 2013 12:49:13 μ.μ. UTC+3, ο χρήστης alex23 έγραψε:

On Jun 5, 7:46 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:


And here us Alex23 private mail that sent out to me:




Which I spared the list from because it was off-topic, but I don't

think that's a concept you're overly familiar with given your posting

history.


You spare it from the list because you wanted to bitch in private.
Now sod off.



Never in the field of the internet has so much been owed to so many by 
so few.


--
Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green. Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Mark Lawrence


On 05/06/2013 10:31, Chris Angelico wrote:



You most definitely *are* a fool.

ChrisA



I believe the above is just plain wrong.  A fool and his money are 
easily parted, but this guy won't part with his cash.


--
Steve is going for the pink ball - and for those of you who are 
watching in black and white, the pink is next to the green. Snooker 
commentator 'Whispering' Ted Lowe.


Mark Lawrence

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 4:16:46 μ.μ. UTC+3, ο χρήστης Mark Lawrence έγραψε:
 On 05/06/2013 10:06, οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ wrote:
 
 
 
  Fuck you too and sod off.
 
 
 
 
 
 You've got a bloody nerve.  You're charging people when you haven't the 
 
 faintest idea what you're doing, won't pay for technical support, and 
 
 then have the audacity to complain when people do try to help.  As I've 
 
 said before, it's hardly surprising that the Greek economy is in such a 
 
 mess if you're an example of what the workforce has to offer.  I was 
 
 going to say professionally, except that word is clearly not applicable 
 
 here.

When you invented meat, Greeks were already suffering from cholesterol.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Serhiy Storchaka


05.06.13 11:09, Chris Angelico написав(ла):

Oh, and I changed the root password, since the current one was sent in
clear text across the internet. Nikos, the new password has been
stored in /home/nikos/new_password - you should be able to access that
using your non-root login. I recommend you change it immediately.


What are permission modes of /home/nikos and /home/nikos/new_password?


--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 5:46:57 μ.μ. UTC+3, ο χρήστης Serhiy Storchaka 
έγραψε:
 05.06.13 11:09, Chris Angelico написав(ла):
 
  Oh, and I changed the root password, since the current one was sent in
 
  clear text across the internet. Nikos, the new password has been
 
  stored in /home/nikos/new_password - you should be able to access that
 
  using your non-root login. I recommend you change it immediately.
 
 
 
 What are permission modes of /home/nikos and /home/nikos/new_password?


ni...@superhost.gr [~/www]# pwd
/home/nikos/www
ni...@superhost.gr [~/www]# ls -ld ../
drwx--x--x 24 nikos nikos 4096 Jun  5 11:28 ..//
ni...@superhost.gr [~/www]#
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 9:07 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 I will understand by his attitude in general if he is likely to help me or 
 not.

How much of my attitude did you read before you decided I would trust
you? Posts like this:

http://mail.python.org/pipermail/python-list/2013-June/648428.html
http://mail.python.org/pipermail/python-list/2013-June/648496.html

and especially this:

http://mail.python.org/pipermail/python-list/2013-June/648459.html

state fairly clearly what I'm intending. I was NOT planning to solve
your problem. I was planning all along to do exactly what I did:
search for some proof that I had full access, email it to the persons
concerned, then leave without doing any actual damage.

So if you were *that wrong* about me, what makes you think you can
judge someone else safely?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Wed, Jun 5, 2013 at 9:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram έγραψε:
Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:

Btw, since history doesnt show me his history comamnds when he logged in
from .au(why not really?), how can i tell what exactly did he do when he
logged on to the server?

As root has full access to your system (i.e., can change file contents
and system state at will), and you gave him root access: you can't. And
he made sure to remove things such as .bash_history and the syslog
contents, I guess. At least that's what I'd have done to prove a point.

In fact, I didn't even bother fiddling with syslog. All I did was
.bash_history. Of course, I wasn't worried about you getting my IP
addresses (one of them is public anyway, and the other isn't mine any
longer than I'm using it), and nothing I did there was sufficiently
serious to be worth hiding, but I just did the history so I could
point out how easy this is.

I see. Thanks.
Is there some logging utility i can use next time iam offering root access to
someone(if i do it) or perhaps logging a normal's account activity?

You could log a normal user fairly easily, because root trumps normal
users. To log root access, there are a few options:

1) Don't actually give unrestricted roots, but require the use of
sudo, which logs. Not 100% perfect unless you actually restrict the
commands that can be executed, but it'd at least let you have some
idea that things were tampered with.

2) Provide a special bouncer. This is a little complex to describe, so
bear with me. Imagine you have *two* computers, WebHost and Bouncer.
You want to give root access to WebHost, so you invite someone to ssh
to webroot@bouncer - the shell of that user establishes a secondary
connection to root@webhost and passes everything on, but also logs it.
Since *no* access to Bouncer has been granted, the logs can't be
tampered with. This can be complicated to set up and secure, but it's
certainly possible. However, I think it is beyond your ability, at
least at the moment.

3) Provide a hacked-up root shell that logs to a network location, and
disable all other shell usage. Imperfect but would probably work.

4) Require that all root shell access be done through screen/tmux, and
monitor it.

You can probably think of a few others, too.

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Joel Goldstick

On Wed, Jun 5, 2013 at 12:24 PM, Chris Angelico ros...@gmail.com wrote:

 On Wed, Jun 5, 2013 at 9:07 PM, Νικόλαος Κούρας nikos.gr...@gmail.com
 wrote:
  I will understand by his attitude in general if he is likely to help me
 or not.

 How much of my attitude did you read before you decided I would trust
 you? Posts like this:

 http://mail.python.org/pipermail/python-list/2013-June/648428.html
 http://mail.python.org/pipermail/python-list/2013-June/648496.html

 and especially this:

 http://mail.python.org/pipermail/python-list/2013-June/648459.html

 state fairly clearly what I'm intending. I was NOT planning to solve
 your problem. I was planning all along to do exactly what I did:
 search for some proof that I had full access, email it to the persons
 concerned, then leave without doing any actual damage.

 So if you were *that wrong* about me, what makes you think you can
 judge someone else safely?

 ChrisA
 --
 http://mail.python.org/mailman/listinfo/python-list


To solve the OPs problems once and for all, I believe we need to know his
social security number and his mother's maiden name.  (Yes, i know SSN is
for US but... )

-- 
Joel Goldstick
http://joelgoldstick.com
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 12:46 AM, Serhiy Storchaka storch...@gmail.com wrote:
 05.06.13 11:09, Chris Angelico написав(ла):

 Oh, and I changed the root password, since the current one was sent in
 clear text across the internet. Nikos, the new password has been
 stored in /home/nikos/new_password - you should be able to access that
 using your non-root login. I recommend you change it immediately.


 What are permission modes of /home/nikos and /home/nikos/new_password?

I didn't actually fiddle with that, but you're right, I ought to have
ensured that the password file was mode 600. However, I don't think it
would have made a lot of difference; mainly I was wanting to guard
against randoms on the internet, not actual legit users of his system
(and even they may well not have shell access).

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 7:37:47 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
 On Thu, Jun 6, 2013 at 12:46 AM, Serhiy Storchaka storch...@gmail.com wrote:
 
  05.06.13 11:09, Chris Angelico написав(ла):
 
 
 
  Oh, and I changed the root password, since the current one was sent in
 
  clear text across the internet. Nikos, the new password has been
 
  stored in /home/nikos/new_password - you should be able to access that
 
  using your non-root login. I recommend you change it immediately.
 
 
 
 
 
  What are permission modes of /home/nikos and /home/nikos/new_password?
 
 
 
 I didn't actually fiddle with that, but you're right, I ought to have
 
 ensured that the password file was mode 600. However, I don't think it
 
 would have made a lot of difference; mainly I was wanting to guard
 
 against randoms on the internet, not actual legit users of his system
 
 (and even they may well not have shell access).

I grant shell access to very new account i create but some of my customers dont 
evn know the existance of linux, and the other that do, have no idea of what a 
shell access is. But i grant them the ability just in cae for future usage.

Most of them are doign the work via cPanel tools.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Wed, Jun 5, 2013 at 9:19 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

Τη Τετάρτη, 5 Ιουνίου 2013 2:14:34 μ.μ. UTC+3, ο χρήστης Heiko Wundram
έγραψε:

Am 05.06.2013 13:07, schrieb οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½ οΏ½οΏ½οΏ½οΏ½οΏ½οΏ½:

Btw, since history doesnt show me his history comamnds when he logged in

from .au(why not really?), how can i tell what exactly did he do when he

logged on to the server?

So, by executing .bash_history commands issued are cleared. okey.
What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with syslog
can the latter show me what commands have been executed, files opened, commands
given, services started-stopped etc?

and nothing I did there was sufficiently serious to be worth hiding.

Actually i believ you, because if you had malice in mind you could 'rm -rf /'
or deface frontpages which you didnt do.

But is there a way for me to see what commands have been issued? syslog perhaps
as ia sk above?
Since you didn't hurm the system why the need of wipe clean bash's history?
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 7:35:48 μ.μ. UTC+3, ο χρήστης Joel Goldstick έγραψε:

To solve the OPs problems once and for all, I believe we need to know his 
social security number and his mother's maiden name.  (Yes, i know SSN is for 
US but... )

Even if i gibe you that info, what can you possibly expect to happen?
Gain access to my Gmail account because you stuck in its security question?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 3:05 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 I grant shell access to very new account i create but some of my customers 
 dont evn know the existance of linux, and the other that do, have no idea of 
 what a shell access is. But i grant them the ability just in cae for future 
 usage.

 Most of them are doign the work via cPanel tools.

I would strongly recommend NOT giving shell access, then. The chances
are low that they'll ever need it, and you improve your security
significantly by closing it off.

On Thu, Jun 6, 2013 at 3:07 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Τη Τετάρτη, 5 Ιουνίου 2013 7:35:48 μ.μ. UTC+3, ο χρήστης Joel Goldstick 
 έγραψε:

To solve the OPs problems once and for all, I believe we need to know his 
social security number and his mother's maiden name.  (Yes, i know SSN is 
for US but... )

 Even if i gibe you that info, what can you possibly expect to happen?
 Gain access to my Gmail account because you stuck in its security question?

What about: gain access to your bank account the same way? How would
you feel about random people on the internet having the ability to
transfer money on your behalf?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico
έγραψε:
In fact, I didn't even bother fiddling with syslog. All I did was
.bash_history. Of course, I wasn't worried about you getting my IP
addresses (one of them is public anyway, and the other isn't mine any
longer than I'm using it), and nothing I did there was sufficiently
serious to be worth hiding, but I just did the history so I could
point out how easy this is.

Poke around in /var/log - I didn't tamper with anything there, so you
may well find log entries. But I don't know for sure what I did and
what I didn't do.

and nothing I did there was sufficiently serious to be worth hiding.

Actually i believ you, because if you had malice in mind you could 'rm -rf /'
or deface frontpages which you didnt do.

But is there a way for me to see what commands have been issued? syslog
perhaps as ia sk above?
Since you didn't hurm the system why the need of wipe clean bash's history?

There won't be a full list of all commands, but you may find some
hints. And why wipe it? Just to show how easily it could be done.
Imagine if I'd:

1) Created a new user, with a home directory of /etc
2) Made a setuid root binary that gives me a shell
3) Removed all logfile traces of having done so

I could then *retain full access* even after you change the root
password. And you would not know what I'd done, if I do the logfile
wipes correctly. You might see some hint (eg that logs were rotated
prematurely), but it'd be extremely hard to figure out what I did.

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 8:16:46 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Thu, Jun 6, 2013 at 3:02 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

Τη Τετάρτη, 5 Ιουνίου 2013 7:33:50 μ.μ. UTC+3, ο χρήστης Chris Angelico
έγραψε:

In fact, I didn't even bother fiddling with syslog. All I did was

.bash_history. Of course, I wasn't worried about you getting my IP

addresses (one of them is public anyway, and the other isn't mine any

longer than I'm using it), and nothing I did there was sufficiently

serious to be worth hiding, but I just did the history so I could

point out how easy this is.

So, by executing .bash_history commands issued are cleared. okey.

What abiut 'syslog' that Heiko mentioned. Since you didnt fiddle with
syslog can the latter show me what commands have been executed, files
opened, commands given, services started-stopped etc?

Poke around in /var/log - I didn't tamper with anything there, so you

may well find log entries. But I don't know for sure what I did and

what I didn't do.

and nothing I did there was sufficiently serious to be worth hiding.

Actually i believ you, because if you had malice in mind you could 'rm -rf
/' or deface frontpages which you didnt do.

But is there a way for me to see what commands have been issued? syslog
perhaps as ia sk above?

Since you didn't hurm the system why the need of wipe clean bash's history?

There won't be a full list of all commands, but you may find some

hints. And why wipe it? Just to show how easily it could be done.

Imagine if I'd:

1) Created a new user, with a home directory of /etc

2) Made a setuid root binary that gives me a shell

3) Removed all logfile traces of having done so

I could then *retain full access* even after you change the root

password. And you would not know what I'd done, if I do the logfile

wipes correctly. You might see some hint (eg that logs were rotated

prematurely), but it'd be extremely hard to figure out what I did.

Forensics is not my strong point, currently i'm learning linux hence i only
have basic knowledge just to get some basic stuff up and running.

Now about what you did to me. I wanted to tell you that I (and I am sure there
are other people too) don't agree with what you did. I think it was pretty
rotten -- you told me it was a bad idea to give out the root password and that
was as far as you should have gone, you had no right to prove it by screwing
with my system.

In the US there is a law called the DMCA which I think would make what
you did illegal, even though i have you a password, because i
clearly gave you access to help me fix a problem, not to do what you
did. Of course US law doesn't help in this case since you i live in Greece and
you live in Australia...

I decided a long time ago the certain people on the Python list were
assholes, you leading the list followed by alex23, Mark Lawrence
and several more. Your post about how you are a good Christian just
confirms to me that you aren't -- people who brag about how moral they
are are usually immoral. And besides the major assholes, there are
lots of people there that will just agree with prevailing opinion
without thinking for themselves.

I still maintain my belief that most people are good and want to help
rather than be destructive(which to your defense you weren't entirely. The
mails you sent to my few customers though really pissed me off).

And of course, i have no idea, if you ahve installed some kind of a backdoor
utility that will grant you shell access via ssh to my system.
I want to convince myself that you haven't done so.

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
Now about what you did to me. I wanted to tell you that I (and I am sure
there are other people too) don't agree with what you did. I think it was
pretty rotten -- you told me it was a bad idea to give out the root password
and that was as far as you should have gone, you had no right to prove it
by screwing with my system.

IANAL, but I don't think the DMCA has anything to do with this. (That
is to say, I don't think it would even if everything were under US
jurisdiction, which as you say isn't the case anyway.) What I did is
no more illegal than you lending your car keys to a stranger with the
request that he lock your door for you, and him then leafing through
the contents of your car and telling your spouse what he found. If
that causes your marriage to break up, the fault was with you for
having something in your car that would break up your marriage, and
for letting a stranger poke around in there.

The mails to your customers stop you from pretending to them that you
know what you're doing. That's all. Now, you may be able to come back
from this by making a public change of policy (you so far have a
declared stance that you would give out the root password to someone
else in future) and apologizing profusely to your customers, but if
you can't, that is your problem and not mine.

I was programming computers for eighteen years before I got a job
doing it. Getting money for hosting people's web sites is something
that you should see as a privilege for people who can demonstrably
provide this service safely, and should not be something you strive
for while you're learning the basics of Linux.

And of course, i have no idea, if you ahve installed some kind of a backdoor
utility that will grant you shell access via ssh to my system.
I want to convince myself that you haven't done so.

I can help with that convincing. No, I did not install any sort of
backdoor. There is no way you can prove that statement, but you have
my promise and pledge that your system is safe from me. All I did was:

1) Change the root password, storing the new one in a way that you could find it
2) Create the cookie file as proof of what I could do
3) Collect email addresses from /home/*/.contactemail
4) Inspect the index.html files in a few directories as a means of
locating the web sites concerned
5) 'mv .bash_history .bash_history_old', and later mv it back

There is no ongoing access, and now that you've changed the root
password (btw, I hope you weren't silly enough to change it to the
same password you emailed me), the system is under your control again.
But you cannot be sure that the *other* people you've given root
access to didn't do the same.

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 8:47:38 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Thu, Jun 6, 2013 at 3:29 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

Now about what you did to me. I wanted to tell you that I (and I am sure
there are other people too) don't agree with what you did. I think it was
pretty rotten -- you told me it was a bad idea to give out the root
password and that was as far as you should have gone, you had no right to
prove it by screwing with my system.

In the US there is a law called the DMCA which I think would make what

you did illegal, even though i have you a password, because i

clearly gave you access to help me fix a problem, not to do what you

did. Of course US law doesn't help in this case since you i live in Greece
and you live in Australia...

IANAL, but I don't think the DMCA has anything to do with this. (That

is to say, I don't think it would even if everything were under US

jurisdiction, which as you say isn't the case anyway.) What I did is

no more illegal than you lending your car keys to a stranger with the

request that he lock your door for you, and him then leafing through

the contents of your car and telling your spouse what he found. If

that causes your marriage to break up, the fault was with you for

having something in your car that would break up your marriage, and

for letting a stranger poke around in there.

I still maintain my belief that most people are good and want to help

rather than be destructive(which to your defense you weren't entirely. The
mails you sent to my few customers though really pissed me off).

The mails to your customers stop you from pretending to them that you

know what you're doing. That's all. Now, you may be able to come back

from this by making a public change of policy (you so far have a

declared stance that you would give out the root password to someone

else in future) and apologizing profusely to your customers, but if

you can't, that is your problem and not mine.

I was programming computers for eighteen years before I got a job

doing it. Getting money for hosting people's web sites is something

that you should see as a privilege for people who can demonstrably

provide this service safely, and should not be something you strive

for while you're learning the basics of Linux.

And of course, i have no idea, if you ahve installed some kind of a
backdoor utility that will grant you shell access via ssh to my system.

I want to convince myself that you haven't done so.

I can help with that convincing. No, I did not install any sort of

backdoor. There is no way you can prove that statement, but you have

my promise and pledge that your system is safe from me. All I did was:

1) Change the root password, storing the new one in a way that you could find
it

2) Create the cookie file as proof of what I could do

3) Collect email addresses from /home/*/.contactemail

4) Inspect the index.html files in a few directories as a means of

locating the web sites concerned

5) 'mv .bash_history .bash_history_old', and later mv it back

There is no ongoing access, and now that you've changed the root

password (btw, I hope you weren't silly enough to change it to the

same password you emailed me), the system is under your control again.

But you cannot be sure that the *other* people you've given root

access to didn't do the same.

Every time i granted access to other folks when jobs done i alwaws 'passwd' as
root to avoid unwanted access.

All customers are also my friends and they like me and trust me. I also fix
their computers too and use TeamViewer many times to help them from home.

Still, all of your doing could be avoided if isntead of fiddlign with my
clients, you would actually try to provide a helping had.

Anyway, i should'n have given root access to you, i was a bit worried doing so,
but i was also under stress of also correcting this damn encoding issue and i
wanted to think you would be the one that finally help solving it.

I was wrong. But no matter what you say i won't lose my beleif hat if for
example i have given access to Steven, things could have turn into a positive
solution.

You shouldnt have gone that far, just to prove a point.
Its not that malicious activity didn't occur to me that migth happen, i just
like to think that it wont.

Any way, enough said.

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 4:08 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Anyway, i should'n have given root access to you, i was a bit worried doing 
 so, but i was also under stress of also correcting this damn encoding issue 
 and i wanted to think you would be the one that finally help solving it.

 You shouldnt have gone that far, just to prove a point.
 Its not that malicious activity didn't occur to me that migth happen, i just 
 like to think that it wont.

Sure, you'd like to think that nothing will ever go wrong. Trouble is,
you can't depend on that. Maybe Steven D'Aprano would have solved your
problem for you... maybe not. Maybe you would have picked someone who
totally smashed your system, reputation, bank balance, and family pet.
How would you know?

The point of security is not to trust that most people will be fine.
The point of security is to be secure. You may not be able to guard
against everything, but you can certainly put some effort into not
making it easy for an attacker.

Treat the root password as a keyring with all of your keys on it, and
assume that you're going on holidays overseas. Do you contact
strangers to ask them to feed your cat? Or do you talk to a trusted
friend?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 9:16:56 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:

Do you contact strangers to ask them to feed your cat? Or do you talk to a 
trusted friend?

Well i dont consider you a perfect stranger, because we kind of know each other 
since we speak here sometime.

You know how much i was striving for help resolving this, and i was happy this 
morning thinking that Chris will fianlly put me out of this encoding misery
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Here is the mails you sent to my customers for the other members to see.

---
Greetings.

I apologize for this unsolicited email, but I feel that you have a
right to know about the security of your server. Νικόλαος Κούρας
(Nikos) has been in repeated communication with the members of
python-list with regard to many issues he is having, and he has
happily granted root access to his server to someone he has never met
and has no reason to trust. This compromises your data and your web
site.

Fortunately for you, the person he gave his password is me, and I have
no intention of causing damage. However, if I wanted to, I could do
*anything* to his server. As a simple demonstration, I have placed a
file called Hello_from_Rosuav in the root directory of each of your
web sites, for instance:

http://leonidasgkelos.com/Hello_from_Rosuav
http://parking-byzantio.gr/Hello_from_Rosuav

Your email addresses, too, I obtained from the server. If you are
storing personal details of any of your customers, I could access
those, but on principle I haven't looked.

Please consider carefully who you trust with your hosting. There is no
need to panic right now, as there has been no damage done (beyond the
creation of the file I mentioned above, which you can easily delete).
But be aware that Nikos is not a competent systems administrator, and
I would not trust him with any of my data.

You can find a large number of posts by Nikos on python-list here:
http://news.gmane.org/gmane.comp.python.general
http://mail.python.org/pipermail/python-list/2013-June/thread.html

Feel free to contact me for further details. I apologize that I cannot
communicate in Greek; I hope that this will not be a problem.

I advise that you look to alternative web hosting.
---

Thanks for screwing me up entirely and made me look what you made me look for 
all i did was to trust you.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 4:22 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
Τη Τετάρτη, 5 Ιουνίου 2013 9:16:56 μ.μ. UTC+3, ο χρήστης Chris Angelico
έγραψε:

Do you contact strangers to ask them to feed your cat? Or do you talk to a
trusted friend?

Well i dont consider you a perfect stranger, because we kind of know each
other since we speak here sometime.

You know how much i was striving for help resolving this, and i was happy
this morning thinking that Chris will fianlly put me out of this encoding
misery

See, that's the thing. All you know about me is that I happen to
answer a lot of questions here. Now, if you ask around on this list,
you'll probably learn a lot about me, but the most important thing
right now is that I told you up-front that I was not intending to
help, yet you still gave me the root password. You get so stuck on
your own problems that you are unable to see anyone else's. In fact,
you are very much in the position of Alice Liddell at the time of
American McGee's game, Alice: Madness Returns. (It's a decent game,
but don't buy anything from EA Games.) The problem isn't so much what
you're doing, as what you're not doing. Slow down, take a step back.
Give yourself some breathing space. If you had a test computer to play
around on before deploying things to your live server, you would not
be panicked by little problems; and you could take a bit of time to
(a) polish your posts before hitting Send, and (b) read the responses
more thoroughly. Between those two, you could avoid a lot of trouble
fairly easily.

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 4:34 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Here is the mails you sent to my customers for the other members to see.

Yep, containing nothing I haven't said on-list.

 Thanks for screwing me up entirely and made me look what you made me look for 
 all i did was to trust you.

Making you look like what? A systems administrator who can't be
trusted? Because that is, quite frankly, entirely accurate.

Suppose you go to a posh place that offers valet parking. You make
sure that the person you're giving your car key to is employed by the
club, and you let him take control of your car. Unbeknownst to you, he
doesn't actually park your car, he calls out to the loafers, asking
them to park it. He knows these guys, they're always hanging around.
He gives the key to one of them, who gets in your car and looks
around.

That's what you've done. You violated the trust your clients placed in
you, and your only response is to claim that a person (with whom you
had no contractual arrangement or even verbal promise) violated your
trust. It's like saying I can keep a secret, it's just the folks I
tell it to who can't.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Zero Piraeus

:

On 5 June 2013 14:34, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Here is the mails you sent to my customers for the other members to see.
 ---
 [...]
 I advise that you look to alternative web hosting.
 ---

 Thanks for screwing me up entirely and made me look what you made me look for 
 all i did was to trust you.

Chris has done your customers an important service (one which I would
not have risked, given your propensity for badmouthing those with whom
you come in contact). You are dangerously incompetent as a hosting
provider, as you have demonstrated here repeatedly. Be thankful that
the person you stupidly granted root access to has a sense of ethics,
and learn your trade.

 -[]z.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 9:46:03 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Thu, Jun 6, 2013 at 4:34 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

Here is the mails you sent to my customers for the other members to see.

Yep, containing nothing I haven't said on-list.

Thanks for screwing me up entirely and made me look what you made me look
for all i did was to trust you.

Making you look like what? A systems administrator who can't be

trusted? Because that is, quite frankly, entirely accurate.

Suppose you go to a posh place that offers valet parking. You make

sure that the person you're giving your car key to is employed by the

club, and you let him take control of your car. Unbeknownst to you, he

doesn't actually park your car, he calls out to the loafers, asking

them to park it. He knows these guys, they're always hanging around.

He gives the key to one of them, who gets in your car and looks

around.

That's what you've done. You violated the trust your clients placed in

you, and your only response is to claim that a person (with whom you

had no contractual arrangement or even verbal promise) violated your

trust. It's like saying I can keep a secret, it's just the folks I

tell it to who can't.

ChrisA

Its funny how doing what you did you manage to turn the whole thing against me.
WHY isntead of doing wht you did, dint you choose to actually *help* ?

I'am beginning to dislkike you more and more as you speak.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread rusi

On Jun 5, 11:34 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 Here is the mails you sent to my customers for the other members to see.
snipped

In the normal run of things, I would say Chris has done a horrible
thing.
In this case however, let us remember:
Many people -- hardly exclusively Chris -- tried to educate you
  1. on technical matters
  2. on methodological matters (eg how to debug)
  3. on matters of minimum etiquette -- eg spellchecking
  4. on basic security

For the most part, you simply have not listened.
Finally Chris warned you what he can do.
Instead of listening, you whined: I trust you!! (Heres a kiss!) and
gave him your password.
He gently tapped you on your rather hard and impervious 'Ferrous
Cranus' to let you understand the implications.

Even now, instead of understanding that you were wrong throughout, you
are still blaming Chris -- Good Grief!

And you expect us to sympathize with you?!?!  I dont know whether to
laugh or cry...

Please note Nikos:
If you obdurately, obstinately, insistently, incessantly behave like
an asshole, you leave no-one the choice but to treat you like an
asshole.

So... Are you an asshole??  One can only hope that you prove me wrong...
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 9:52:27 μ.μ. UTC+3, ο χρήστης Zero Piraeus έγραψε:
 :
 
 
 
 On 5 June 2013 14:34, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 
  Here is the mails you sent to my customers for the other members to see.
 
  ---
 
  [...]
 
  I advise that you look to alternative web hosting.
 
  ---
 
 
 
  Thanks for screwing me up entirely and made me look what you made me look 
  for all i did was to trust you.
 
 
 
 Chris has done your customers an important service (one which I would
 
 not have risked, given your propensity for badmouthing those with whom
 
 you come in contact). You are dangerously incompetent as a hosting
 
 provider, as you have demonstrated here repeatedly. Be thankful that
 
 the person you stupidly granted root access to has a sense of ethics,
 
 and learn your trade.
 
 
 
  -[]z.

Well, if he had ethics he would have told me that his intentiosn were to screw 
my business and also he could actually tried to help me out.

I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a 
hostign company and 3rd level tech that support me when it come to system 
administration.

Now, you were right about my bad mouth because iam going to tell you to sod off.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 4:55 AM, rusi rustompm...@gmail.com wrote:
 If you obdurately, obstinately, insistently, incessantly behave like
 an asshole, you leave no-one the choice but to treat you like an
 asshole.

This is Python. We duck-type people.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 9:55:46 μ.μ. UTC+3, ο χρήστης rusi έγραψε:
 On Jun 5, 11:34 pm, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 
  Here is the mails you sent to my customers for the other members to see.
 
 snipped
 
 
 
 In the normal run of things, I would say Chris has done a horrible
 
 thing.
 
 In this case however, let us remember:
 
 Many people -- hardly exclusively Chris -- tried to educate you
 
   1. on technical matters
 
   2. on methodological matters (eg how to debug)
 
   3. on matters of minimum etiquette -- eg spellchecking
 
   4. on basic security
 
 
 
 For the most part, you simply have not listened.
 
 Finally Chris warned you what he can do.
 
 Instead of listening, you whined: I trust you!! (Heres a kiss!) and
 
 gave him your password.
 
 He gently tapped you on your rather hard and impervious 'Ferrous
 
 Cranus' to let you understand the implications.
 
 
 
 Even now, instead of understanding that you were wrong throughout, you
 
 are still blaming Chris -- Good Grief!
 
 
 
 And you expect us to sympathize with you?!?!  I dont know whether to
 
 laugh or cry...
 
 
 
 Please note Nikos:
 
 If you obdurately, obstinately, insistently, incessantly behave like
 
 an asshole, you leave no-one the choice but to treat you like an
 
 asshole.
 
 
 
 So... Are you an asshole??  One can only hope that you prove me wrong...

No, its your attitude that is beyond asshood.

I decided a long time ago the certain people on the Python list were
assholes, perhaps you are the leader here.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

On Thu, Jun 6, 2013 at 4:58 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
Well, if he had ethics he would have told me that his intentiosn were to
screw my business and also he could actually tried to help me out.

I did. :)

I'am not incompetentm i;m a beginner and i learn along the way, also i ahve a
hostign company and 3rd level tech that support me when it come to system
administration.

Beginners learning along the way do not run businesses. I wouldn't
hire someone to build me a porch if he admits that he's still learning
which end of the hammer to hit with. (That's understandable if it's a
PHP hammer with claws on both ends, but I still wouldn't hire him.)
And if I hired someone to build that porch and only afterward
discovered that he didn't know a screw from a nail, I would be pretty
miffed. Nikos, you are that carpenter.

There's nothing wrong with being a beginner. We all start out that
way. But a beginner plays with things that don't have major
consequence. If you didn't have paying customers, you would not need
to worry about what I might have done; at very worst, you just wipe
the system and reinstall. (You DO have basic firewalling to make sure
I can't damage any other box, right?) And even more so, if you didn't
have paying customers, you would not be in a tizz about things. You
could simply set the matter aside and come back later. This is safe.

Don't do what you wouldn't stand for someone else doing.

ChrisA
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τετάρτη, 5 Ιουνίου 2013 10:13:41 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
On Thu, Jun 6, 2013 at 4:58 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

Well, if he had ethics he would have told me that his intentiosn were to
screw my business and also he could actually tried to help me out.

I did. :)

I'am not incompetentm i;m a beginner and i learn along the way, also i ahve
a hostign company and 3rd level tech that support me when it come to system
administration.

Beginners learning along the way do not run businesses. I wouldn't

hire someone to build me a porch if he admits that he's still learning

which end of the hammer to hit with. (That's understandable if it's a

PHP hammer with claws on both ends, but I still wouldn't hire him.)

And if I hired someone to build that porch and only afterward

discovered that he didn't know a screw from a nail, I would be pretty

miffed. Nikos, you are that carpenter.

There's nothing wrong with being a beginner. We all start out that

way. But a beginner plays with things that don't have major

consequence. If you didn't have paying customers, you would not need

to worry about what I might have done; at very worst, you just wipe

the system and reinstall. (You DO have basic firewalling to make sure

I can't damage any other box, right?) And even more so, if you didn't

have paying customers, you would not be in a tizz about things. You

could simply set the matter aside and come back later. This is safe.

Don't do what you wouldn't stand for someone else doing.

I'll have you know that all 10 of my client webpages run unproblematically and
i support them by mail and teamviewer for free.

I have even bough Softaculous licenses for them to have joomla and Drupal
install in an automatic way so things go smooth and easy for them because tehy
can all build Joomla from scratch.

If i couldnt host their webistes i woudlnt have done so, but i can.
And when i find t hard their is always the webhost company that supports me by
just openign a ticket.

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Joel Goldstick

snip

Now, you were right about my bad mouth because iam going to tell you to sod
off.

snip
  Well, if he had ethics he would have told me that his intentiosn were to
screw my business and also he could actually tried to help me out.

Many times I've seen people here give you their best advice and you come
back seemingly having not even read what they had to say.  You just whine
and say someone should help you, even though many have already done that.
You don't take the help.

Now in this case, Chris more or less proved my point.  I've been reading
along, and he said exactly what he would do if you gave him root access to
your account.  He said he would write to your users and explain to them the
peril of how you run your hosting service.  He didn't say he would help
you.

Go back and read exactly what he said, and then take a deep breath and do
some introspection of your own conduct.  He basically said, don't touch the
stove, its hot.  And you touched the stove and then complained.  You act
very poorly here.  Grow up

 I'am not incompetentm i;m a beginner and i learn along the way, also i
ahve a hostign company and 3rd level tech that support me when it come to
system administration.

I think you are incompetent.  No one knows everything, and groups like this
are a great place to learn more.  But part of being competent is being
careful.  You are reckless.  You work on a live server for which you have
paying customers.  You make endless changes to your code without taking the
time to go off and google for information about the topic you are
struggling with.  Your live site should probably have been put together
using a framework, but that would have required you to read about,
experiment with and use a framework.  You write html code in the midst of
your python code.  You have endless encoding/decoding issues, but you have
never apparently read the many articles on how unicode works.

Have some respect for the science and craft of making good software.




On Wed, Jun 5, 2013 at 3:03 PM, Chris Angelico ros...@gmail.com wrote:

 On Thu, Jun 6, 2013 at 4:55 AM, rusi rustompm...@gmail.com wrote:
  If you obdurately, obstinately, insistently, incessantly behave like
  an asshole, you leave no-one the choice but to treat you like an
  asshole.

 This is Python. We duck-type people.

 ChrisA
 --
 http://mail.python.org/mailman/listinfo/python-list




-- 
Joel Goldstick
http://joelgoldstick.com
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread rurpy

On 06/05/2013 05:19 PM, Dennis Lee Bieber wrote:
 On Wed, 5 Jun 2013 10:29:44 -0700 (PDT), Íéêüëáïò Êïýñáò
 nikos.gr...@gmail.com declaimed the following in
 gmane.comp.python.general:

 In the US there is a law called the DMCA which I think would make what
 you did illegal, even though i have you a password, because i
 clearly gave you access to help me fix a problem, not to do what you
 did. Of course US law doesn't help in this case since you i live in Greece 
 and you live in Australia...

   I doubt it... DMCA mainly concerns itself with the breaking of
 copyright restrictions applied to media -- for example, e-books that are
 keyed to single user's account. The CA part is copyright act
 (without googling, I think the DM is digital millenium); the key is
 copyright. No copyrights were violated in this teaching...

From vague memory (and without enough interest in the
subject to research it), I recall hearing several news
stories over the years where people where convicted (or
at least charged with) violating the DMCA (or perhaps 
equally draconian followup U.S. laws) even though they 
clearly penetrated the system to point out security flaws.

   But what you did was the equivalent of handing out the key to
 strangers (on the BarnesNoble Nook, the key is the combination of an
 email address and a credit card number -- if you are willing to hand
 your email and CC# to a perfect stranger they can legitimately open the
 e-book file you gave them).
 
   In short, you said: I give you total control over my server; do
 anything you want with it though I'd like for you to clean up my mess.

No he didn't -- as I read his posts he was clearly offering
access for the purpose of having someone help him fix his 
problems. 

That I give you my car keys (even if you're a stranger) does 
not mean I am giving you permission to do whatever you want 
with my car.  

Nor does the fact that I think you shouldn't pick up hitchikers 
permit me to teach you a lesson by getting picked up by you and
then robbing you.

But a bunch of legally ignorant programmers (including myself) 
speculating about the subject here is about as informative as 
a group of 6-graders thoughts on Einstein's theory of relativity.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Tim Chase

On 2013-06-05 17:57, ru...@yahoo.com wrote:
 On 06/05/2013 05:19 PM, Dennis Lee Bieber wrote:
 stories over the years where people where convicted (or
 at least charged with) violating the DMCA (or perhaps 
 equally draconian followup U.S. laws) even though they 
 clearly penetrated the system to point out security flaws.

I suspect you read CFAA (Computer Fraud  Abuse Act) and thought
DMCA (Digital Millennium Copyright Act), as there have been a
number of prosecutions under the CFAA (including the whole Aaron
Swartz ordeal) for nebulous exceeding authorization.

-tkc


-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-05 Thread Steven D'Aprano

On Wed, 05 Jun 2013 03:32:42 -0700, Νικόλαος Κούρας wrote:

[...]
 You spare it from the list because you wanted to bitch in private. Now
 sod off.

Νικόλαος, please stop trading insults with people who you feel have 
wronged you.

If somebody gives you deliberately bad advice, that is one thing. 
Otherwise, please try to ignore their insults rather than throwing fuel 
on the fire by insulting back.

But please also try to learn from them! Most of the criticisms given have 
been valid, even if put rudely.

For example, this thread, and related threads, are ENORMOUS. I cannot 
keep track of all the issues. Please try not to make this thread 
unnecessarily complicated with rapid fire responses that don't help.

*  Please think before you reply. Does your reply *help* the 
conversation, or make it worse? 

* Please stop making multiple changes at once. It makes it hard to see 
what causes the breakage.

* If you change something, and it breaks, undo the change, then 
experiment outside of your live system to try to understand and fix the 
issue.


As for everyone else, please try to be polite and helpful, or don't reply 
at all.


Thank you.


-- 
Steven
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Πέμπτη, 6 Ιουνίου 2013 6:57:08 π.μ. UTC+3, ο χρήστης Steven D'Aprano έγραψε:
On Wed, 05 Jun 2013 03:32:42 -0700, Νικόλαος Κούρας wrote:

[...]

You spare it from the list because you wanted to bitch in private. Now

sod off.

Νικόλαος, please stop trading insults with people who you feel have

wronged you.

If somebody gives you deliberately bad advice, that is one thing.

Otherwise, please try to ignore their insults rather than throwing fuel

on the fire by insulting back.

But please also try to learn from them! Most of the criticisms given have

been valid, even if put rudely.

For example, this thread, and related threads, are ENORMOUS. I cannot

keep track of all the issues. Please try not to make this thread

unnecessarily complicated with rapid fire responses that don't help.

* Please think before you reply. Does your reply *help* the

conversation, or make it worse?

* Please stop making multiple changes at once. It makes it hard to see

what causes the breakage.

* If you change something, and it breaks, undo the change, then

experiment outside of your live system to try to understand and fix the

issue.

As for everyone else, please try to be polite and helpful, or don't reply

at all.

Thank you.

Steven

Okey as, you ahve seen form yesterday night(Greek time) i have stopped
answering to this thread.
I have said what needed ot be heard.
--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico

On Tue, Jun 4, 2013 at 2:45 PM, Michael Torrie torr...@gmail.com wrote:
 On 06/03/2013 05:33 PM, Carlos Nepomuceno wrote:
 I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a
 few tweaks that I don't remember though.

 If you don't have any previous experience with Apache httpd settings
 I wouldn't try that on a production server.

 Precisely.  Given his experience levels, installing httpd from source is
 recipe for disaster.  He's now going to have to track security flaw
 reports manually, try to figure out which ones apply to him, and keep
 his apache up to date.  I can't think of anything he'd need in Apache
 that's not in the CentOS packages.  I've sys-admined for years and I've
 never ever needed an Apache outside out of the repos.  Sometimes I
 needed other things I had to build from source, but never apache.

Agreed. I'm a Debian guy rather than Red Hat, and by comparison Debian
changes with every gust of wind, but the same applies. There's little
reason to build most things from source; take advantage of the massive
testing that's been done! Of course, there will be times when the
version in the repo is just too old, but that's never been the case
for me with Apache.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

I think i'll do a chmod 666 /var/log/httpd/suexec.log and see if the error 
goes away. 

I think what the problem is, i have the owner and group as root:root with 
read/write permissions, but apache is likely owned by something else 
(www:www or apache:webservd). 

So either i'll have to change the group ownership of the log file to the group 
apache is running as or change the log file to world read/write, which isn't 
safe since other people log into the box, but is generally harmless i think 
with log files. 

Checking the permissions of /var/log/httpd directory itself:

ni...@superhost.gr [~/www/cgi-bin]# ls -ld /var/log/httpd/
drwx-- 2 root root 4096 Jun  1 02:52 /var/log/httpd//

Is that a problem?

http != Apache ?

i'm still confused about what is:
'/var/log/httpd' and what is '/usr/local/Apache'

Is seems like this is the same service runnign twice under different names.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

I just tried out those:

root@nikos [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun  1 02:52 /var/log/httpd/suexec.log

root@nikos [~]# ls -l /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 532667 Jun  4 13:11 /usr/local/apache/logs/suexec_log

root@nikos [~]# chown root:apache /var/log/httpd/suexec.log

root@nikos [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root apache 0 Jun  1 02:52 /var/log/httpd/suexec.log

but i'm not usre if they solve the problem or why there are 2 suexec.log files.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Benjamin Schollnick

On Jun 4, 2013, at 6:12 AM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:

 Checking the permissions of /var/log/httpd directory itself:
 
 ni...@superhost.gr [~/www/cgi-bin]# ls -ld /var/log/httpd/
 drwx-- 2 root root 4096 Jun  1 02:52 /var/log/httpd//
 
 Is that a problem?
 
 http != Apache ?

Yes, httpd is Apache, or at least part of Apache.

 i'm still confused about what is:
 '/var/log/httpd' and what is '/usr/local/Apache'
 
 Is seems like this is the same service runnign twice under different names.

Not really.  

Unix unlike some other OSes, separates your data from your applications.

That's one reason, when Apple designed Mac OS X, you can re-install Mac OS X 
over your current installation, and not lose any data.  Your user data is 
separate from the OS data.

The /Usr tree is considered read-only.  In theory nothing should write to that 
folder, unless you are installing Unix tools.  Please note, it's not read only 
in the OS, yes, it does require super user rights, but that tree is not read 
only.

The /Var tree is where the OS writes data to.  For example, Log files, 
temporary work files, etc.  

I hope this clears some of this up.

If I have made any mistakes here, please feel free to politely correct me |-)

- Benjamin

-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log

root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rwxr-xr-x 1 root apache 0 Jun  1 02:52 /var/log/httpd/suexec.log*

root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /usr/local/apache/logs/error_log

root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root root 32414017 Jun  4 13:51 /usr/local/apache/logs/error_log*

root@nikos [/home/nikos/www/cgi-bin]# chown root:apache 
/usr/local/apache/logs/error_log
root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log

-rwxr-xr-x 1 root apache 32414017 Jun  4 13:51 /usr/local/apache/logs/error_log*
root@nikos [/home/nikos/www/cgi-bin]#


Now the error i get whn trying to run my scgi script via browser is

root@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] 
[client 46.12.95.59] suexec failure: could not open log file
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: 
/home/nikos/public_html/500.shtml


I just don't get it.
I chmod'ed
i chown'ed

Why still doesn't work?
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

send the output of the following command:

ps aux|grep httpd


 Date: Tue, 4 Jun 2013 03:56:19 -0700
 Subject: Re: Apache and suexec issue that wont let me run my python script
 From: nikos.gr...@gmail.com
 To: python-list@python.org
 
 root@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log
 
 root@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
 -rwxr-xr-x 1 root apache 0 Jun  1 02:52 /var/log/httpd/suexec.log*
 
 root@nikos [/home/nikos/www/cgi-bin]# chmod 755 
 /usr/local/apache/logs/error_log
 
 root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
 -rwxr-xr-x 1 root root 32414017 Jun  4 13:51 /usr/local/apache/logs/error_log*
 
 root@nikos [/home/nikos/www/cgi-bin]# chown root:apache 
 /usr/local/apache/logs/error_log
 root@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
 
 -rwxr-xr-x 1 root apache 32414017 Jun  4 13:51 
 /usr/local/apache/logs/error_log*
 root@nikos [/home/nikos/www/cgi-bin]#
 
 
 Now the error i get whn trying to run my scgi script via browser is
 
 root@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] 
 [client 46.12.95.59] suexec failure: could not open log file
 [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission 
 denied
 [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of 
 script headers: koukos.py
 [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: 
 /home/nikos/public_html/500.shtml
 
 
 I just don't get it.
 I chmod'ed
 i chown'ed
 
 Why still doesn't work?
 -- 
 http://mail.python.org/mailman/listinfo/python-list
  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τρίτη, 4 Ιουνίου 2013 2:04:36 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
 send the output of the following command: 
 ps aux|grep httpd

root@nikos [/home/nikos/www/data/apps]# ps aux | grep httpd
root 19194  0.0  0.2  74224  4440 ?Ss   Jul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
root 19201  0.0  0.1  74136  2576 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19202  0.0  0.2  74492  4320 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19203  0.0  0.2  74488  4304 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19204  0.0  0.2  74488  4352 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19205  0.0  0.2  74492  4336 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19206  0.0  0.2  74544  4328 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   19215  0.0  0.2  74492  4300 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
nobody   20170  0.0  0.2  74356  4264 ?SJul13   0:00 
/usr/local/apache/bin/httpd -k start -DSSL
root 20860  0.0  0.0 103240   856 pts/2S+   Jul13   0:00 grep httpd
root@nikos [/home/nikos/www/data/apps]#
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

The httpd processes are run by user 'nobody'. You have to change your 
httpd.conf to assign the correct user or change the owner of the log file to 
nobody.

On httpd.conf look for the following directives:
User root
Group root


 Date: Tue, 4 Jun 2013 04:09:44 -0700
 Subject: Re: Apache and suexec issue that wont let me run my python script
 From: nikos.gr...@gmail.com
 To: python-list@python.org
 
 Τη Τρίτη, 4 Ιουνίου 2013 2:04:36 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
 έγραψε:
  send the output of the following command: 
  ps aux|grep httpd
 
 root@nikos [/home/nikos/www/data/apps]# ps aux | grep httpd
 root 19194  0.0  0.2  74224  4440 ?Ss   Jul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 root 19201  0.0  0.1  74136  2576 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   19202  0.0  0.2  74492  4320 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   19203  0.0  0.2  74488  4304 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   19204  0.0  0.2  74488  4352 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   19205  0.0  0.2  74492  4336 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   19206  0.0  0.2  74544  4328 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   19215  0.0  0.2  74492  4300 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 nobody   20170  0.0  0.2  74356  4264 ?SJul13   0:00 
 /usr/local/apache/bin/httpd -k start -DSSL
 root 20860  0.0  0.0 103240   856 pts/2S+   Jul13   0:00 grep httpd
 root@nikos [/home/nikos/www/data/apps]#
 -- 
 http://mail.python.org/mailman/listinfo/python-list
  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root apache 32447472 Jun  4 14:36 /usr/local/apache/logs/error_log*
root@nikos [/home/nikos/www/data/apps]# chown nobody:apache 
/usr/local/apache/logs/error_log
root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 nobody apache 32447472 Jun  4 14:36 
/usr/local/apache/logs/error_log*


still the same error.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τρίτη, 4 Ιουνίου 2013 2:27:25 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
 The httpd processes are run by user 'nobody'. You have to change your 
 httpd.conf to assign the correct user or change the owner of the log file to 
 nobody.
 
 On httpd.conf look for the following directives:
 User root
 Group root

Why some httpd run as root(first two) and the rest as nobody?
What is user 'nobody' anyways?

root@nikos [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'User root'
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'user root'
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'group root'
root@nikos [/home/nikos/www/data/apps]# cat  /usr/local/apache/conf/httpd.conf 
| grep 'Group root'

Doesn't seem to be there.
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script


Post your httpd.conf to pastebin and send us the link...

 Date: Tue, 4 Jun 2013 04:38:44 -0700
 Subject: Re: Apache and suexec issue that wont let me run my python script
 From: nikos.gr...@gmail.com
 To: python-list@python.org
 
 root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
 -rwxr-xr-x 1 root apache 32447472 Jun  4 14:36 
 /usr/local/apache/logs/error_log*
 root@nikos [/home/nikos/www/data/apps]# chown nobody:apache 
 /usr/local/apache/logs/error_log
 root@nikos [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
 -rwxr-xr-x 1 nobody apache 32447472 Jun  4 14:36 
 /usr/local/apache/logs/error_log*
 
 
 still the same error.
 -- 
 http://mail.python.org/mailman/listinfo/python-list
  -- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

Date: Tue, 4 Jun 2013 04:36:06 -0700
Subject: Re: Apache and suexec issue that wont let me run my python script
From: nikos.gr...@gmail.com
To: python-list@python.org

Τη Τρίτη, 4 Ιουνίου 2013 2:27:25 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno
έγραψε:
The httpd processes are run by user 'nobody'. You have to change your
httpd.conf to assign the correct user or change the owner of the log file
to nobody.

On httpd.conf look for the following directives:
User root
Group root

Why some httpd run as root(first two) and the rest as nobody?

The root processes are run by init during startup. The nobody processes are
started by the first httpd processes based on httpd.conf settings.

What is user 'nobody' anyways?

Just a user with no shell access.

root@nikos [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf
root@nikos [/home/nikos/www/data/apps]# cat
/usr/local/apache/conf/httpd.conf | grep 'User root'
root@nikos [/home/nikos/www/data/apps]# cat
/usr/local/apache/conf/httpd.conf | grep 'user root'
root@nikos [/home/nikos/www/data/apps]# cat
/usr/local/apache/conf/httpd.conf | grep 'group root'
root@nikos [/home/nikos/www/data/apps]# cat
/usr/local/apache/conf/httpd.conf | grep 'Group root'

Doesn't seem to be there.

You have to edit httpd.conf and change the User and Group directives. They
currently are set to nobody, so you have to look for ' User nobody' and '
Group nobody'.

Take care while editing httpd.conf. Make a backup copy just in case. ;)

--
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
 Post your httpd.conf to pastebin and send us the link...


Here it is:  http://pastebin.com/kMT2BZp1
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

 Date: Tue, 4 Jun 2013 04:48:34 -0700
 Subject: Re: Apache and suexec issue that wont let me run my python script
 From: nikos.gr...@gmail.com
 To: python-list@python.org

 Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
 έγραψε:
  Post your httpd.conf to pastebin and send us the link...

 Here it is:  http://pastebin.com/kMT2BZp1
 -- 
 http://mail.python.org/mailman/listinfo/python-list

Your httpd.conf is automatically generated by cPanel. Take a look:

# Defined in /var/cpanel/cpanel.config: apache_portListen 0.0.0.0:82User 
nobodyGroup nobodyExtendedStatus OnServerAdmin nikos.gr33k@gmail.comServerName 
nikos.superhost.grLogLevel warn

That means you have to change the settings on cPanel not directly editing 
httpd.conf. I don't use cPanel so I can't help you on that.

Good luck!

  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τρίτη, 4 Ιουνίου 2013 3:11:18 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno έγραψε:
  Date: Tue, 4 Jun 2013 04:48:34 -0700
  Subject: Re: Apache and suexec issue that wont let me run my python script
  From: nikos...@gmail.com
  To: pytho...@python.org

  Τη Τρίτη, 4 Ιουνίου 2013 2:42:52 μ.μ. UTC+3, ο χρήστης Carlos Nepomuceno 
  έγραψε:
   Post your httpd.conf to pastebin and send us the link...

  Here it is:  http://pastebin.com/kMT2BZp1
  -- 
  http://mail.python.org/mailman/listinfo/python-list

 Your httpd.conf is automatically generated by cPanel. Take a look:

 # Defined in /var/cpanel/cpanel.config: apache_port
 Listen 0.0.0.0:82
 User nobody
 Group nobody
 ExtendedStatus On
 ServerAdmin nikos...@gmail.com
 ServerName nikos.superhost.gr
 LogLevel warn

 That means you have to change the settings on cPanel not directly editing 
 httpd.conf. I don't use cPanel so I can't help you on that.

 Good luck!

Since, i'm root i will open the file and alter the user nobody to root.
Can't i?

Also about the suexec.log since i made it 755 why still suexec complain that it 
cannot open it?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

root@nikos [~]# nano /usr/local/apache/conf/httpd.conf

and altering user nobody to user root.

root@nikos [~]# service httpd restart
[Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping
Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root.  
There are known race conditions that\n\twill allow any local user to read any 
file on the system.\n\tIf you still desire to serve pages as root then\n\tadd 
-DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the 
server.\n\tIt is strongly suggested that you instead modify the 
User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
root@nikos [~]#

What can i do?
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico

On Tue, Jun 4, 2013 at 10:57 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 root@nikos [~]# nano /usr/local/apache/conf/httpd.conf

 and altering user nobody to user root.

 root@nikos [~]# service httpd restart
 [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, 
 skipping
 Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
 Error:\tApache has not been designed to serve pages while\n\trunning as root. 
  There are known race conditions that\n\twill allow any local user to read 
 any file on the system.\n\tIf you still desire to serve pages as root 
 then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
 rebuild the server.\n\tIt is strongly suggested that you instead modify the 
 User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
 root@nikos [~]#

 What can i do?

Don't do that.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

RE: Apache and suexec issue that wont let me run my python script

 Date: Tue, 4 Jun 2013 05:57:54 -0700
 Subject: Re: Apache and suexec issue that wont let me run my python script
 From: nikos.gr...@gmail.com
 To: python-list@python.org

 root@nikos [~]# nano /usr/local/apache/conf/httpd.conf

 and altering user nobody to user root.

 root@nikos [~]# service httpd restart
 [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, 
 skipping
 Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
 Error:\tApache has not been designed to serve pages while\n\trunning as root. 
  There are known race conditions that\n\twill allow any local user to read 
 any file on the system.\n\tIf you still desire to serve pages as root 
 then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
 rebuild the server.\n\tIt is strongly suggested that you instead modify the 
 User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
 root@nikos [~]#

 What can i do?

You don't need to run httpd as root. In fact it's risky. You can use another 
user with less privileges to run it like nobody or something else you see fit.

I don't think the suggestion to rebuild the server is good, but I don't know 
how cPanel works so it's just a guess.

  -- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

Τη Τρίτη, 4 Ιουνίου 2013 4:10:58 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
 On Tue, Jun 4, 2013 at 10:57 PM, Νικόλαος Κούρας nikos.gr...@gmail.com 
 wrote:
 
  root@nikos [~]# nano /usr/local/apache/conf/httpd.conf

  and altering user nobody to user root.

  root@nikos [~]# service httpd restart
 
  [Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, 
  skipping
 
  Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
 
  Error:\tApache has not been designed to serve pages while\n\trunning as 
  root.  There are known race conditions that\n\twill allow any local user to 
  read any file on the system.\n\tIf you still desire to serve pages as root 
  then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then 
  rebuild the server.\n\tIt is strongly suggested that you instead modify the 
  User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n

 Don't do that.

Well i can understand its dangerous but it doesnt also let me.
So that leaved me the tampering of the log files.

root@nikos [~]# chmod 755 /var/log/httpd/error_log
root@nikos [~]# chown nobody:nobody  /var/log/httpd/error_log

root@nikos [~]# chmod 755 /usr/local/apache/logs/error_log
root@nikos [~]# chown nobody:nobody  /usr/local/apache/logs/error_log

BUT just my luck.

root@nikos [~]# [Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] suexec 
failure: could not open log file
[Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py
[Tue Jun 04 16:16:21 2013] [error] [client 46.12.95.59] File does not exist: 
/home/nikos/public_html/500.shtml
[Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] suexec failure: could 
not open log file
[Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 16:16:24 2013] [error] [client 46.12.95.59] Premature end of script 
headers: koukos.py


I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script

2013-06-04 Thread Chris Angelico

On Tue, Jun 4, 2013 at 11:17 PM, Νικόλαος Κούρας nikos.gr...@gmail.com wrote:
 I DONT KNOW WHAT ELSE TO TRY PLEASE HELP ILL TRY ANYTHING YOU SAY.

You should try power surging your drivers. Have you got a spare power cord?

ChrisA

[1] http://www.oocities.org/timessquare/4753/bofh.htm
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Apache and suexec issue that wont let me run my python script