Re: [qmailtoaster] Suexec apache2 qmailadmin
I gotta say, I don't understand the problem here. I have two domains on a toaster. I can get to qmailadmin via http://domain1.com/qmailtoaster and/or http://domain2.com/qmailtoaster. I can log into either domain using the url from either one. I've (simply) set up virtual domains in httpd.conf for each one, and they just work. So what's the problem? (What am I missing?) Nolan Garrett wrote: I don't know if this helps or not, but in my case I was required to rename qmailadmin to index.cgi, and change it's ownership to vpopmail and vchkpw. This user and group was given a UID and GID 500. Also, I had to recompile suexec using the directions from the link below so that I could execute out of /usr/share/qmailadmin. http://weblog.massivegeek.com/modules.php?name=Newsfile=articlesid=67 Nolan Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
Jeremy Suexec follows a stringent set of criteria before it will execute a CGI. Check this list of 20 criterion and see if you've configured qmailadmin to pass all of them: http://httpd.apache.org/docs/2.0/suexec.html#model Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 20:07:04 -0600, Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
Also, in my case, I had to turn SELinux off. Quinn Comendant wrote: Jeremy Suexec follows a stringent set of criteria before it will execute a CGI. Check this list of 20 criterion and see if you've configured qmailadmin to pass all of them: http://httpd.apache.org/docs/2.0/suexec.html#model Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 20:07:04 -0600, Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
I'm using Virtualmin to do web hosting. It creates the httpd.conf as
follows using suexec.
VirtualHost 192.168.1.2:80
SuexecUserGroup #501 #500
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /home/mydomain/public_html
ErrorLog /home/mydomain/logs/error_log
CustomLog /home/mydomain/logs/access_log common
ScriptAlias /cgi-bin/ /home/mydomain/cgi-bin/
Directory /home/mydomain/public_html
Options Indexes FollowSymLinks ExecCGI
allow from all
AllowOverride All
/Directory
Directory /home/mydomain/cgi-bin
allow from all
/Directory
/VirtualHost
All scripts must reside in /home/{somedomain}. If I put the scripts in
a folder belonging to that domain, only that domain will be able to use
it. I would like to be able to run the qmailadmin scripts from all
domains but I haven't figured out how to make it work yet with suexec.
Eric Shubes wrote:
I gotta say, I don't understand the problem here.
I have two domains on a toaster. I can get to qmailadmin via
http://domain1.com/qmailtoaster and/or http://domain2.com/qmailtoaster. I
can log into either domain using the url from either one.
I've (simply) set up virtual domains in httpd.conf for each one, and they
just work.
So what's the problem? (What am I missing?)
Nolan Garrett wrote:
I don't know if this helps or not, but in my case I was required to
rename qmailadmin to index.cgi, and change it's ownership to vpopmail
and vchkpw. This user and group was given a UID and GID 500. Also, I
had to recompile suexec using the directions from the link below so that
I could execute out of /usr/share/qmailadmin.
http://weblog.massivegeek.com/modules.php?name=Newsfile=articlesid=67
Nolan
Jeremy Runner wrote:
That didn't work. I think you have to set SuexecUserGroup to which
user you want to have access but this is set in the VirtualHost directive.
I found this link but I'm not sure if it applies.
http://www.shupp.org/toaster/trustix_notes.eml.html
Quinn Comendant wrote:
Do you know if it is possible to disable suexec for one specific site? In my
opinion it is safe to run qmailadmin under user apache/www/nobody.
Otherwise, it should work to copy the /usr/share/qmailadmin directory to
/var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf
accordingly. I don't think suexec will let you run it through a symlink.
Quinn
-
Strangecode :: Internet Consultancy
http://www.strangecode.com/
+1 530 624 4410
On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote:
Now that I have qmailtoaster running and doing so well, I'm trying
to get qmailadmin working. I have apache2 configured with suexec.
All cgi scripts have to be in /var/www and a virtual host has to be
configured to set SuexecUserGroup to run cgi scripts. How can I get
qmailadmin working in this environment so that it will be available
for all virtual domains I have and not just one. Hope I'm not too
confusing.
-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
Jeremy Runner wrote:
I'm using Virtualmin to do web hosting. It creates the httpd.conf as
follows using suexec.
Do you have shell access to the machine (or will virtualmin let you) change
this VirthostHost to something more custom? Be warned that VirtualMin might
overwrite your hand-edited changes should you attempt to manage the server
using both methods. Not sure how to deal with your suexec issue yet, but to
serve an application (like qmailadmin) to multiple clients, I would recommend
something like the following.
Set XXX.XXX.XXX.XXX to your IP (or preferably a unique IP so you can generate a
self-signed certificate for all domains).
VirtualHost XXX.XXX.XXX.XXX:80
ServerName mailserver.yourdomain.com:80
ServerAlias mailserver.clientdomain1.com:80
ServerAlias mailserver.clientdomain2.com:80
ServerAlias mailserver.clientdomain3.com:80
# ...etc
RewriteEngine on
RewriteRule ^/+$ /qmailadmin/index.cgi [R]
Directory /usr/share/qmailadmin
AddHandler cgi-script .cgi
AddHandler cgi-script qmailadmin
DirectoryIndex index.cgi qmailadmin index.html
Options +Indexes FollowSymLinks +ExecCGI
Order allow,deny
Allow from all
/Directory
/VirtualHost
All scripts must reside in /home/{somedomain}.
Why is that? I'd be inclined to put them in
/home/vpopmail/domains/{somedomain}/ (but what do I know?).
No way! Keep your mail system seperate from your web system. Some day you may
need to move your qmail toaster to a seperate machine and that will be very
easy if you don't mix hosted sites with your domains.
Suexec requires CGI directories to be within a couple levels of the root path
it was compiled with (I assume yours was /home) so you must keep sites under
/home/site or /home/username/sitename.
Is there any way to get virtualmin (or whatever it is that requires it) to
require /home/vpopmail/domains/{somedomain} instead of simply
/home/{somedomain}?
What does your /etc/httpd/conf/toaster.conf say? Shouldn't they all pick
this up and run the scripts from /usr/share/toaster/htdocs/scripts/ ?
I agree, with the toater.conf, this should just simply work if the
toaster.conf is in fact included by the server. Keep in mind that toaster.conf
is included by apache into the global scope, not for any particular
VirtualHost, so the domain that it might need to be accessed with is the
default hostname configured into apache's httpd.conf (the ServerName directive
that is not within a VirtualHost directive).
If I put the scripts in
a folder belonging to that domain, only that domain will be able to use
it. I would like to be able to run the qmailadmin scripts from all
domains but I haven't figured out how to make it work yet with suexec.
Did you check that list of 20 requirements before suexec works? Your answer
lies there I reckon.
It's late here so I apologize if I'm rambling.
Quinn
-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Suexec apache2 qmailadmin
Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
I don't know if this helps or not, but in my case I was required to rename qmailadmin to index.cgi, and change it's ownership to vpopmail and vchkpw. This user and group was given a UID and GID 500. Also, I had to recompile suexec using the directions from the link below so that I could execute out of /usr/share/qmailadmin. http://weblog.massivegeek.com/modules.php?name=Newsfile=articlesid=67 Nolan Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
