Re: [qmailtoaster] Suexec apache2 qmailadmin
I gotta say, I don't understand the problem here. I have two domains on a toaster. I can get to qmailadmin via http://domain1.com/qmailtoaster and/or http://domain2.com/qmailtoaster. I can log into either domain using the url from either one. I've (simply) set up virtual domains in httpd.conf for each one, and they just work. So what's the problem? (What am I missing?) Nolan Garrett wrote: I don't know if this helps or not, but in my case I was required to rename qmailadmin to index.cgi, and change it's ownership to vpopmail and vchkpw. This user and group was given a UID and GID 500. Also, I had to recompile suexec using the directions from the link below so that I could execute out of /usr/share/qmailadmin. http://weblog.massivegeek.com/modules.php?name=Newsfile=articlesid=67 Nolan Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
Jeremy Suexec follows a stringent set of criteria before it will execute a CGI. Check this list of 20 criterion and see if you've configured qmailadmin to pass all of them: http://httpd.apache.org/docs/2.0/suexec.html#model Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 20:07:04 -0600, Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
Also, in my case, I had to turn SELinux off. Quinn Comendant wrote: Jeremy Suexec follows a stringent set of criteria before it will execute a CGI. Check this list of 20 criterion and see if you've configured qmailadmin to pass all of them: http://httpd.apache.org/docs/2.0/suexec.html#model Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 20:07:04 -0600, Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
I'm using Virtualmin to do web hosting. It creates the httpd.conf as follows using suexec. VirtualHost 192.168.1.2:80 SuexecUserGroup #501 #500 ServerName mydomain.com ServerAlias www.mydomain.com DocumentRoot /home/mydomain/public_html ErrorLog /home/mydomain/logs/error_log CustomLog /home/mydomain/logs/access_log common ScriptAlias /cgi-bin/ /home/mydomain/cgi-bin/ Directory /home/mydomain/public_html Options Indexes FollowSymLinks ExecCGI allow from all AllowOverride All /Directory Directory /home/mydomain/cgi-bin allow from all /Directory /VirtualHost All scripts must reside in /home/{somedomain}. If I put the scripts in a folder belonging to that domain, only that domain will be able to use it. I would like to be able to run the qmailadmin scripts from all domains but I haven't figured out how to make it work yet with suexec. Eric Shubes wrote: I gotta say, I don't understand the problem here. I have two domains on a toaster. I can get to qmailadmin via http://domain1.com/qmailtoaster and/or http://domain2.com/qmailtoaster. I can log into either domain using the url from either one. I've (simply) set up virtual domains in httpd.conf for each one, and they just work. So what's the problem? (What am I missing?) Nolan Garrett wrote: I don't know if this helps or not, but in my case I was required to rename qmailadmin to index.cgi, and change it's ownership to vpopmail and vchkpw. This user and group was given a UID and GID 500. Also, I had to recompile suexec using the directions from the link below so that I could execute out of /usr/share/qmailadmin. http://weblog.massivegeek.com/modules.php?name=Newsfile=articlesid=67 Nolan Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
Jeremy Runner wrote: I'm using Virtualmin to do web hosting. It creates the httpd.conf as follows using suexec. Do you have shell access to the machine (or will virtualmin let you) change this VirthostHost to something more custom? Be warned that VirtualMin might overwrite your hand-edited changes should you attempt to manage the server using both methods. Not sure how to deal with your suexec issue yet, but to serve an application (like qmailadmin) to multiple clients, I would recommend something like the following. Set XXX.XXX.XXX.XXX to your IP (or preferably a unique IP so you can generate a self-signed certificate for all domains). VirtualHost XXX.XXX.XXX.XXX:80 ServerName mailserver.yourdomain.com:80 ServerAlias mailserver.clientdomain1.com:80 ServerAlias mailserver.clientdomain2.com:80 ServerAlias mailserver.clientdomain3.com:80 # ...etc RewriteEngine on RewriteRule ^/+$ /qmailadmin/index.cgi [R] Directory /usr/share/qmailadmin AddHandler cgi-script .cgi AddHandler cgi-script qmailadmin DirectoryIndex index.cgi qmailadmin index.html Options +Indexes FollowSymLinks +ExecCGI Order allow,deny Allow from all /Directory /VirtualHost All scripts must reside in /home/{somedomain}. Why is that? I'd be inclined to put them in /home/vpopmail/domains/{somedomain}/ (but what do I know?). No way! Keep your mail system seperate from your web system. Some day you may need to move your qmail toaster to a seperate machine and that will be very easy if you don't mix hosted sites with your domains. Suexec requires CGI directories to be within a couple levels of the root path it was compiled with (I assume yours was /home) so you must keep sites under /home/site or /home/username/sitename. Is there any way to get virtualmin (or whatever it is that requires it) to require /home/vpopmail/domains/{somedomain} instead of simply /home/{somedomain}? What does your /etc/httpd/conf/toaster.conf say? Shouldn't they all pick this up and run the scripts from /usr/share/toaster/htdocs/scripts/ ? I agree, with the toater.conf, this should just simply work if the toaster.conf is in fact included by the server. Keep in mind that toaster.conf is included by apache into the global scope, not for any particular VirtualHost, so the domain that it might need to be accessed with is the default hostname configured into apache's httpd.conf (the ServerName directive that is not within a VirtualHost directive). If I put the scripts in a folder belonging to that domain, only that domain will be able to use it. I would like to be able to run the qmailadmin scripts from all domains but I haven't figured out how to make it work yet with suexec. Did you check that list of 20 requirements before suexec works? Your answer lies there I reckon. It's late here so I apologize if I'm rambling. Quinn - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Suexec apache2 qmailadmin
Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Suexec apache2 qmailadmin
I don't know if this helps or not, but in my case I was required to rename qmailadmin to index.cgi, and change it's ownership to vpopmail and vchkpw. This user and group was given a UID and GID 500. Also, I had to recompile suexec using the directions from the link below so that I could execute out of /usr/share/qmailadmin. http://weblog.massivegeek.com/modules.php?name=Newsfile=articlesid=67 Nolan Jeremy Runner wrote: That didn't work. I think you have to set SuexecUserGroup to which user you want to have access but this is set in the VirtualHost directive. I found this link but I'm not sure if it applies. http://www.shupp.org/toaster/trustix_notes.eml.html Quinn Comendant wrote: Do you know if it is possible to disable suexec for one specific site? In my opinion it is safe to run qmailadmin under user apache/www/nobody. Otherwise, it should work to copy the /usr/share/qmailadmin directory to /var/www/qmailadmin and adjust the paths in /etc/httpd/conf/toaster.conf accordingly. I don't think suexec will let you run it through a symlink. Quinn - Strangecode :: Internet Consultancy http://www.strangecode.com/ +1 530 624 4410 On Mon, 13 Nov 2006 19:05:48 -0600, Jeremy Runner wrote: Now that I have qmailtoaster running and doing so well, I'm trying to get qmailadmin working. I have apache2 configured with suexec. All cgi scripts have to be in /var/www and a virtual host has to be configured to set SuexecUserGroup to run cgi scripts. How can I get qmailadmin working in this environment so that it will be available for all virtual domains I have and not just one. Hope I'm not too confusing. - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]