+ Information for Confess And Teach For Unity's eList Subscribers + Many thanks to all of you for the offers of help in getting suexec up and running! To those of you, especially, who offered phone support, thank you so much for being willing to commit that sort of time. As it turned out, I was either 'running' or in places where a conversation would have been impossible, so I just kept plugging away at it myself and...sure enough, suexec is now running!
Unfortunately...Virtualmin is not quite there, yet, and the thing that it really didn't like and made me change (the suexec-docroot) is absolutely boneheaded, as it contradicts the way that Apache is already running (which is how virtualmin/webmin said it should run in the first place!)...so I may end up just reading the stinkin' Mailman manual and doing all of the email setup manually, which thing I've been trying to avoid, lo, these many months. Anyway, for the curious, the following is what I did, as I wrote it up for a guy on the Apple Support Forum who was having the same basic issue--namely, that every set of instructions on the net has either been incomplete, error-filled, or just plain wrong. One thing to note, too: all of this was probably made harder by the fact that we didn't want to do a new installation of Apache, but just make and copy suexec without disturbing what else is in place. It will be interesting to see what happens whenever Apple releases a security update that updates Apache, and whether it breaks all that we've done. God willing, though, I will have gotten done with the mail server stuff on this machine by then and moved everything over to OS X Lion, which is supposed to be combining OS X and OS X Server, so that we end up with better admin tools, anyway. - - - First, of course, to make sure we're using the write version of Apache and locate files in the right places, we run $ httpd -v to see that what is already installed is Apache(Unix) 2.2.17, and then $ httpd -V which tells us, among other things, where the installed Apache would expect to see suexec; then: $ mkdir -p /usr/local/src because some set of instructions said this would be a good location for things... $ cd /usr/local/src $ curl -O http://mirror.candidhosting.com/pub/apache//httpd/httpd-2.2.17.tar.gz $ sudo tar xvf httpd-2.2.17.tar.gz NOTE: I went ahead and did sudo throughout instead of doing sudo su; should be the same, but I like the repetitive typing of sudo, as it makes me more careful with my typing $ cd httpd-2.2.17 $ sudo ./configure --with-layout=Darwin --enable-suexec --with-suexec-caller=_www --with-suexec-docroot=/Users --with-suexec-userdir=Sites This I did because Virtualmin didn’t like: ./configure --with-layout=Darwin --enable-suexec --with-suexec-caller=_www --with-suexec-docroot=/Library/WebServer/Documents --with-suexec-userdir=Sites Personally, I think this will be an irresolvable problem with Virtualmin. $ sudo make $ sudo cp /usr/local/src/httpd-2.2.17/support/suexec /usr/bin/ most instructions say sbin, but httpd -V said that my installation was already expecting it to be in bin $ sudo chown root:_www /usr/bin/suexec $ sudo chmod 4750 /usr/bin/suexec Stop Apache and Start Apache; for some reason, apachectl sometimes produces error message that bother me, so I do this from webmin, so that I can pretend nothing’s wrong! The various instructions around the net say that at this point you’ll have a working suexec and your error_log file will show something like “[notice] suEXEC mechanism enabled (wrapper: /usr/bin/suexec)”...but it never has done that for me. Virtualmin still says “Suexec is enabled in the default template, but the Apache module mod_suexec is not installed or not enabled.” Thus, apxs is required. In looking at the various man pages, etc., for apxs, it is repeatedly stated that on BSD Unix (which OS X is), there is an option for LD “-Bshareable”; apparently that’s not true anymore, because “ld -Bshareable -o mod_suexec.so mod_suexec.o” returns and “unknown option” error. I’ll toss it in in its place, however, in case someone needs it. So, here’s the deal, first as I used it, then as the various man pages, etc., would indicate: $ cd /usr/local/src/httpd-2.2.17/modules/generators $ sudo apxs -i -a -c mod_suexec.c gcc -fpic -DSHARED_MODULE -I/usr/include/apache2 -c mod_suexec.c OR $ sudo apxs -i -a -c mod_suexec.c gcc -fpic -DSHARED_MODULE -I/usr/include/apache2 -c mod_suexec.c ld -Bshareable -o mod_suexec.so mod_suexec.o Stop and start Apache again. For me, that got it running...though I still haven’t got Virtualmin up completely, yet, as there are a few other things to install...and the various things they’re dependent upon...but at least suexec appears to be running and recognized by it. - - - Once again, THANK YOU for all who offered to help and any little preliminary tidbits that were passed along that helped me finally take the time to track this stuff down--and thanks be to God that a sermon still ended up being prepared and I actually got enough sleep to keep others awake this morning and afternoon! EJG * * * * * * * * An Approach to Liturgical Style - 11 of 28 * * * * * * * * Use orthodox forms. From time to time, clarifications may be proposed; such will either win their place (if born of necessity) or die of neglect. The Rev. Eric J. Stefanski [email protected] The Evangelical Lutheran Diocese of North America http://ELDoNA.org Confess And Teach For Unity http://www.CAT41.org Lists: [email protected] Holy Trinity Ev.-Luth. Church, Harrison, AR http://www.HolyTrinityLC.com * * * * * Adapted from Strunk & White, ~The Elements of Style~ * * * * * + + + Confess and Teach for Unity <http://www.CAT41.org> + + + The preceding is a message from the Confess and Teach For Unity List Administrator; you are receiving it because you are *or have been* a subscriber to one or more email lists run by Confess and Teach for Unity (CAT41.org). If you are no longer on any CAT 41 list and do not wish to receive such periodic mailings regarding new mail lists and other services, please send ANY note to: [email protected] NOTE: if you are on a CAT 41 list or resubscribe to any CAT 41 list, you will be re-added to this list, as this list is the venue for necessary system notices, etc. To Subscribe, send ANY note to: [email protected] Unless otherwise noted, posts from this list may be forwarded and/or republished via other media, provided they are not altered and list subscription information is included. For any further information or problems in unsubscribing, please contact the list administrator by writing to: MoM [at] lists (dot) cat41 <dot> org
