>On 06/10/2011 05:57 PM, Mark Dennis wrote:
>> /home/vpopmail/etc/onchange: Permission denied, referer:
>> cgi-bin/vqregister/vqregister.cgi
>
>Is vQregister running SUID and SGID, and is Apache allowing the suExec?
> Since you know it's a permissions problem now, you should be able to
>trace the path.

Yes, as is qmailadmin:
-rwsr-sr-x 1 vpopmail vchkpw 174916 Mar  5 14:39 qmailadmin
-rwsr-sr-x 1 vpopmail vchkpw 134877 Mar  8 07:54 vqregister.cgi

And suexec is running:
[notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)

httpd -V includes:
-D SUEXEC_BIN="/usr/sbin/suexec"

And suexec -V shows:
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=500
 -D AP_USERDIR_SUFFIX="public_html"

And to be thorough:
-rwxr-xr-x 1 vpopmail vchkpw 103328 Feb 14 03:30 /home/vpopmail/bin/vadduser
-rwxr-x--x 1 vpopmail vchkpw 1720 Jun 10 16:47 /home/vpopmail/etc/onchange

<onchange>
 PATH="/home/vpopmail/bin:/usr/bin:/bin"
 SKEL="/home/vpopmail/skel/"

 if [ "${1:-}" = "add_user" ]
 then
    DIR=`vuserinfo -d ${2:?No email address specified}`
    #p -rp "${SKEL}*" "$DIR"
    cp -rp ${SKEL}* $DIR
    cp -rp ${SKEL}.qmail $DIR
    cp -rp ${SKEL}mailfilter $DIR
 fi

 logger -t onchange "$*"
 echo onchange "$@" > /tmp/update-qmail
</onchange>

# ll -a /home/vpopmail/skel
total 20
drwx------  3 vpopmail vchkpw 4096 Jan 29  2007 .
drwx--x--x 10 vpopmail vchkpw 4096 Feb 14 03:30 ..
drwx------  6 vpopmail vchkpw 4096 Feb 14 03:27 Maildir
-rw-------  1 vpopmail vchkpw 3711 Jan 30  2007 mailfilter
-rw-------  1 vpopmail vchkpw   48 Jan 29  2007 .qmail

To recap:
Vadduser (using sudo or as root) copies all files from skel to new user
directory - no error
Qmailadmin creates Maildir and .qmail in new user directory - onchange
permission denied
Vqregister.cgi creates Maildir in new user directory - onchange permission
denied

No errors shown in suexec.log

It seems like I'm close, but just circling the problem - can you tell what
I'm missing?

Mark


!DSPAM:4df62e5832716000515253!

Reply via email to