Current time: 10-24-2025, 05:58 AM Hello There, Guest! (LoginRegister)


Post Reply 
403 Forbidden when trying to get suexec+mod_fcgid working
Author Message
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #1
403 Forbidden when trying to get suexec+mod_fcgid working
Hey guys,

Just for reference, i'm running:
-Gentoo 2007.0
-Apache 2.2..6
-mod_fcgid-1.10


I'm trying to get all the gentoo configs cleaned up so the install works out of the box and i'm currently hung up on fcgid+suexec issues.

When set the FCGIWrapper to /var/www/fcgi/master/php5-fcgi-starter and enable suexec i get the following error in my suexec_log:

{{{[2007-11-11 17:08:15]: uid: (2000/vu2000) gid: (2000/2000) cmd: php5-fcgi-starter
[2007-11-11 17:08:15]: target uid/gid (2000/2000) mismatch with directory (0/0) or program (2000/2000)}}}


{{{~ # ls -la /var/www/fcgi/master/
total 8
drwxr-xr-x 4 root root 176 Nov 11 21:07 .
drwxr-xr-x 3 root root 72 Nov 11 16:06 ..
drwxr-xr-x 2 root root 72 Nov 11 16:06 php4
-rwxr-xr-x 1 vu2000 vu2000 203 Nov 11 21:30 php4-fcgi-starter
drwxr-xr-x 2 root root 72 Nov 11 16:06 php5
-rwxr-xr-x 1 vu2000 vu2000 203 Nov 11 21:30 php5-fcgi-starter
}}}

{{{~ # ls -la /var/www/ispcp/gui/
total 34
dr-xr-xr-x 12 vu2000 apache 504 Nov 11 16:56 .
drwxr-xr-x 7 vu2000 vu2000 168 Nov 11 16:06 ..
dr-xr-xr-x 3 vu2000 apache 1872 Nov 11 15:57 admin
dr-xr-xr-x 3 vu2000 apache 2232 Nov 11 15:57 client
dr-xr-xr-x 4 vu2000 apache 128 Nov 11 15:57 domain_default_page
dr-xr-xr-x 4 vu2000 apache 248 Nov 11 15:57 errordocs
-r--r--r-- 1 vu2000 apache 1886 Nov 11 21:19 favicon.ico
-r--r--r-- 1 vu2000 apache 1016 Nov 11 21:20 imagecode.php
dr-xr-xr-x 5 vu2000 apache 976 Nov 11 15:57 include
-r--r--r-- 1 vu2000 apache 3004 Nov 11 21:20 index.php
-r--r--r-- 1 vu2000 apache 4508 Nov 11 21:20 lostpassword.php
dr-xr-xr-x 3 vu2000 apache 264 Nov 11 15:57 orderpanel
drwxr-xr-x 3 vu2000 apache 152 Nov 11 16:52 phptmp
dr-xr-xr-x 3 vu2000 apache 1568 Nov 11 15:57 reseller
-r--r--r-- 1 vu2000 apache 43 Nov 11 21:20 robots.txt
-r--r--r-- 1 vu2000 apache 20 Nov 11 16:56 test.php
dr-xr-xr-x 5 vu2000 apache 136 Nov 11 15:57 themes
dr-xr-xr-x 6 vu2000 apache 184 Nov 11 15:57 tools
}}}


Anyone have any ideas on what the issue is here? I would like to get this fixed, so I can run through and verify the other changes I've made and check in my updated configs.

Thanks,
Jesse
11-14-2007 04:08 PM
Find all posts by this user Quote this message in a reply
achioo Offline
Junior Member
*

Posts: 76
Joined: Nov 2006
Reputation: 0
Post: #2
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
chown your php5 directory in your master folder to be that of your vu2000
11-15-2007 12:45 AM
Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #3
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
achioo Wrote:chown your php5 directory in your master folder to be that of your vu2000

Thanks for the idea. I messed around with my folder permissions/ownership before but it looks like I always had at least one thing incorrect each time. It appears that the magic trick to get this working was to chown /var/www/fcgi/master folder itself as vu2000:vu2000.

This was how it was after running the installation script. Can someone chime in with where change need to be made to correctly chown the directory?

Thanks,
Jesse
11-15-2007 02:55 AM
Find all posts by this user Quote this message in a reply
jmeyerdo Offline
Junior Member
*

Posts: 173
Joined: Oct 2007
Reputation: 2
Post: #4
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
pasichnyk Wrote:This was how it was after running the installation script. Can someone chime in with where change need to be made to correctly chown the directory?

I remember the same problem with my CentOS-installation.
Is this a general bug or is it distro-dependent?

Kind regards, Jens
11-15-2007 03:02 AM
Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #5
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
jmeyerdo Wrote:
pasichnyk Wrote:This was how it was after running the installation script. Can someone chime in with where change need to be made to correctly chown the directory?

I remember the same problem with my CentOS-installation.
Is this a general bug or is it distro-dependent?

Kind regards, Jens


I don't believe ispcp-setup has any distro specific code in it (that should be done via the configs/dist folder right?

I would guess that this is a system wide issue. I can file a bug against it, but would much rather have a working patch to provide as well. Smile

If anyone has a patch for this, or can point me to where it needs to be changed, please let me know.

Personally, i think we need to add a chown into: setup_php_master_user_dirs() in the ispcp-setup script... Just after we create the master/php4 and master/php5 directories.

-
Jesse
11-15-2007 03:11 AM
Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #6
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
How about adding this to the setup_php_master_user_dirs():

my $master_username = $main::cfg{'APACHE_SUEXEC_USER_PREF'}$main::cfg{'APACHE_SUEXEC_MIN_UID'};
my $master_groupname = $main::cfg{'APACHE_SUEXEC_USER_PREF'}$main::cfg{'APACHE_SUEXEC_MIN_GID'};

$cmd = "$main::cfg{'CMD_CHOWN'} $master_username:$master_groupname $starter_dir/master";
$rs = sys_command($cmd);
return $rs if ($rs != 0);


I haven't tested this yet, but I believe it should work... Smile
(This post was last modified: 11-15-2007 03:26 AM by pgentoo.)
11-15-2007 03:24 AM
Find all posts by this user Quote this message in a reply
jmeyerdo Offline
Junior Member
*

Posts: 173
Joined: Oct 2007
Reputation: 2
Post: #7
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
pasichnyk Wrote:Personally, i think we need to add a chown into: setup_php_master_user_dirs() in the ispcp-setup script... Just after we create the master/php4 and master/php5 directories.

As I remember the error occured only with the master-domain - not for all new created domains, isn't it?
In this case you have to check the install-script:
/var/www/ispcp/engine/setup/ispcp-setup

I am not really sure about the correct line. But I would assume this is not hard for one of the developers. ;-)

Kind regards, Jens
11-15-2007 03:32 AM
Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #8
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
Actually,

I ended up with:

my $master_username = "$main::cfg{'APACHE_SUEXEC_USER_PREF'}$main::cfg{'APACHE_SUEXEC_MIN_UID'}";
my $master_groupname = "$main::cfg{'APACHE_SUEXEC_USER_PREF'}$main::cfg{'APACHE_SUEXEC_MIN_GID'}";

my $cmd = "$main::cfg{'CMD_CHOWN'} $master_username:$master_groupname $starter_dir/master";
$rs = sys_command($cmd);
return $rs if ($rs != 0);


This appears to work fine. Can one of the devs confirm that this is the correct thing to do to fix this issue? I don't want to create some other problem (security?) by making this change to the installer.

Thanks,
Jesse
11-15-2007 04:58 AM
Find all posts by this user Quote this message in a reply
RatS Offline
Project Leader
******

Posts: 1,854
Joined: Oct 2006
Reputation: 17
Post: #9
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
It looks like a bug. master-folder has to have first UID-User and -Group (normally 2000). I'll fix it. Thank you for your tests pasichnyk
11-15-2007 07:53 PM
Visit this user's website Find all posts by this user Quote this message in a reply
pgentoo Offline
Member
*****
Dev Team

Posts: 326
Joined: Mar 2007
Reputation: 0
Post: #10
RE: 403 Forbidden when trying to get suexec+mod_fcgid working
RatS Wrote:It looks like a bug. master-folder has to have first UID-User and -Group (normally 2000). I'll fix it. Thank you for your tests pasichnyk

RatS,

In case you need it, I've attached my patch for the permissions change. This also includes a change to do a search/replace on 00_master.conf for {PHP_VERSION} to properly support running the site with php4-fcgi-starter or php5-fcgi-starter. Please see attached.

Thanks,
Jesse


Attached File(s)
.txt  ispcp-setup.patch.txt (Size: 1.35 KB / Downloads: 11)
11-16-2007 02:03 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)