[Pkg-dspam-misc] suexec interface not working for web-based
administration GUI
Erik Weber
eweber at iqnet-ag.de
Tue Feb 28 11:32:07 UTC 2006
Dear Maintainer(s),
after rebuilding dspam 3.6.2-2 in "sarge" enviroment I was not able to get "suexec" working properly with
apache-ssl 1.3.33-6sarge1 .
Configuration file /etc/apache-ssl/conf.d/dspam-apache.conf contains following contents:
-----------------------------
<VirtualHost exchange:*>
#
User www-data
Group www-data
SSLRequireSSL
servername exchange
Alias /dspam/ /var/www/dspam/
<Directory /var/www/dspam>
Options FollowSymLinks +ExecCGI
AllowOverride None
# Order deny,allow
# Deny from all
Addhandler cgi-script .cgi
DirectoryIndex dspam.cgi
#
AuthType Basic
AuthLDAPAuthoritative on
AuthLDAPEnabled on
AuthLDAPBindDN "cn=Query,dc=iqnet-ag,dc=de"
AuthLDAPBindPassword <removed>
AuthLDAPURL ldap://127.0.0.1:389/ou=auth_user,ou=ADMDT,dc=iqnet-ag,dc=de
Require valid-user
AuthName "DSPAM Control Center"
</Directory>
</VirtualHost>
---------------------------------------------
Changing user/group to
User dspam
Group dspam
as recommended gives error messages in /var/log/apache-ssl/error.log:
---------------------------------------------------------------------------------------------
[Tue Feb 28 11:07:52 2006] [notice] SIGHUP received. Attempting to restart
[Tue Feb 28 11:07:52 2006] /usr/lib/apache-ssl/gcache started
[Tue Feb 28 11:07:52 2006] [notice] Apache/1.3.33 Ben-SSL/1.55 (Debian GNU/Linux) configured -- resuming normal operations
[Tue Feb 28 11:07:52 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache-ssl/suexec)
[Tue Feb 28 11:07:52 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Tue Feb 28 11:07:54 2006] [error] (13)Permission denied: exec of /usr/local/bin//admin.cgi failed
[Tue Feb 28 11:07:54 2006] [error] [client 192.168.216.254] malformed header from script. Bad header=Launching... /usr/lib/apache-s: /usr/local/bin//admin.cgi
[Tue Feb 28 11:08:23 2006] [error] (13)Permission denied: exec of /usr/local/bin//dspam.cgi failed
---------------------------------------------------------------------------------------------
Thats just some sample when I tried SAFE_PATH locations of cgi binaries.
(ok, changing permissions of /var/spool/dspam etc. circumvents the problem, but its not nice)
Any advise?
Best regard
Erik Weber, eweber at iqnet-ag.de
More information about the Pkg-dspam-misc
mailing list