[Pkg-dspam-misc] suexec interface not working for web-based administration GUI

Erik Weber eweber at iqnet-ag.de
Tue Feb 28 11:32:07 UTC 2006 

Dear Maintainer(s),

after rebuilding dspam 3.6.2-2 in "sarge" enviroment I was not able to get "suexec" working properly with 
apache-ssl  1.3.33-6sarge1 .

Configuration file /etc/apache-ssl/conf.d/dspam-apache.conf contains following contents:
-----------------------------
<VirtualHost exchange:*>
#
    User www-data
    Group www-data
    SSLRequireSSL
    servername exchange
    Alias /dspam/ /var/www/dspam/

    <Directory /var/www/dspam>
        Options FollowSymLinks +ExecCGI 
        AllowOverride None
#       Order deny,allow
#       Deny from all
        Addhandler cgi-script .cgi
        DirectoryIndex dspam.cgi
#
        AuthType Basic
        AuthLDAPAuthoritative on
        AuthLDAPEnabled on
        AuthLDAPBindDN "cn=Query,dc=iqnet-ag,dc=de"
        AuthLDAPBindPassword <removed> 
        AuthLDAPURL ldap://127.0.0.1:389/ou=auth_user,ou=ADMDT,dc=iqnet-ag,dc=de
        Require valid-user
        AuthName "DSPAM Control Center"
    </Directory>

</VirtualHost>
---------------------------------------------

Changing user/group to

User dspam
Group dspam

as recommended gives error messages in /var/log/apache-ssl/error.log:
---------------------------------------------------------------------------------------------
[Tue Feb 28 11:07:52 2006] [notice] SIGHUP received.  Attempting to restart
[Tue Feb 28 11:07:52 2006] /usr/lib/apache-ssl/gcache started
[Tue Feb 28 11:07:52 2006] [notice] Apache/1.3.33 Ben-SSL/1.55 (Debian GNU/Linux) configured -- resuming normal operations
[Tue Feb 28 11:07:52 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/lib/apache-ssl/suexec)
[Tue Feb 28 11:07:52 2006] [notice] Accept mutex: sysvsem (Default: sysvsem)
[Tue Feb 28 11:07:54 2006] [error] (13)Permission denied: exec of /usr/local/bin//admin.cgi failed
[Tue Feb 28 11:07:54 2006] [error] [client 192.168.216.254] malformed header from script. Bad header=Launching... /usr/lib/apache-s: /usr/local/bin//admin.cgi
[Tue Feb 28 11:08:23 2006] [error] (13)Permission denied: exec of /usr/local/bin//dspam.cgi failed
---------------------------------------------------------------------------------------------

Thats just some sample when I tried SAFE_PATH locations of cgi binaries.

(ok, changing permissions of /var/spool/dspam etc. circumvents the problem, but its not nice)

Any advise?

Best regard
Erik Weber, eweber at iqnet-ag.de

More information about the Pkg-dspam-misc mailing list