RES: RES: RES: RES: problem with suexec

Hendrik Bäcker andurin at process-zero.de
Thu Mar 13 12:02:40 CET 2008
Previous message: RES: RES: RES: RES: problem with suexec
Next message: Announce: NSClient++ 0.3.1 Windows agent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wilson A. Galafassi Jr. schrieb:
> I´m running cpanel with alot of websites in this host. So disable suexec
> isn´t an option.
As I wrote - I would not suggest to disable.
> 
> Any sugestion?
What about reading the fine manual to know what suexec is expecting???

> Thanks
> Wilson
> 
> 
> -----Mensagem original-----
> De: Hendrik Bäcker [mailto:andurin at process-zero.de] 
> Enviada em: quarta-feira, 12 de março de 2008 18:34
> Para: Wilson A. Galafassi Jr.
> Cc: 'Max'; nagios-users at lists.sourceforge.net
> Assunto: Re: [Nagios-users] RES: RES: RES: problem with suexec
> 
> Hi,
> 
> I would _not_ suggest to disable suexec, but I suggest that you should 
> be more familar with it....
> 
> So please read the following docs carefully:
> http://httpd.apache.org/docs/2.0/suexec.html
> 
> Wilson A. Galafassi Jr. schrieb:
>> Hello.
>> if  i use the commands:
>> chmod g-w sbin
>> chmod g-w sbin/* 
>>
>> suexec tell me: 
>> [2008-03-12 18:25:02]: error: target uid/gid (32042/32044) mismatch with
>> directory (32121/32123) or program (32121/32123) or trusted user (0/10)
>>
> so... the files are owned by another uid/gid than your apache (i guess).
>> Any other sugestion?
>> Thanks
>> Wilson
>>
>> -----Mensagem original-----
>> De: nagios-users-bounces at lists.sourceforge.net
>> [mailto:nagios-users-bounces at lists.sourceforge.net] Em nome de Max
>> Enviada em: quarta-feira, 12 de março de 2008 14:30
>> Para: nagios-users at lists.sourceforge.net
>> Assunto: Re: [Nagios-users] RES: RES: problem with suexec
>>
>>> [2008-03-11 21:22:04]: directory is writable by others:
>> (/usr/local/nagios/sbin)
>>
>> group writable directory and group writable files ...
>>
>> On Wed, Mar 12, 2008 at 12:12 PM, Wilson A. Galafassi Jr.
>> <wilson.galafassi at gmail.com> wrote:
>>>  # ls -la
>>>  drwxrwxr-x   8 nagios nagios 4096 Mar 10 20:00 .
>>>  drwxr-xr-x  22 root   root   4096 Mar 10 20:00 ..
>>>  drwxrwxr-x   2 nagios nagios 4096 Mar 10 20:00 bin
>>>  drwxrwxr-x   3 nagios nagios 4096 Mar 10 20:32 etc
>>>  drwxrwxr-x   2 nagios nagios 4096 Mar 10 20:41 libexec
>>>  drwxrwxr-x   2 nagios nagios 4096 Mar 10 20:00 sbin
>>>  drwxrwxr-x   9 nagios nagios 4096 Mar 10 20:41 share
>>>  drwxrwxr-x   5 nagios nagios 4096 Mar 12 13:11 var
>>>
>>>  sbin
>>>  # ls -la
>>>  total 3092
>>>  drwxrwxr-x  2 nagios nagios   4096 Mar 10 20:00 .
>>>  drwxrwxr-x  8 nagios nagios   4096 Mar 10 20:00 ..
>>>  -rwxrwxr-x  1 nagios nagios 214472 Mar 10 20:00 avail.cgi
>>>  -rwxrwxr-x  1 nagios nagios 210760 Mar 10 20:00 cmd.cgi
>>>  -rwxrwxr-x  1 nagios nagios 180680 Mar 10 20:00 config.cgi
>>>  -rwxrwxr-x  1 nagios nagios 230024 Mar 10 20:00 extinfo.cgi
>>>  -rwxrwxr-x  1 nagios nagios 184936 Mar 10 20:00 histogram.cgi
>>>  -rwxrwxr-x  1 nagios nagios 168456 Mar 10 20:00 history.cgi
>>>  -rwxrwxr-x  1 nagios nagios 164328 Mar 10 20:00 notifications.cgi
>>>  -rwxrwxr-x  1 nagios nagios 160200 Mar 10 20:00 outages.cgi
>>>  -rwxrwxr-x  1 nagios nagios 164616 Mar 10 20:00 showlog.cgi
>>>  -rwxrwxr-x  1 nagios nagios 221704 Mar 10 20:00 status.cgi
>>>  -rwxrwxr-x  1 nagios nagios 180904 Mar 10 20:00 statusmap.cgi
>>>  -rwxrwxr-x  1 nagios nagios 176648 Mar 10 20:00 statuswml.cgi
>>>  -rwxrwxr-x  1 nagios nagios 164360 Mar 10 20:00 statuswrl.cgi
>>>  -rwxrwxr-x  1 nagios nagios 181832 Mar 10 20:00 summary.cgi
>>>  -rwxrwxr-x  1 nagios nagios 176680 Mar 10 20:00 tac.cgi
>>>  -rwxrwxr-x  1 nagios nagios 189064 Mar 10 20:00 trends.cgi
>>>
>>>
>>>  -----Mensagem original-----
>>>  De: nagios-users-bounces at lists.sourceforge.net
>>>  [mailto:nagios-users-bounces at lists.sourceforge.net] Em nome de Hendrik
>>>  Bäcker
>>>  Enviada em: quarta-feira, 12 de março de 2008 12:07
>>>  Para: nagios-users at lists.sourceforge.net
>>>  Assunto: Re: [Nagios-users] RES: problem with suexec
>>>
>>>
>>>
>>>
>>>
>>>  Wilson A. Galafassi Jr. schrieb:
>>>  > I have tried but the problem persist.
>>>  >
>>>  With the same error message? Show us your directory (ls -la).
>>>
>>>  > Any other idea?
>>>  >
>>>
>>>  > Thanks,
>>>  > Wilson
>>>  >
>>>  > -----Mensagem original-----
>>>  > De: nagios-users-bounces at lists.sourceforge.net
>>>  > [mailto:nagios-users-bounces at lists.sourceforge.net] Em nome de Hendrik
>>>  > Bäcker
>>>  > Enviada em: quarta-feira, 12 de março de 2008 04:27
>>>  > Para: wilson at galafassi.com.br
>>>  > Cc: nagios-users at lists.sourceforge.net
>>>  > Assunto: Re: [Nagios-users] problem with suexec
>>>  >
>>>  > Hi Wilson,
>>>  >
>>>  > Wilson Galafassi schrieb:
>>>  >> hello.
>>>  >> i have installed nagios on my server running apache 2.2.6.
>>>  >>
>>>  >> when i try to access the web interface i see: Internal Server Error
>>>  >>
>>>  >> in error_log i see:
>>>  >> [Tue Mar 11 21:20:15 2008] [error] [client xxx.yyy.zzz.xxxx] suexec
>>>  >> policy violation: see suexec log for more details, referer:
>>>  >> http://www.digitalstorage.com.br/nagios/side.html
>>>  >> [Tue Mar 11 21:20:15 2008] [error] [client xxx.yyy.zzz.xxxx]
> Premature
>>>  >> end of script headers: tac.cgi, referer:
>>>  >> http://www.digitalstorage.com.br/nagios/side.html
>>>  >> [Tue Mar 11 21:20:15 2008] [error] [client xxx.yyy.zzz.xxxx] File
> does
>>>  >> not exist: /home/digital/public_html/500.shtml, referer:
>>>  >> http://www.digitalstorage.com.br/nagios/side.html
>>>  >>
>>>  >> in suexec_log:
>>>  >> [2008-03-11 21:22:04]: uid: (32042/digital) gid: (32044/32044) cmd:
>>>  > tac.cgi
>>>  >> [2008-03-11 21:22:04]: directory is writable by others:
>>>  > (/usr/local/nagios/sbin)
>>>  > Well, did you begin to re-set the permissions?
>>>  > I don't know suexec in depth but in your situation I would start to
> try
>>>  > to do what suexec suggests. After each step I would control if the
>>>  > balance between application and security is givven.
>>>  >
>>>  > So like your suexec_log: change the directory permission of
>>>  > "/usr/local/nagios/sbin" to make it not writable by "other" (chmod o-w
>>>  > /usr/local/nagios/sbin)
>>>  >
>>>  > Regards
>>>  > Hendrik
>>>  >
>>>  >
>> -------------------------------------------------------------------------
>>>  > This SF.net email is sponsored by: Microsoft
>>>  > Defy all challenges. Microsoft(R) Visual Studio 2008.
>>>  > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>  > _______________________________________________
>>>  > Nagios-users mailing list
>>>  > Nagios-users at lists.sourceforge.net
>>>  > https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>  > ::: Please include Nagios version, plugin version (-v) and OS when
>>>  reporting
>>>  > any issue.
>>>  > ::: Messages without supporting info will risk being sent to /dev/null
>>>  >
>>>  >
>>>
>>>
> -------------------------------------------------------------------------
>>>  This SF.net email is sponsored by: Microsoft
>>>  Defy all challenges. Microsoft(R) Visual Studio 2008.
>>>  http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>  _______________________________________________
>>>  Nagios-users mailing list
>>>  Nagios-users at lists.sourceforge.net
>>>  https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>  ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting
>>>  any issue.
>>>  ::: Messages without supporting info will risk being sent to /dev/null
>>>
>>>
>>>
> -------------------------------------------------------------------------
>>>  This SF.net email is sponsored by: Microsoft
>>>  Defy all challenges. Microsoft(R) Visual Studio 2008.
>>>  http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>>>  _______________________________________________
>>>  Nagios-users mailing list
>>>  Nagios-users at lists.sourceforge.net
>>>  https://lists.sourceforge.net/lists/listinfo/nagios-users
>>>  ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>>>  ::: Messages without supporting info will risk being sent to /dev/null
>>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting
>> any issue. 
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Microsoft
>> Defy all challenges. Microsoft(R) Visual Studio 2008.
>> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue. 
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
> 
> 

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: RES: RES: RES: RES: problem with suexec
Next message: Announce: NSClient++ 0.3.1 Windows agent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list