• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Multiple cgi_wrapper files

K

Kev

Guest
Hi all. I'm currently stumped by a problem of running different cgi wrapper files. My objective is to have different cgi wrapper files which run different versions of php so that we can easily test sites on different version of php by altering the vhost.conf. However what i have found is that the only cgi wrapper i can use for this is the default one provided as /var/www/cgi-bin/cgi_wrapper/cgi_wrapper. I am able to alter the file executed in cgi_wrapper to run my different php versions so those files do not seem an issue.

I'll summarise the full problem below but a very brief description (tl;dr version) is:
If i rename the cgi_wrapper file (and copy perms) and alter the Action for the handler the wrapper will not work, it's almost like it doesn't allow it if it has a different name, thus are only certain files allowed to be executed as cgi wrappers and if so how is that configured.

Setup is Ubuntu 10.04, apache 2.2.14

So these are the steps i take to reproduce the problem. First in the hosting settings for my domain I have specified no server side scripting. So nothing there can conflict.

Then in my vhost.conf for the domain i set up php using cgi by adding the following (as taken from whats added to vhost.conf when cgi is enabled):
Code: 
<Files ~ (\.php)>
    SetHandler None
    AddHandler php-script .php
    Options +ExecCGI
    allow from all
</Files>

php-script action is set in /etc/apache2/conf.d/php_cgi.conf and by default contains
Code: 
scriptAlias /phppath/ "/var/www/cgi-bin/cgi_wrapper/"
Action php-script /phppath/cgi_wrapper

with the domain reconfigured php now works. I can even alter cgi_wrapper to use a different php-cgi binary and this works.

now where things get confusing is if i now replicate cgi_wrapper with
Code: 
# cp /var/www/cgi-bin/cgi_wrapper/cgi_wrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper2
# chmod 755 /var/www/cgi-bin/cgi_wrapper/cgi_wrapper2
both cgi_wrapper and cgi_wrapper2 have some user:group and perms

and alter /etc/apache2/conf.d/php_cgi.conf to be
Code: 
scriptAlias /phppath/ "/var/www/cgi-bin/cgi_wrapper/"
Action php-script /phppath/cgi_wrapper2
and restart apache

if i call a php file i now get a 500 response and in the error log it says (the cgi uniformly unhelpful):
Code: 
[Sat Mar 26 22:48:34 2011] [error] [client 81.105.99.186] Premature end of script headers: cgi_wrapper2

Any advice on this or as to as to whether this a plesk issue or apache one would be most appreciated because I really feel stuck on this and just editing the cgi_wrapper file to a different php bin seems like a hacky approach that wouldn't be good as we have multiple sites and some might use a particular php version permanently.

Thanks
 
I've done some more research and found that in the suexec log i'm getting error
Code: 
[2011-03-26 22:48:34]: uid: (10001/rbdev) gid: (1004/1004) cmd: cgi_wrapper2
[2011-03-26 22:48:34]: command cgi_wrapper2 not in docroot (10001)

so i'm wondering if the suexec docroot is set to just /var/www/cgi-bin/cgi_wrapper/cgi_wrapper which would seem odd but i can't get the suexec binary to spit out the details to see or have any idea how to change the docroot.
 
Late reply, I know..

But I was looking into this aswell, when trying to use these guides:

http://forum.parallels.com/showthread.php?t=259084
http://kb.parallels.com/114753


And I found the following:

[root@someserver ~]# grep -R "cgi_wrapper" 2>/dev/null /etc/httpd/
/etc/httpd/logs/suexec_log:[2013-01-06 16:29:58]: uid: (99999someuser) gid: (9999/9999) cmd: cgi_wrapper
/etc/httpd/logs/suexec_log:[2013-01-06 16:30:44]: uid: (99999/someuser) gid: (9999/9999) cmd: cgi_wrapper.bak
/etc/httpd/logs/suexec_log:[2013-01-06 16:30:44]: command cgi_wrapper.bak not in docroot (99999)
/etc/httpd/conf.d/php_cgi.conf:scriptAlias /phppath/ "/var/www/cgi-bin/cgi_wrapper/"
/etc/httpd/conf.d/php_cgi.conf:Action php-script /phppath/cgi_wrapper
Click to expand...


[root@someserver ~]# grep -R "cgi_wrapper" 2>/dev/null /usr/local/psa/
Binary file /usr/local/psa/suexec/psa-suexec matches
Click to expand...


When I opened psa-suexec:

^@AUTH_TYPE^@CONTENT_LENGTH^@CONTENT_TYPE^@DATE_GMT^@DATE_LOCAL^@DOCUMENT_NAME^@DOCUMENT_PATH_INFO^@DOCUMENT_ROOT^@DOCUMENT_URI^@FILEPATH_INFO^@GATEWAY_INTERFACE^@HTTP9^@^@^@^@^@^@^@cannot get current working directory
^@^@^@/var/www/cgi-bin/cgi_wrapper/cgi_wrapper^@^@^@^@^@^@^@^@invalid webuser name! webuser's name length should be less than or equal to 32.
Click to expand...


It seems that the DOCUMENT_ROOT is hardcoded into the exeutable :(
However, as described in this thread: http://forum.parallels.com/showthread.php?t=259084
Some people are able to override this..


So I guess they have another version of psa-suexec
 
Last edited:
You must log in or register to reply here.

Similar threads

Bod
Question Upstream Apache directive blocking .htaccess file directives
Replies
5
Views
6K
Bod
Bod
Bod
Question Perl on Debian
Replies
4
Views
291
kpushkarev
K
S
Resolved uid: (10001/superu) gid: (503/503) cmd: cgi_wrapper Error
Replies
6
Views
1K
Bitpalast
Bitpalast
H.W.B
Issue Can not run CGI-BIN scripts Error 403
Replies
7
Views
2K
H.W.B
H.W.B
S
Resolved Cannot log in with WP Toolkit, pathing problem
Replies
6
Views
3K
Peter Debik
P
Back
Top