Problem with FastCGI/cgi_wrapper

[azn137]

I have Plesk 11.0.9, Apache 2.2.15, and PHP 5.3.3. I can't tell when this started happening, but all of sudden my /var/log/httpd/suexec_log log is filled with this:

[2012-10-19 13:11:13]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:11:25]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:11:52]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:11:52]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:12:29]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:12:44]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:13:05]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:13:09]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:13:09]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:13:43]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper

I've tried fixing it with this method without any luck:

cp -p /usr/sbin/suexec /usr/sbin/suexec.backup
cp -p /usr/local/psa/suexec/psa-suexec /usr/sbin/suexec

The frontend runs fine - I have Wordpress installed - it's just that I'm getting a bunch of these errors every minute. Please help.

 

[azn137]

Btw, turning off mod_fcgid does make the errors to stop appearing in the suexec log, which leads me to believe this is a FastCGI problem.

 

[abdi]

What is your #sestatus results?

 

[azn137]

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

Should I change that to something else?

 

[abdi]

I really think:

[2012-10-19 13:11:13]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:11:25]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper
[2012-10-19 13:11:52]: uid: (10000/fstops) gid: (505/505) cmd: cgi_wrapper

is normal, it would be abnormal if it were complaining about cgi_wrapper not being executable ..

 

[azn137]

Ah ok, thank you. I think it's counter-productive to keep on reporting that something worked. I'd much rather have it only report when it doesn't. Is there a way to change this behavior?

I'm sorry I'm all n00b to this.

 

[abdi]

This is not the best but it works:

rm /var/log/httpd/suexec_log
ln -s /dev/null /var/log/httpd/suexec_log

 

[azn137]

Mucho grassy ***.

 

[abdi]

Mucho grassy ***.

What does that mean