suexec, cgi and off-docroot scripts (monitorix)

Fingerbrot · Jan 29, 2015

Hello

I'm trying to get monitorix to run on plesk apache2 but suexec of plesk wouldn't let me.

Monitorix has a public www directory as the entry point and a cgi directory with the script. It's located in /var/lib/monitorix/www and /var/lib/monitorix/www/cgi.

I've created a subdomain stats.mydomain.com with the DocumentRoot set to /var/www/vhosts/mydomain.com/stats.mydomain.com/.

In plesk I have tried a lot of web server settings to get this to run, even overwriting DocumentRoot to /var/lib/monitorix/www but no matter what I do, when I try to run the simplest test.cgi in /var/lib/monitorix/www/cgi I will always get 500 Internal Server Error with an error in the suexec.log:

Code:

uid: (10000/www) gid: (1003/1003) cmd: test.cgi
command test.cgi not in docroot (10000)

Group 1003 is psacln and user 10000 is www.

I have tried:
- Alias /monitorix /var/lib/monitorix/www and ScriptAlias /cgi var/lib/monitorix/www/cgi
- Set SuexecUserGroup to www psaserv instead of www psacln
- Symlink monitorix in the DocumentRoot to /var/lib/monitorix/www

I'm lost here, I don't know how else I could explain to the plesk suexec that this is all legit and it should just freaking execute the damn script. There must be a lot of users using applications such as monitorix that have their own www and cgi directory, so there must be a way to get this to work. Right?

If you require any log file output or configuration, I will be happy to provide it.

/var/lib/monitorix/www/cgi/test.cgi:

Code:

#!/usr/bin/perl -w
print "Content-type: text/html\r\n\r\n";
print "Hello, World.";

# ./test.cgi

Code:

Content-type: text/html

Hello, World.

suexec.log

Code:

[2015-01-29 15:54:58]: uid: (10000/www) gid: (1003/1003) cmd: test.cgi
[2015-01-29 15:54:58]: command test.cgi not in docroot (10000)
[2015-01-29 15:57:05]: uid: (10000/www) gid: (1002/1002) cmd: test.cgi
[2015-01-29 15:57:05]: command test.cgi not in docroot (10000)

error_log

Code:

[error] [client my.local.ip.here] Premature end of script headers: test.cgi

vhost.conf (latest one where I ran out of ideas what else to try)

Code:

<Directory /var/www/vhosts/domain.com/stats.domain.com/>
  Order deny,allow
  Deny from all
  Allow from my.local.ip.here
  Options ExecCGI FollowSymLinks
</Directory>

ScriptAlias /cgi/ /var/www/vhosts/domain.com/stats.domain.com/monitorix/cgi/
SuexecUserGroup www psaserv

<Directory /var/www/vhosts/domain.com/stats.domain.com/monitorix/cgi/>
  DirectoryIndex monitorix.cgi
  Options ExecCGI
</Directory>

Directory and file permissions
/var/lib/monitorix

Code:

drwxrwxr-x 4 www  psacln  4096 Jan 29 15:32 www

/var/lib/monitorix/www (note that index.html and stuff always works, it's only cgi that causes issues)

Code:

drwxrwxr-x 2 www psaserv  4096 Jan 29 14:58 cgi
drwxrwxrwx 2 www psacln  20480 Jan 29 13:34 imgs
-rw-r--r-- 1 www psacln  7915 Jan 29 15:35 index.html
-rw-r--r-- 1 www psacln  1870 Aug 24 22:03 logo_bot.png
-rw-r--r-- 1 www psacln  4021 Aug 24 22:03 logo_top.png
-rw-r--r-- 1 www psacln  2251 Aug 24 22:03 monitorixico.png

/var/lib/monitorix/www/cgi

Code:

-rwxr-xr-x 1 www psacln 18565 Jan 29 13:38 monitorix.cgi
-rw-r--r-- 1 www psacln  30 Jan 29 15:35 monitorix.conf.path
-rwxr-xr-x 1 www psacln  83 Jan 29 13:55 test.cgi

# md5sum /usr/lib/plesk-9.0/suexec/psa-suexec /usr/sbin/suexec

Code:

84bac94baa7767abacf82afd9b05c661  /usr/lib/plesk-9.0/suexec/psa-suexec
84bac94baa7767abacf82afd9b05c661  /usr/sbin/suexec

edit:
I have installed apache-suexec-custom and replaced any binary of suexec I could find with the one from apache /usr/lib/apache2/suexec.distrib and properly defined the root in /etc/apache/suexec/www-data, now I at least got the scripts to work. It seems to me that plesk suexec can't take any configuration whatsoever...

abdi · Jan 29, 2015

Well, am glad you resolved it your self ...

http://www.monitorix.org/faq.html#Q116

suexec, cgi and off-docroot scripts (monitorix)

Fingerbrot

New Pleskian

abdi

Platinum Pleskian

Similar threads