• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

suexec, cgi and off-docroot scripts (monitorix)

F

Fingerbrot

New Pleskian
Hello

I'm trying to get monitorix to run on plesk apache2 but suexec of plesk wouldn't let me.

Monitorix has a public www directory as the entry point and a cgi directory with the script. It's located in /var/lib/monitorix/www and /var/lib/monitorix/www/cgi.

I've created a subdomain stats.mydomain.com with the DocumentRoot set to /var/www/vhosts/mydomain.com/stats.mydomain.com/.

In plesk I have tried a lot of web server settings to get this to run, even overwriting DocumentRoot to /var/lib/monitorix/www but no matter what I do, when I try to run the simplest test.cgi in /var/lib/monitorix/www/cgi I will always get 500 Internal Server Error with an error in the suexec.log:

Code: 
uid: (10000/www) gid: (1003/1003) cmd: test.cgi
command test.cgi not in docroot (10000)

Group 1003 is psacln and user 10000 is www.

I have tried:
- Alias /monitorix /var/lib/monitorix/www and ScriptAlias /cgi var/lib/monitorix/www/cgi
- Set SuexecUserGroup to www psaserv instead of www psacln
- Symlink monitorix in the DocumentRoot to /var/lib/monitorix/www

I'm lost here, I don't know how else I could explain to the plesk suexec that this is all legit and it should just freaking execute the damn script. There must be a lot of users using applications such as monitorix that have their own www and cgi directory, so there must be a way to get this to work. Right?

If you require any log file output or configuration, I will be happy to provide it.

/var/lib/monitorix/www/cgi/test.cgi:
Code: 
#!/usr/bin/perl -w
print "Content-type: text/html\r\n\r\n";
print "Hello, World.";
# ./test.cgi
Code: 
Content-type: text/html

Hello, World.
suexec.log
Code: 
[2015-01-29 15:54:58]: uid: (10000/www) gid: (1003/1003) cmd: test.cgi
[2015-01-29 15:54:58]: command test.cgi not in docroot (10000)
[2015-01-29 15:57:05]: uid: (10000/www) gid: (1002/1002) cmd: test.cgi
[2015-01-29 15:57:05]: command test.cgi not in docroot (10000)
error_log
Code: 
[error] [client my.local.ip.here] Premature end of script headers: test.cgi
vhost.conf (latest one where I ran out of ideas what else to try)
Code: 
<Directory /var/www/vhosts/domain.com/stats.domain.com/>
  Order deny,allow
  Deny from all
  Allow from my.local.ip.here
  Options ExecCGI FollowSymLinks
</Directory>

ScriptAlias /cgi/ /var/www/vhosts/domain.com/stats.domain.com/monitorix/cgi/
SuexecUserGroup www psaserv

<Directory /var/www/vhosts/domain.com/stats.domain.com/monitorix/cgi/>
  DirectoryIndex monitorix.cgi
  Options ExecCGI
</Directory>

Directory and file permissions
/var/lib/monitorix
Code: 
drwxrwxr-x 4 www  psacln  4096 Jan 29 15:32 www
/var/lib/monitorix/www (note that index.html and stuff always works, it's only cgi that causes issues)
Code: 
drwxrwxr-x 2 www psaserv  4096 Jan 29 14:58 cgi
drwxrwxrwx 2 www psacln  20480 Jan 29 13:34 imgs
-rw-r--r-- 1 www psacln  7915 Jan 29 15:35 index.html
-rw-r--r-- 1 www psacln  1870 Aug 24 22:03 logo_bot.png
-rw-r--r-- 1 www psacln  4021 Aug 24 22:03 logo_top.png
-rw-r--r-- 1 www psacln  2251 Aug 24 22:03 monitorixico.png
/var/lib/monitorix/www/cgi
Code: 
-rwxr-xr-x 1 www psacln 18565 Jan 29 13:38 monitorix.cgi
-rw-r--r-- 1 www psacln  30 Jan 29 15:35 monitorix.conf.path
-rwxr-xr-x 1 www psacln  83 Jan 29 13:55 test.cgi
# md5sum /usr/lib/plesk-9.0/suexec/psa-suexec /usr/sbin/suexec
Code: 
84bac94baa7767abacf82afd9b05c661  /usr/lib/plesk-9.0/suexec/psa-suexec
84bac94baa7767abacf82afd9b05c661  /usr/sbin/suexec

edit:
I have installed apache-suexec-custom and replaced any binary of suexec I could find with the one from apache /usr/lib/apache2/suexec.distrib and properly defined the root in /etc/apache/suexec/www-data, now I at least got the scripts to work. It seems to me that plesk suexec can't take any configuration whatsoever...
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Issue How to update PHP open_basedir and/or httpd.conf server wide?
Replies
9
Views
568
MHC_1
M
K
Issue not starting the following service:maldet.service,php-fpm.service,[email protected]
Replies
0
Views
1K
kalombo
K
V
Resolved PHP Warning: unlink(/usr/local/psa/var/modules/watchdog/report/security_2022-01-31): No such file or directory
2
Replies
24
Views
6K
Kaspar
K
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
Oscar Segura
Issue Upgrading from Ubuntu 20.04 to 22.04: failed reboot
Replies
0
Views
3K
Oscar Segura
Oscar Segura
Back
Top