Suexec policy violation

[marcosbz]

Hi,
I have an Centos 6 with plesk 8.2 installed.

I have an issue when launching cgi scripts trought web when they are called directly in the main cgi-bin directory. I get the following error:

suexec policy violation: see suexec log for more details

[2007-09-17 17:23:46]: uid: (10002/gutmann) gid: (2524/2524) cmd: test.pl
[2007-09-17 17:23:46]: target uid/gid (10002/2524) mismatch with directory (10002/2523) or program (10002/2524)


If i launch the same cgi program from a sub directoyr all works fine!!
Can someone help me out?

Bye
Marco

 

[Rico Kerster]

That looks like a permission issue (I could be wrong though)

Look up in your httpd config file what you've (or plesk) put as SuexecUserGroup .. then you need to adapt the permissions/owners to exact the same user/group...

Look here:
[2007-09-17 17:23:46]: target uid/gid (10002/2524) mismatch with directory (10002/2523) or program (10002/2524)

target is (10002/2524) but the directory has (10002/2523) so maybe chown 10002.2524 <directory> might solve it.. basically those two have to match or suexec will complain...

Kind regards
Rico

 

[marcosbz]

the group 2523 is the psaserv gruopu, while the 2524 group is the psacln , so I have to let them so.

But even if I change this to follow your instruction I get the same error.

Has anyone any other idea what this could be?

Thank you Rico for the help!

 

[breun]

CentOS 6? Wow, where did you get that?

But anyway, could you post the current ownership and permissions of the dir and script file and the error you're getting?

 

[marcosbz]

Ops, yes it is a Centos 5

this is my domain:
/var/www/vhosts/domain.xx/cgi-bin

drwxr-xr-x 4 gutmann psaserv 4096 17 set 15:53 .
-rwxr-xr-x 1 gutmann psacln 95 17 set 15:46 test.pl

When I call test.pl from http the domain error_log file tells me:

[Mon Sep 24 11:23:09 2007] [error] [client 217.199.3.120] suexec policy violation: see suexec log for more details
[Mon Sep 24 11:23:09 2007] [error] [client 217.199.3.120] Premature end of script headers: test.pl


In the suexec log file:

[2007-09-24 11:23:09]: uid: (10002/gutmann) gid: (2524/2524) cmd: test.pl
[2007-09-24 11:23:09]: target uid/gid (10002/2524) mismatch with directory (10002/2523) or program (10002/2524)


Thank you for help!

 

[matt.simpson]

Did you ever figure this out, I'm running into the same issue.

Best Regards,
Matt Simpson

 

[troymc]

Same problem here. CentOS 5, Plesk 8.2.0.

 

[mettel]

Same problem overhere CentOS5 and plesk 8.2.0.
cgi scripts are running from cgi-bin/whatever but not straight from the cgi-bin directory.


Mathieu

 

[matt.simpson]

Hum. Did you upgrade from an earlier version of Plesk by chance? I upgraded from Plesk 7.5.4 when the directory was /home/httpd/vhosts/domain.com/cgi-bin... now it's /var/www/vhosts/domain.com/cgi-bin... I wonder if this has anything to do with it?

BTW, I'm running RHEL5 and still having this problem.

~Matt Simpson

 

[mettel]

Hello Matt,

In my case it was a clean autoinstaller installation of centos5 and plesk 8.2.0.
I don't know about the others.

Regards,

Mathieu

 

[marcosbz]

Hi!
in my case it was a clean installation too, no upgrades.
I still haven't found a solution for this issue.

Marco

 

[matt.simpson]

Does anyone happen to have a support contract with SWSoft? I do not...

I'd be interested in what they have to say about this.

Best Regards,
Matt Simpson

 

[troymc]

Well, after fighting with this for hours, I got it resolved. Not sure if this will help anyone, but this is how I fixed it. Somehow my suexec file was not the correct file. I have a test server which I had already upgraded to 8.2.1 which had the right file and cgi scripts were running fine. I copied the file to my server and set the correct permissions on it and it started working. BTW, I have now upgraded my server to 8.2.1 and it looks like the upgrade fixed that file because the one I uploaded is now a saved_by_psa file.

 

[crnunez]

Hello,
I have the same issue. CentOS 5 and Plesk 8.2.1.

Someone can help me?

 

[breun]

http://kb.swsoft.com/en/762

 

[ACID25]

Hi

i have the same problem on CentOS-5 with plesk 8.2.1 fresh install
The permissions on suexec are right

ls -al suexec
-r-s--x--- 1 root apache 24692 Nov 16 11:26 suexec

my target is to run all php files under ftpuser

so i create /path/to/domain/bin folder
create script

#!/bin/bash
export PHP_FCGI_CHILDREN=4
export PHP_FCGI_MAX_REQUESTS=500
exec /usr/bin/php-cgi -c /path/to/domain/bin/php.ini $@

cp php.ini also to /bin folder

set the permissions on folder and files in /bin

ls -al bin/
total 20
drwxr-xr-x 2 ftp22 psaserv 4096 Nov 22 16:05 .
drwxr-xr-x 14 root root 4096 Nov 22 16:05 ..
-r-xr-xr-x 1 ftp22 psacln 142 Nov 22 16:05 php.fcgi
-r--r--r-- 1 ftp22 psacln 4220 Nov 22 16:05 php.ini

vhost.conf looks so

<Directory /path/to/domain/httpdocs/>
AddHandler fcgid-script .php
Options +ExecCGI +FollowSymLinks
FCGIWrapper /path/to/domain/bin/php.fcgi .php
</Directory>

but i only got this error message in suexec.log

[2007-11-22 21:38:13]: uid: (10001/ftp22) gid: (2524/2524) cmd: php.fcgi
[2007-11-22 21:38:13]: target uid/gid (10001/2524) mismatch with directory (10001/2523) or program (10001/2524)

so i dont know want is wrong and how can i get this work??
PLEASE HELP!

THX in advance
ACID25

 

[ACID25]

Hi

i tested it with change gid from "psaserv" to ftp group "psacln for the /bin folder

ls -al bin/
total 20
drwxr-xr-x 2 ftp22 psacln 4096 Nov 23 08:50 .
drwxr-xr-x 14 root root 4096 Nov 23 08:50 ..
-r-xr-xr-x 1 ftp22 psacln 142 Nov 23 08:50 php.fcgi
-r--r--r-- 1 ftp22 psacln 4220 Nov 23 08:50 php.ini


and now i got this error message in suexec.log

[2007-11-23 10:20:31]: uid: (10001/ ftp22) gid: (2524/2524) cmd: php.fcgi
[2007-11-23 10:20:31]: (8)Exec format error: exec failed (php.fcgi)


any ideas how i can get php-cgi work ....so that every php file work as mod_fcgid and not as mod_php???

Regards ACID25

 

[breun]

Just making sure FastCGI support for Plesk is installed and renaming .cgi files to .fcgi files does the trick for us.

 

[ACID25]

Hi

thx for your answer....FASTcgi ist enabled for the domain under "setup"

you missunderstood me i want that PHP files run under ftpuser, so i can´t change *.php file to *.cfgi

cgi ist another issue

regards
ACID25

 

[breun]

PHP scripts are run using mod_php, which makes them run as whatever user your webserver runs as (apache on Red Hat/CentOS/Fedora). You're probably looking for suPHP, search the forums for that term.