• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Suexec - Use Custom CGI binary

Is modifiying system functionality (e.g. apache suexec) acceptable behavior of plesk?

  • No

    Votes: 0 0.0%
  • Yes - have it clearly documented and support same commandline flags as original binary

    Votes: 1 100.0%
  • Yes - no spec or whatsoever needed

    Votes: 0 0.0%
  • Unsure

    Votes: 0 0.0%

  • Total voters
    1
  • Poll closed .

criess

New Pleskian
Hi folks,

This is my first post with this forum, so if there is any forum rules i may violate please excuse.

My system is Centos7/EL7 with Plesk v 17.0.17-cos7.build1700161028.14

I try to build a non-plesk-managed webpage hosting infrastructure beside my regular plesk sites (managed through webgui on http://<server>:8443/). The plesk functionalities should not be regarded in this post with exception for suexec binary.

Now I stumbled across an issue with suexec I am not able to solve, because of the lack of documentation on the special suexec binary by plesk.

If set to:
Code:
<VirtualHost *:3010>
  [...]
  FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
  [...]
</VirtualHost>

It works but wrong php-cgi binary is started.

If i want to bring my own binary like so:
Code:
<VirtualHost *:3010>
  [...]
  FCGIWrapper /var/www/cgi-bin/cgi_wrapper/php7 .php
  [...]
</VirtualHost>

suexec starts to complain that command is not in docroot:

Code:
/var/log/httpd/suexec_log

[...]
[2017-04-26 01:08:00]: uid: (1000/criess) gid: (1008/1008) cmd: php7
[2017-04-26 01:08:00]: command php7 not in docroot (1000)

Seems odd to me as the script is located in the same directory as cgi_wrapper is, which worked fine.

Normally now i try to check suexec configuration and install my cgi binaries accordingly.

This would be done with
Code:
/usr/sbin/suexec -V

But here plesk suexec doesn't display any information. So i can't move my cgi binary correct or set different owner/rights.

So what should I do now? If i revert to my system suexec (from http rpm package) plesk installer will break suexec again on update or not?

I need a solution to have custom build cgi binaries in custom built vhost config targeting fastcgi operation together with working suexec.

Please help!

Regards, Christoph Rieß
 
Hi folks,

As nobody seems to have any opinion or ideas on that, I'm getting rid of plesk suexec - not sure about security implications - and putting the EL7 System suexec back in place, which seems to work with plesk anyways.

Please: Document this suexec functionality, especially the testing algorithm for allowed cgi binaries needs to be communicated clearly through Plesk manuals.

Thank you

CR
 
Hi,


you have httpdocs/cgi-bin in /var/www/vhosts/(site) and there we can run our cgi's

I could finally run cgit on my server ...

Code:
cp -a /var/www/cgi-bin/cgit /var/www/vhosts/example.com/httpdocs/cgi-bin/cgit
chown exempleftp:psacln /var/www/vhosts/example.com/httpdocs/cgi-bin/cgit

I added to /var/www/vhosts/system/example.com/conf/vhost_ssl.conf

Code:
ScriptAlias /cgit /var/www/vhosts/example.com/httpdocs/cgi-bin/cgit
Alias /cgit-data /usr/share/cgit
<Location "/cgit/">
    AuthType Basic
    AuthName "Private Git Access"
    AuthUserFile "/var/www/vhosts/system/exemple.com/pd/d..git@plesk-git"
    Require valid-user
</Location>
 
Last edited:
Back
Top