• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Suexec - Use Custom CGI binary

Is modifiying system functionality (e.g. apache suexec) acceptable behavior of plesk?

  • No

    Votes: 0 0.0%

  • Yes - have it clearly documented and support same commandline flags as original binary

    Votes: 1 100.0%

  • Yes - no spec or whatsoever needed

    Votes: 0 0.0%

  • Unsure

    Votes: 0 0.0%
  • Total voters
    1
  • Poll closed .
criess

criess

New Pleskian
Hi folks,

This is my first post with this forum, so if there is any forum rules i may violate please excuse.

My system is Centos7/EL7 with Plesk v 17.0.17-cos7.build1700161028.14

I try to build a non-plesk-managed webpage hosting infrastructure beside my regular plesk sites (managed through webgui on http://<server>:8443/). The plesk functionalities should not be regarded in this post with exception for suexec binary.

Now I stumbled across an issue with suexec I am not able to solve, because of the lack of documentation on the special suexec binary by plesk.

If set to:
Code: 
<VirtualHost *:3010>
  [...]
  FCGIWrapper /var/www/cgi-bin/cgi_wrapper/cgi_wrapper .php
  [...]
</VirtualHost>

It works but wrong php-cgi binary is started.

If i want to bring my own binary like so:
Code: 
<VirtualHost *:3010>
  [...]
  FCGIWrapper /var/www/cgi-bin/cgi_wrapper/php7 .php
  [...]
</VirtualHost>

suexec starts to complain that command is not in docroot:

Code: 
/var/log/httpd/suexec_log

[...]
[2017-04-26 01:08:00]: uid: (1000/criess) gid: (1008/1008) cmd: php7
[2017-04-26 01:08:00]: command php7 not in docroot (1000)

Seems odd to me as the script is located in the same directory as cgi_wrapper is, which worked fine.

Normally now i try to check suexec configuration and install my cgi binaries accordingly.

This would be done with
Code: 
/usr/sbin/suexec -V

But here plesk suexec doesn't display any information. So i can't move my cgi binary correct or set different owner/rights.

So what should I do now? If i revert to my system suexec (from http rpm package) plesk installer will break suexec again on update or not?

I need a solution to have custom build cgi binaries in custom built vhost config targeting fastcgi operation together with working suexec.

Please help!

Regards, Christoph Rieß
 
Hi folks,

As nobody seems to have any opinion or ideas on that, I'm getting rid of plesk suexec - not sure about security implications - and putting the EL7 System suexec back in place, which seems to work with plesk anyways.

Please: Document this suexec functionality, especially the testing algorithm for allowed cgi binaries needs to be communicated clearly through Plesk manuals.

Thank you

CR
 
Hi,


you have httpdocs/cgi-bin in /var/www/vhosts/(site) and there we can run our cgi's

I could finally run cgit on my server ...

Code: 
cp -a /var/www/cgi-bin/cgit /var/www/vhosts/example.com/httpdocs/cgi-bin/cgit
chown exempleftp:psacln /var/www/vhosts/example.com/httpdocs/cgi-bin/cgit

I added to /var/www/vhosts/system/example.com/conf/vhost_ssl.conf

Code: 
ScriptAlias /cgit /var/www/vhosts/example.com/httpdocs/cgi-bin/cgit
Alias /cgit-data /usr/share/cgit
<Location "/cgit/">
    AuthType Basic
    AuthName "Private Git Access"
    AuthUserFile "/var/www/vhosts/system/exemple.com/pd/d..git@plesk-git"
    Require valid-user
</Location>
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Resolved uid: (10001/superu) gid: (503/503) cmd: cgi_wrapper Error
Replies
6
Views
2K
Bitpalast
Bitpalast
AdrianC
Question php82-fpm stops responding, how to tune, debug, check variables
Replies
4
Views
2K
AdrianC
AdrianC
brother4
Issue Intermittent 503 Errors on Plesk Obsidian (Ubuntu 22.04 LTS) with PHP-FPM Crashes - Seeking Advice
Replies
3
Views
12K
brother4
brother4
R
Issue Custom PHP FPM configuration. Configuration file disappears when registering with php_handler
Replies
4
Views
3K
RDrake
R
F
Resolved FastCGI PHP 500 Internal Server Error cgi_wrapper failed to setgid
Replies
1
Views
4K
Fabrizio
F
Back
Top