Discussion:
Apache and suexec issue that wont let me run my python script
(too old to reply)
Νικόλαος Κούρας
2013-05-31 14:14:39 UTC
Permalink
i want to test a python script i made online online and i receive this message:

Code:
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] suexec failure: could not open log file
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] fopen: Permission denied
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] Premature end of script headers: koukos.py
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] File does not exist: /home/nikos/public_html/500.shtml


when i tail -F /usr/local/apache/logs/error_log &

What this error means?

It appears that the effective user of the script does not have permission to open the log file
that the suexec call requires.
- fopen reported "permission denied", presumably on the logfile
- suexec, receiving the fopen "permission denied" error, reported "could not open log file"

These errors, in turn, seem to have prematurely terminated the script headers that i use in
koukos.py script, causing the koukos.py script to fail. This caused apache to report (with a generic
and inappropriate error message) that the shtml file that invokes the script failed.

i had:
chown nikos:nikos ./koukos.py
chmod 755 ./koukos.py

but the problem still remains.
suexec is not getting as far as running
the script. I need to study the local
configuration, to discover why suexec is being used when i don’t want it to be.

Can someone please look into this because iam unexperienced with these types of issues?
Νικόλαος Κούρας
2013-06-01 00:01:44 UTC
Permalink
[code]
***@nikos [/home/nikos/www/cgi-bin]# chmod g+w /usr/local/apache/logs/suexec_log
***@nikos [/home/nikos/www/cgi-bin]# ls -al /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 506823 Jun 1 02:55 /usr/local/apache/logs/suexec_log
[code]

[code]
***@nikos [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
***@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log
[code]

ans still iam gettign the same error.....
Bruce Esquibel
2013-06-01 13:19:59 UTC
Permalink
Post by Νικόλαος Κούρας
[code]
-rw-rw-r-- 1 root apache 506823 Jun 1 02:55 /usr/local/apache/logs/suexec_log
[code]
[code]
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log
[code]
ans still iam gettign the same error.....
Try doing "chmod 666 /var/log/httpd/suexec.log" and see if the error goes away.

I think what the problem is, you have the owner and group as root:root with
read/write permissions, but apache is likely is owned by something else
(www:www or apache:webservd).

So either change the group ownership of the log file to the group apache is
running as or change the log file to world read/write, which isn't safe if
other people can log into the box, but is generally harmless with log files.

Also check the permissions of /var/log/httpd directory itself, if that is
owner-only read/write that is another problem. Doing a 666 on it like the
log file will work.

-bruce
***@ripco.com
Νικόλαος Κούρας
2013-06-04 06:49:52 UTC
Permalink
Post by Bruce Esquibel
Post by Νικόλαος Κούρας
[code]
-rw-rw-r-- 1 root apache 506823 Jun 1 02:55 /usr/local/apache/logs/suexec_log
[code]
[code]
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log
[code]
ans still iam gettign the same error.....
Try doing "chmod 666 /var/log/httpd/suexec.log" and see if the error goes away.
I think what the problem is, you have the owner and group as root:root with
read/write permissions, but apache is likely is owned by something else
(www:www or apache:webservd).
So either change the group ownership of the log file to the group apache is
running as or change the log file to world read/write, which isn't safe if
other people can log into the box, but is generally harmless with log files.
Also check the permissions of /var/log/httpd directory itself, if that is
owner-only read/write that is another problem. Doing a 666 on it like the
log file will work.
Thank you Bruce i wull try it. I though also too but i did what you say before asking here in:

chmod apache:apache /usr/local/Apache/logs/suexec.log

but the error didn't go away, which tells me to ask:

Whats the relation between

/var/log/httpd/suexec.log
and
/usr/local/Apache/logs/suexec.log

as well as

/var/log/httpd/error.log
and
/usr/local/Apache/logs/error.log

?
Νικόλαος Κούρας
2013-06-04 10:17:30 UTC
Permalink
I just tried out those:

***@nikos [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log

***@nikos [~]# ls -l /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 532667 Jun 4 13:11 /usr/local/apache/logs/suexec_log

***@nikos [~]# chown root:apache /var/log/httpd/suexec.log

***@nikos [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log

but i'm not sure if they solve the problem or why there are 2 suexec.log files.
Νικόλαος Κούρας
2013-06-04 10:56:59 UTC
Permalink
***@nikos [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log

***@nikos [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rwxr-xr-x 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log*

***@nikos [/home/nikos/www/cgi-bin]# chmod 755 /usr/local/apache/logs/error_log

***@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root root 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log*

***@nikos [/home/nikos/www/cgi-bin]# chown root:apache /usr/local/apache/logs/error_log
***@nikos [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log

-rwxr-xr-x 1 root apache 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log*
***@nikos [/home/nikos/www/cgi-bin]#


Now the error i get whn trying to run my scgi script via browser is

***@nikos [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] suexec failure: could not open log file
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: /home/nikos/public_html/500.shtml


I just don't get it.....
I chmod'ed
i chown'ed

Why still doesn't work?
Νικόλαος Κούρας
2013-06-04 13:07:28 UTC
Permalink
Okey Danny, thanks

The httpd processes are run by user 'nobody'. I have to change your httpd.conf to assign the correct user or change the owner of the log file to nobody.

***@nikos [~]# chown nobody:nobody /usr/local/apache/logs/error_log
***@nikos [~]# chown nobody:nobody /var/log/httpd/error_log

On httpd.conf looking for the following directives:
User nobody
Group nobody

implied that the httpd.conf is automatically generated by cPanel. Take a look:

# Defined in /var/cpanel/cpanel.config: apache_port
Listen 0.0.0.0:82
User nobody
Group nobody
ExtendedStatus On
ServerAdmin ***@gmail.com
ServerName nikos.superhost.gr
LogLevel warn

Trying to find a solution about my suexec issue i altered the httpd.conf file

***@nikos [~]# nano /usr/local/apache/conf/httpd.conf (altering user nobody to user root_

***@nikos [~]# service httpd restart
[Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping
Syntax error on line 175 of /usr/local/apache/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
***@nikos [~]#

Please help because no matter what i try i always receive the following when i http://superhost.gr/cgi-bin/koukos.py

[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] suexec failure: could not open log file
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] fopen: Permission denied
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] Premature end of script headers: koukos.py
Νικόλαος Κούρας
2013-06-05 17:34:38 UTC
Permalink
Post by Νικόλαος Κούρας
Okey Danny, thanks
The httpd processes are run by user 'nobody'. I have to change your httpd.conf to assign the correct user or change the owner of the log file to nobody.
User nobody
Group nobody
# Defined in /var/cpanel/cpanel.config: apache_port
Listen 0.0.0.0:82
User nobody
Group nobody
ExtendedStatus On
ServerName nikos.superhost.gr
LogLevel warn
Trying to find a solution about my suexec issue i altered the httpd.conf file
[Tue Jun 04 15:56:42 2013] [warn] module rpaf_module is already loaded, skipping
Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
Please help because no matter what i try i always receive the following when i http://superhost.gr/cgi-bin/koukos.py
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] suexec failure: could not open log file
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] fopen: Permission denied
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] Premature end of script headers: koukos.py
Can somebody still help me please?

Loading...