suexec violation + 500 error in script
749 views
Skip to first unread message
hugh.b...@googlemail.com
Dec 12, 2009, 8:05:20 AM12/12/09
to cclite
encountering some initial problems. the cgi test script gives an
internal server error,
saying
[Sat Dec 12 04:12:24 2009] [error] [client xxxxxx.157] suexec policy
violation: see suexec log for more details
--> somewhere in http.conf there is probably something like:
SuexecUserGroup "#502" "#503"
the ownership of the installed directories needs to match with this
statement or (more dangerous)
it needs to be commented and the server restarted...apparently this
will also appear on unpatched
Centos, for example, to it may be worth discussing with support
[Sat Dec 12 04:12:24 2009] [error] [client xxxxxx.157] Premature end
of script headers: checkinstall.cgi
-> most common is that the script is not world-execute, check this and
change, if necessary
There is a new version in testing this week. So you might want to wait
a little. I'm not sure about dreamhosts, generally it depends on
willingness to install Perl modules (It uses quite a few), though they
can be installed locally, with the software. There's nothing really,
really unusual about the base software.
internal server error,
saying
[Sat Dec 12 04:12:24 2009] [error] [client xxxxxx.157] suexec policy
violation: see suexec log for more details
--> somewhere in http.conf there is probably something like:
SuexecUserGroup "#502" "#503"
the ownership of the installed directories needs to match with this
statement or (more dangerous)
it needs to be commented and the server restarted...apparently this
will also appear on unpatched
Centos, for example, to it may be worth discussing with support
[Sat Dec 12 04:12:24 2009] [error] [client xxxxxx.157] Premature end
of script headers: checkinstall.cgi
-> most common is that the script is not world-execute, check this and
change, if necessary
There is a new version in testing this week. So you might want to wait
a little. I'm not sure about dreamhosts, generally it depends on
willingness to install Perl modules (It uses quite a few), though they
can be installed locally, with the software. There's nothing really,
really unusual about the base software.
gargi
Dec 12, 2009, 10:40:50 PM12/12/09
to cclite
Hi Hugh,
onward...
2 perlmods loaded to my user using cpan... Bit::Vector &
Digest::SHA2.
SOAP::Lite was already on the server.
chmoded all the cgi scripts to 755. now at least am getting a
different server error dump.
now it says:
suexec failure: could not open log file, referer: http://myaddy.net/public_html/
instead of suexec policy violation which it did before
and we are now getting also
fopen: Permission denied, referer: http://myaddy.net/public_html/
because dreamhost has fopen disabled. they are saying to use cUrl
instead. can we do this? it will perhaps mean I have to hack core
files?
and then these two errors, which we were getting before are still
there.
Premature end of script headers: checkinstall.cgi, referer:
http://myaddy.net/public_html/
File does not exist: /home/glogo/myaddy.net/internal_error.html,
referer: http://myaddy.net/public_html/
One thing I changed in the cgi scripts: after installing the local
mods, I was supposed to add this to the top, which I did on every
cgi.
use lib qw( /home/glogo/perlmods/lib/perl/5.8 /home/glogo/perlmods/lib/
perl/5.8.8
/home/glogo/perlmods/share/perl/5.8 /home/glogo/perlmods/
share/perl/5.8.8 );
Installed at top of each file above
#!/usr/bin/perl
Is this correct?
TIA
Gargi
On 12 Dec, 08:05, "hugh.barn...@googlemail.com"
onward...
2 perlmods loaded to my user using cpan... Bit::Vector &
Digest::SHA2.
SOAP::Lite was already on the server.
chmoded all the cgi scripts to 755. now at least am getting a
different server error dump.
now it says:
suexec failure: could not open log file, referer: http://myaddy.net/public_html/
instead of suexec policy violation which it did before
and we are now getting also
fopen: Permission denied, referer: http://myaddy.net/public_html/
because dreamhost has fopen disabled. they are saying to use cUrl
instead. can we do this? it will perhaps mean I have to hack core
files?
and then these two errors, which we were getting before are still
there.
Premature end of script headers: checkinstall.cgi, referer:
http://myaddy.net/public_html/
File does not exist: /home/glogo/myaddy.net/internal_error.html,
referer: http://myaddy.net/public_html/
One thing I changed in the cgi scripts: after installing the local
mods, I was supposed to add this to the top, which I did on every
cgi.
use lib qw( /home/glogo/perlmods/lib/perl/5.8 /home/glogo/perlmods/lib/
perl/5.8.8
/home/glogo/perlmods/share/perl/5.8 /home/glogo/perlmods/
share/perl/5.8.8 );
Installed at top of each file above
#!/usr/bin/perl
Is this correct?
TIA
Gargi
On 12 Dec, 08:05, "hugh.barn...@googlemail.com"
gargi devi
Dec 12, 2009, 10:21:47 AM12/12/09
to ccl...@googlegroups.com
Hi Hugh
This is what is found in the DH wiki pages:
--
God Bless You
This is what is found in the DH wiki pages:
If you are using PHP, note that Dreamhost uses phpsuexec. With
phpsuexec, PHP files run under the user's account on the server instead
of the default Apache user "nobody". This enhances security, but may
result in 500 errors unless all PHP files are changed to 755
permissions
... Suexec is enabled for DreamHost users, and cannot be disabled.
I checked and the file permissions are all ok on both the cgi-bin directory and the scripts in it.
Before I enter a ticket at DH, can you tell me more about what perl mods will be needed. I see in the manual only 3 soap::lite, digest::sha2 and bit::vector. (aside from xml::simple and lwp::simple) any other?
TIA
Gargi
--
You received this message because you are subscribed to the Google Groups "cclite" group.
To post to this group, send email to ccl...@googlegroups.com.
To unsubscribe from this group, send email to cclite+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cclite?hl=en.
--
God Bless You
gargi devi
Dec 12, 2009, 10:55:00 AM12/12/09
to ccl...@googlegroups.com
Hi Hugh,
also, in the forum they suggested three things, all of which I have just tried.
1) remove eof extra lines
2) resave in editor using *nix line endings
3) reupload using ascii.
did this with all the script files in cgi-bin but still giving server error same as before.
FYI
THanks
Gargi--
God Bless You
also, in the forum they suggested three things, all of which I have just tried.
1) remove eof extra lines
2) resave in editor using *nix line endings
3) reupload using ascii.
did this with all the script files in cgi-bin but still giving server error same as before.
FYI
THanks
Gargi
God Bless You
hugh.b...@googlemail.com
Dec 13, 2009, 3:25:55 AM12/13/09
to cclite
2 perlmods loaded to my user using cpan... Bit::Vector &
Digest::SHA2.
SOAP::Lite was already on the server.
registries (trading groups) that communicate...
> chmoded all the cgi scripts to 755. now at least am getting a
> different server error dump.
> now it says:
>
> suexec failure: could not open log file, referer:http://myaddy.net/public_html/
> instead of suexec policy violation which it did before
where the log file is being written. If dreamhosts has a cpanel style
layout
this is somewhere under the web root, as this is trying to do..I'm not
a big fan
of this, but all commodity hosting seems to be thus...
> and we are now getting also
> fopen: Permission denied, referer:http://myaddy.net/public_html/
> because dreamhost has fopen disabled. they are saying to use cUrl
> instead. can we do this? it will perhaps mean I have to hack core
> files?
from
a use of IO::Handle..I suspect this is to do with the log file
problem, maybe
dreamhosts doesn't allow it there...
> and then these two errors, which we were getting before are still
> there.
>
> Premature end of script headers: checkinstall.cgi, referer:http://myaddy.net/public_html/
> File does not exist: /home/glogo/myaddy.net/internal_error.html,
> referer:http://myaddy.net/public_html/
The suexec causes the
script not to output script headers..that's judging by the timing of
the messages...
Again, if you can wait a little while, there is a new release
coming...it probably deals with some
of these things a little more gracefully, though it doesn't solve
them,,,(because some of them
are on a hoster by hoster basis).
Best regards Hugh
gargi
Dec 13, 2009, 7:32:35 AM12/13/09
to cclite
Hugh,
placed this line in the logging.cf file but don't know if this will
work as the "http" below is a symlink, not a directory.
anyway it doesn't work. still getting exactly the same above errors.
log4perl.appender.LOGFILE.filename=/home/glogo/logs/myaddy.net/http/
cclite.log
No, dreamhost doesn't have cpanel. They have their own setup. It took
me a few days to get used to it, but I think this is why they call
themselves dreamhost.
the logs are not in webroot for example, as you can see. they give you
a real shell access and you can do just about anything you want, which
is for me like having a jet plane dashboard and still not able to
drive anything bigger than a scooter.
yes, very happy to wait for your "new and improved", just getting all
this stuff out of the way up front.
BR
OM
Gargi
hugh.b...@googlemail.com
Dec 17, 2009, 2:31:52 AM12/17/09
to cclite
The new release is out now, it doesn't directly address this
though...however, it does have Carp which -may- put more of these
directly onto the web page. The best thing would probably be to have a
look at the suexec logs in detail...I've never tried logging to a
symlink and I suspect that this will depend on the Apache (I'm
assuming it's that) configuration...
though...however, it does have Carp which -may- put more of these
directly onto the web page. The best thing would probably be to have a
look at the suexec logs in detail...I've never tried logging to a
symlink and I suspect that this will depend on the Apache (I'm
assuming it's that) configuration...
Reply all
Reply to author
Forward
0 new messages