Apache and suexec issue that wont let me run my python script

  • Thread starter Íéêüëáïò Êïýñáò
  • Start date

Í

Íéêüëáïò Êïýñáò

I have asked this in alt.apache.configuration but received no response at all, so i was thinking of you guys as a last resort to this.
Sorry about that but koukos.py need to set a cookies that other scripts depend upon for identification. 'python3 koukos.py' runs properly.

chown nikos:nikos koukos.py
chmod 755 koukos.py

are all in place.


i want to run a python script 4 days now and i receive this message:

[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] suexec failure: could not open log file
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] fopen: Permission denied
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] Premature end of script headers: koukos.py
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] File does not exist: /home/nikos/public_html/500.shtml

when i tail -F /usr/local/apache/logs/error_log &

What this error means?

It appears that the effective user of the script does not have permission to open the log file
that the suexec call requires.
- fopen reported "permission denied", presumably on the logfile
- suexec, receiving the fopen "permission denied" error, reported "could not open log file"

These errors, in turn, seem to have prematurely terminated the script headers that i use in
koukos.py script, causing the koukos.py script to fail. This caused apache to report (with a generic
and inappropriate error message) that the shtml file that invokes the script failed.


Code:
[email protected] [/home/nikos/www/cgi-bin]# chmod g+w /usr/local/apache/logs/suexec_log
[email protected] [/home/nikos/www/cgi-bin]# ls -al /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 506823 Jun 1 02:55 /usr/local/apache/logs/suexec_log

Code:
[email protected] [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
[email protected] [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log


and still iam receiving the same error.....
 
Ad

Advertisements

C

Chris Angelico

I have asked this in alt.apache.configuration but received no response atall

You posted it FIFTEEN HOURS AGO on a low-traffic forum.

Sheesh! Learn a little patience.

ChrisA
 
Í

Íéêüëáïò Êïýñáò

Ôç ÓÜââáôï, 1 Éïõíßïõ 2013 8:38:17 ð.ì.UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:
You posted it FIFTEEN HOURS AGO on a low-traffic forum.
Sheesh! Learn a little patience.

I think this is enough time for to get an answer, i dont think so meone would answer from there but if you know some other list i can sk this questionplease let me knwo and i'll ask there.

All my script are python 3.x readyand koukos.py is as well, oits just that damn suexec issue that doesnt let my last script that all it does is to seta cookie to work properly.

If you kwno the answer please advise me what it needs to be done.
This will be my last question, all other issues have been taker care of.
 
C

Chris Angelico

Ôç ÓÜââáôï, 1 Éïõíßïõ 2013 8:38:17 ð.ì. UTC+3, ï ÷ñÞóôçò Chris Angelico Ýãñáøå:


I think this is enough time for to get an answer, i dont think so meone would answer from there but if you know some other list i can sk this question please let me knwo and i'll ask there.

Did you follow the usual rule of lurking on a list before posting? Or
at very least, reading the archive? I just quickly Googled the
newsgroup name and found the archive. When you see a newsgroup that
gets only a handful of posts a month, you can NOT expect
up-to-the-minute responses. Actually, you can't expect that EVER.

Now learn a little patience and courtesy.

http://www.catb.org/esr/faqs/smart-questions.html

ChrisA
 
Í

Íéêüëáïò Êïýñáò

I was searchign all night long yesterday an i didn manged to get this workign.
Please if someoen is expreinces with linux just help me out here a but.
 
Ad

Advertisements

P

Paul Kölle

Am 01.06.2013 07:30, schrieb Îικόλαος ΚοÏÏας:
[snipp]
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] suexec failure: could not open log file
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] fopen: Permission denied
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] Premature end of script headers: koukos.py
[Thu May 30 15:29:33 2013] [error] [client 46.12.46.11] File does not exist: /home/nikos/public_html/500.shtml

when i tail -F /usr/local/apache/logs/error_log &

What this error means?

It appears that the effective user of the script does not have permission to open the log file
that the suexec call requires.
Yes, so which logfile and what user is suexec using to run your script?
You should be able to answer all this from your apache configuration.

cheers
Paul
 
A

Anssi Saari

Îικόλαος ΚοÏÏας said:
Code:
[email protected] [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
[email protected] [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log


and still iam receiving the same error.....

What did you hope to accomplish with this second chmod? Nobody is in the
root group except root. I hope. My guess based on very minimal Googling
on the topic is you should change the group of /var/log/httpd/suexec.log
to apache.

Then again, I have no idea why you have both
/usr/local/apache/logs/suexec_log and /var/log/httpd/suexec.log, but the
former apparently has some data in it and the latter does not so
changing permissions on /var/log/httpd/suexec.log may not help...

Oh, apparently suexec prints its config if you run suexec -V, so include
that output if you still have problems.
 
C

Carlos Nepomuceno

----------------------------------------
From: (e-mail address removed)
Subject: Re: Apache and suexec issue that wont let me run my python script
Date: Mon, 3 Jun 2013 18:20:00 +0300
To: (e-mail address removed)

Íéêüëáïò Êïýñáò said:
Code:
[email protected] [/home/nikos/www/cgi-bin]# chmod g+w /var/log/httpd/suexec.log
[email protected] [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log


and still iam receiving the same error.....

What did you hope to accomplish with this second chmod? Nobody is in the
root group except root. I hope. My guess based on very minimal Googling
on the topic is you should change the group of /var/log/httpd/suexec.log
to apache.

Then again, I have no idea why you have both
/usr/local/apache/logs/suexec_log and /var/log/httpd/suexec.log, but the
former apparently has some data in it and the latter does not so
changing permissions on /var/log/httpd/suexec.log may not help...

'/var/log/httpd' is the default place for the Red Hat and CentOS installation of httpd.

'/usr/local/apache/logs' is the default directory of the Apache httpd installation.

httpd has probably been upgraded by 'make install'.
 
M

Michael Torrie

'/var/log/httpd' is the default place for the Red Hat and CentOS installation of httpd.

'/usr/local/apache/logs' is the default directory of the Apache httpd installation.

httpd has probably been upgraded by 'make install'.

Oh wow. What a mess. I think Nick needs to read a good book on Red Hat
EL system administration. Think he needs to start over with a fresh
install of CentOS and only install software that comes from a repo using
yum until he learns what he's doing.
 
Ad

Advertisements

C

Carlos Nepomuceno

----------------------------------------
Date: Mon, 3 Jun 2013 17:23:16 -0600
From: (e-mail address removed)
To: (e-mail address removed)
Subject: Re: Apache and suexec issue that wont let me run my python script



Oh wow. What a mess. I think Nick needs to read a good book on Red Hat
EL system administration. Think he needs to start over with a fresh
install of CentOS and only install software that comes from a repo using
yum until he learns what he's doing.

I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a few tweaks that I don't remember though.

If you don't have any previous experience with Apache httpd settings I wouldn't try that on a production server.
 
M

Michael Torrie

I did a httpd 'make install' on CentOS 6 and it worked fine. Needed a
few tweaks that I don't remember though.

If you don't have any previous experience with Apache httpd settings
I wouldn't try that on a production server.

Precisely. Given his experience levels, installing httpd from source is
recipe for disaster. He's now going to have to track security flaw
reports manually, try to figure out which ones apply to him, and keep
his apache up to date. I can't think of anything he'd need in Apache
that's not in the CentOS packages. I've sys-admined for years and I've
never ever needed an Apache outside out of the repos. Sometimes I
needed other things I had to build from source, but never apache.
 
C

Chris Angelico

Precisely. Given his experience levels, installing httpd from source is
recipe for disaster. He's now going to have to track security flaw
reports manually, try to figure out which ones apply to him, and keep
his apache up to date. I can't think of anything he'd need in Apache
that's not in the CentOS packages. I've sys-admined for years and I've
never ever needed an Apache outside out of the repos. Sometimes I
needed other things I had to build from source, but never apache.

Agreed. I'm a Debian guy rather than Red Hat, and by comparison Debian
changes with every gust of wind, but the same applies. There's little
reason to build most things from source; take advantage of the massive
testing that's been done! Of course, there will be times when the
version in the repo is just too old, but that's never been the case
for me with Apache.

ChrisA
 
Í

Íéêüëáïò Êïýñáò

I think i'll do a "chmod 666 /var/log/httpd/suexec.log" and see if the error goes away.

I think what the problem is, i have the owner and group as root:root with
read/write permissions, but apache is likely owned by something else
(www:www or apache:webservd).

So either i'll have to change the group ownership of the log file to the group apache is running as or change the log file to world read/write, which isn't safe since other people log into the box, but is generally harmless i think with log files.

Checking the permissions of /var/log/httpd directory itself:

(e-mail address removed) [~/www/cgi-bin]# ls -ld /var/log/httpd/
drwx------ 2 root root 4096 Jun 1 02:52 /var/log/httpd//

Is that a problem?

http != Apache ?

i'm still confused about what is:
'/var/log/httpd' and what is '/usr/local/Apache'

Is seems like this is the same service runnign twice under different names.
 
Í

Íéêüëáïò Êïýñáò

I just tried out those:

[email protected] [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root root 0 Jun 1 02:52 /var/log/httpd/suexec.log

[email protected] [~]# ls -l /usr/local/apache/logs/suexec_log
-rw-rw-r-- 1 root apache 532667 Jun 4 13:11 /usr/local/apache/logs/suexec_log

[email protected] [~]# chown root:apache /var/log/httpd/suexec.log

[email protected] [~]# ls -l /var/log/httpd/suexec.log
-rw-rw-r-- 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log

but i'm not usre if they solve the problem or why there are 2 suexec.log files.
 
Ad

Advertisements

Í

Íéêüëáïò Êïýñáò

[email protected] [/home/nikos/www/cgi-bin]# chmod 755 /var/log/httpd/suexec.log

[email protected] [/home/nikos/www/cgi-bin]# ls -l /var/log/httpd/suexec.log
-rwxr-xr-x 1 root apache 0 Jun 1 02:52 /var/log/httpd/suexec.log*

[email protected] [/home/nikos/www/cgi-bin]# chmod 755 /usr/local/apache/logs/error_log

root[email protected] [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root root 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log*

[email protected] [/home/nikos/www/cgi-bin]# chown root:apache /usr/local/apache/logs/error_log
[email protected] [/home/nikos/www/cgi-bin]# ls -l /usr/local/apache/logs/error_log

-rwxr-xr-x 1 root apache 32414017 Jun 4 13:51 /usr/local/apache/logs/error_log*
[email protected] [/home/nikos/www/cgi-bin]#


Now the error i get whn trying to run my scgi script via browser is

[email protected] [/home/nikos/www/cgi-bin]# [Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] suexec failure: could not open log file
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] fopen: Permission denied
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] Premature end of script headers: koukos.py
[Tue Jun 04 13:55:26 2013] [error] [client 46.12.95.59] File does not exist: /home/nikos/public_html/500.shtml


I just don't get it.....
I chmod'ed
i chown'ed

Why still doesn't work?
 
Í

Íéêüëáïò Êïýñáò

Ôç Ôñßôç, 4 Éïõíßïõ 2013 2:04:36 ì.ì. UTC+3, ï ÷ñÞóôçò Carlos Nepomuceno Ýãñáøå:
send the output of the following command:
ps aux|grep httpd

[email protected] [/home/nikos/www/data/apps]# ps aux | grep httpd
root 19194 0.0 0.2 74224 4440 ? Ss Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root 19201 0.0 0.1 74136 2576 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 19202 0.0 0.2 74492 4320 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 19203 0.0 0.2 74488 4304 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 19204 0.0 0.2 74488 4352 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 19205 0.0 0.2 74492 4336 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 19206 0.0 0.2 74544 4328 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 19215 0.0 0.2 74492 4300 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 20170 0.0 0.2 74356 4264 ? S Jul13 0:00 /usr/local/apache/bin/httpd -k start -DSSL
root 20860 0.0 0.0 103240 856 pts/2 S+ Jul13 0:00 grep httpd
[email protected] [/home/nikos/www/data/apps]#
 
Í

Íéêüëáïò Êïýñáò

Ôç Ôñßôç, 4 Éïõíßïõ 2013 2:27:25 ì.ì. UTC+3, ï ÷ñÞóôçò Carlos Nepomuceno Ýãñáøå:
The httpd processes are run by user 'nobody'. You have to change your httpd.conf to assign the correct user or change the owner of the log file to nobody.

On httpd.conf look for the following directives:
User root
Group root

Why some httpd run as root(first two) and the rest as nobody?
What is user 'nobody' anyways?

[email protected] [/home/nikos/www/data/apps]# nano /usr/local/apache/conf/httpd.conf
[email protected] [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'User root'
[email protected] [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'user root'
[email protected] [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'group root'
[email protected] [/home/nikos/www/data/apps]# cat /usr/local/apache/conf/httpd.conf | grep 'Group root'

Doesn't seem to be there.
 
Ad

Advertisements

Í

Íéêüëáïò Êïýñáò

[email protected] [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 root apache 32447472 Jun 4 14:36 /usr/local/apache/logs/error_log*
[email protected] [/home/nikos/www/data/apps]# chown nobody:apache /usr/local/apache/logs/error_log
[email protected] [/home/nikos/www/data/apps]# ls -l /usr/local/apache/logs/error_log
-rwxr-xr-x 1 nobody apache 32447472 Jun 4 14:36 /usr/local/apache/logs/error_log*


still the same error.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top