Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

samtregar (2699)

  (email not shown publicly)

Journal of samtregar (2699)

Monday April 28, 2003
12:39 AM

Redhat 9 and Apache 2 pull a Gaslight on me

[ #11882 ]
If you've never seen Gaslight, go see it. If you can't drop everything to see a fantastic film right now, suffice it to say that Gaslight is about driving someone mad in very subtle ways.

Redhat 9 and Apache 2 just did the trick.

I'm working on a little CGI to produce pretty HTML diffs between module versions. Someday it might be part of, but for now it's just a gleam in my eye.

Anyway, I decide the best way to test it is to get Apache setup to execute CGIs out of ~/public_html on my brand new Redhat 9 installation. I open up httpd.conf and do the obvious - uncomment the AddHandler for .cgi, setup userdirs with ExecCGI, make sure permissions are all setup right and start up Apache. Hit the CGI and wham, I get a 500 error and this in the error_log:

[Fri Apr 18 01:11:25 2003] [error] [client] Premature end of script headers: example.cgi

I double, triple, quadruple check everything. At this point example.cgi is just a single 'print' with perfect headers. I run it as the Apache user and it works fine. But from a browser, I get nothing but 500s.

An hour later I find myself searching the web for "Premature end of script headers". I've been developing CGIs with Apache for almost 5 years now. At this point I am totally mad.

Finally it dawns on me. Maybe there are new logs in Apache 2! And there it was, in suexec.log of all the damn places:

[2003-04-18 01:14:32]: uid: (500/sam) gid: (501/501) cmd: example.cgi
[2003-04-18 01:14:32]: directory is writable by others: (/home/sam/public_html)

That's a problem!? And how did suexec get turned on? I look through the conf file which I've already read line-by-line. There's nothing in there about suexec! I hit the Apache docs and find this lie:

If Apache finds a properly configured suEXEC wrapper, it will print the following message to the error log:

[notice] suEXEC mechanism enabled (wrapper: /path/to/suexec)

I can tell you with 100% certainty that no such line is in my error_log. To make matters worse, turning on suexec is a matter of removing the suexec binary from the path, not making a change to the conf file! Check it:

If you want to disable suEXEC you should kill and restart Apache after you have removed the "suexec" file.

Holy crap! I have to delete /usr/sbin/suxec in order to turn off suexec in Apache?

So I did it.

And everything started working nornally.

And I'm totally insane now.


The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.