su exec log

  • natas
  • PHP Ninja
  • Proficient
  • natas
  • Posts: 308
  • Loc: AFK

Post 3+ Months Ago

I have found a login script online that is perfect for one of my sites. I recently uploaded it and followed the install procedures to the tee. (so I think).

My problem is I get an error.

suexec policy violation: see suexec log for more details


I don't even know where this log is at, let alone what it does.

Any ideas.


EDIT:

Apparently it had something to do with file permissions. I changed it to 750 and the script runs ok. But I still have no idea what I did or what suexec logs are. Any input would be greatly appreciated.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

Quote:
The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server.

http://httpd.apache.org/docs/2.0/suexec.html

The file is named`suexec_log` by default and is located under the default log directory unless changed otherwise. Are you on shared hosting? You may have to contact your host to see if that log is available to you.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9092
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

The purpose of suexec is so that processes run under the user instead of using the user nobody, or apache. This has many benefits including being able to track which users are abusing the server, or which uses have security holes in their scripts, and also keeping users restricted to running things in their own directories. According to Apache it says this:

Quote:
The suEXEC feature provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server.

Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs. However, if suEXEC is improperly configured, it can cause any number of problems and possibly create new holes in your computer's security. If you aren't familiar with managing setuid root programs and the security issues they present, we highly recommend that you not consider using suEXEC.


So with that said the problem you had was most likely due to the fact that your script didn't have the exec flag enabled for the owner of that script. My guess was that your permissions before were 644 which provides read and write access for the owner, and read access for the group and everyone else. With the permissions set at 750 you are now giving full read, write, and exec access for the owner, and read and exec access for the group, and no permissions for everyone else.

While the location of the suexec_log file can vary, typically your system administrator can find it here:

/usr/local/apache/logs/suexec_log

If it is a Linux based server.
  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9092
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Looks like you just beat me SpooF!
  • natas
  • PHP Ninja
  • Proficient
  • natas
  • Posts: 308
  • Loc: AFK

Post 3+ Months Ago

A plethora of information!

I knew that whatever I did made it work, but I hate not knowing what I did. Reminds me of and old radio I had as a kid. When it started getting static-y, I beat it real good and it worked just fine.

Thanks guys. Now I know.... and knowing is half the battle!

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 58 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.