Forum
Configuration of CGIWrapper problem
Samiux
9 September 2009, 17:38
Hiawatha version: 6.16
Operating System: Ubuntu 9.04 Server
Content of hiawatha.conf
...
CGIwrapper = /usr/sbin/cgi-wrapper
...
VirtualHost {
Hostname = www.mysite.com
WebsiteRoot = /var/www/xoops
StartFile = index.php
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
TimeForCGI = 5
# UseFastCGI = PHP5
# PreventCMDi = yes
PreventCSRF = yes
PreventSQLi = yes
PreventXSS = yes
WrapCGI = jail
}
Content of cgi-wrapper.conf
CGIhandler = /usr/bin/perl
CGIhandler = /usr/bin/php5-cgi
CGIhandler = /usr/bin/python
CGIhandler = /usr/bin/ruby
CGIhandler = /usr/bin/ssi-cgi
Wrap = jail ; /var/www ; nobody
I then execute the following commands :
newroot /usr/sbin/php-fcgi
newroot /bin/bash
However, I got "403 Forbidden" error page.
Marco
9 September 2009, 18:05
Hi Samiux.
Do you can see in error log if there are the following message?
access denied via filesystem (visible error in my OpenBSD server)
or
CGI-wrapper: no valid Wrap found (visible error in Ubuntu 9.04 with
custom kernel 2.6.30)
I too have the same problem (403 Forbidden) on 2 different operating system.
I have write new topic 'Hiawatha cgi-wrapper: SUID PROBLEM' in bug report section amd
I think that Hugo (also always available) is trying to understand
and solve the problem ;-)
Do you can see in error log if there are the following message?
access denied via filesystem (visible error in my OpenBSD server)
or
CGI-wrapper: no valid Wrap found (visible error in Ubuntu 9.04 with
custom kernel 2.6.30)
I too have the same problem (403 Forbidden) on 2 different operating system.
I have write new topic 'Hiawatha cgi-wrapper: SUID PROBLEM' in bug report section amd
I think that Hugo (also always available) is trying to understand
and solve the problem ;-)
Marco
9 September 2009, 18:21
also...
ensure that the log file have right write permission to account nobody
and cgi files have right read and exec permission to account nobody
and you don't have nosuid mount options in the partition where hiawatha's executables are.
I know.... Are trivial details but I prefer to do ;-)
ensure that the log file have right write permission to account nobody
and cgi files have right read and exec permission to account nobody
and you don't have nosuid mount options in the partition where hiawatha's executables are.
I know.... Are trivial details but I prefer to do ;-)
Samiux
9 September 2009, 19:22
I added "ExecuteCGI = yes" to the VirtualHost section and changed cgi-wrapper.conf to :
Then, chown all the files including directories and sub-directories to "www-data:www-data".
Finally, I got "500 Internal Server Error" and the error.log recorded "execute CGI: Permission denied" and "no output".
Wrap = jail ; /var/www/xoops ; www-data
Then, chown all the files including directories and sub-directories to "www-data:www-data".
Finally, I got "500 Internal Server Error" and the error.log recorded "execute CGI: Permission denied" and "no output".
Marco
9 September 2009, 20:55
Sounds like a problem of SUID....
I use www-data as master uid (ServerId = www-data) and other account
for virtual host (WrapCGI = hsools, whereas was 'older' version I don't sure if it was option named WrapCGI or WrapUserCGI)
for cgi-wrapper I have this lines:
CGIhandler = /usr/bin/perl
Wrap = hsools ; /var/www/hsools ; hsools
Hiawatha 6.14 work very very fine with my Ubuntu and this configuration
I use www-data as master uid (ServerId = www-data) and other account
for virtual host (WrapCGI = hsools, whereas was 'older' version I don't sure if it was option named WrapCGI or WrapUserCGI)
for cgi-wrapper I have this lines:
CGIhandler = /usr/bin/perl
Wrap = hsools ; /var/www/hsools ; hsools
Hiawatha 6.14 work very very fine with my Ubuntu and this configuration
Hugo Leisink
10 September 2009, 08:37
I'll go through the whole cgi-wrapper process this evening and update the cgi-wrapper HOWTO. I'll get back to you a.s.a.p. Am a little busy at the moment.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
