Announcement

Collapse
No announcement yet.

cagefs + user homedir symlink + cgi = fail

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • cagefs + user homedir symlink + cgi = fail

    Hello,

    The setup is as follows:

    usernames files are located in dir: /homeabc/username
    /home/username is a symlink to /homeabc/username
    usernames homedir is set to /home/username

    When cagefs is active for the user - CGIs are returning internal server error. Apaches error log says:

    "[Mon Jul 06 12:33:22.199164 2015] [cgi:error] [pid 838822] [client xxx.xxx.xxx.xxx:51595] AH01215: suexec policy violation: see suexec log for more details: /home/username/public_html/cgi-bin/test4.pl
    [Mon Jul 06 12:33:22.199234 2015] [cgi:error] [pid 838822] [client xxx.xxx.xxx.xxx:51595] End of script output before headers: test4.pl"

    suexec log says:

    "[2015-07-06 12:35:24]: uid: (500/username) gid: (500/username) cmd: test4.pl
    [2015-07-06 12:35:24]: cannot stat program: (test4.pl)"

    When cagefs is disabled for that user - CGIs are working fine.

    Any idea on how to fix this? Thanks upfront.

  • #2
    Hello,

    Could you pleas elso say where DocumentRoot from VirtualHost is pointed? CageFS makes it working as from /home/username, be sure DocumentRoot is painted to /home and not /homeabc .
    But also try opening a file with userdir style, like:http://server_IP/~username/test4.pl to see if it works.

    Comment


    • #3
      > Bogdan wrote:
      >
      > Could you pleas elso say where DocumentRoot from VirtualHost is pointed? CageFS makes it working as from /home/username, be sure DocumentRoot is painted to /home and not /homeabc .
      >
      > But also try opening a file with userdir style, like: http://server_IP/~username/test4.pl to see if it works.

      Hi,

      DocumentRoot is "/home/username/public_html"
      Also trying to run the file as http://server_IP/~username/cgi-bin/test4.pl gives the same results in error_log and suexec_log.

      Comment


      • #4
        Really strange, so far I have no ideas why is this working that way, your setup looks to be good. Please create a trouble ticket and provide us with access to this server so we could check in place.

        Comment


        • #5
          I would like to update this thread with a bit more information.

          We do always mount any userhome as /home/username with CageFS. In case of php files everything was working for ontop however perl handler was trying to follow real script location - to /homeabc/username/public_html/cgi-bin/test.pl file.

          CageFS has a mechanism to mount any additional location to its inside with users content, in our case the proper solution was to add into /etc/cagefs/cagefs.mp file following line:

          Code:
          %/homeabc
          And do cagefsctl --remount-all . In this case user see from CageFS inside his /home/username but also /homeabc/username . Other directories in /homeabc as well /home are still hidden for him.

          This is quite useful way to share needed backup directories for users if you are giving access to them.

          Comment

          Working...
          X