Sample Header Ad - 728x90

suexec with chrooted environment

7 votes
1 answer
1779 views
permissions apache-httpd php chroot suexec
I'm trying to get a chrooted Apache environment working running mod_fcgid with suexec. Looking at suexec log inside jail, the wrapper scripts are being executed with no problems, however, when I look at Apache's error log I'm seeing the errors below; suexec failure: could not open log file fopen: Permission denied suexec.log; When I strace both php and suexec, they do not complain about any missing library or file. The log says "could not open log file" but it obviously logs into the error log file inside the jail. What's wrong with this setup? What may trigger this error? edit : strace results; [pid 9912] rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT, 0x7fca687fe500}, {SIG_DFL, [], 0}, 8) = 0 [pid 9912] chdir("/var/www/username/cgi-bin/") = 0 [pid 9912] execve("/usr/sbin/suexec", ["/usr/sbin/suexec", "500", "500", "php-fcgi-starter"], [/* 1 var */]) = 0 [pid 9912] brk(0) = 0x7f2d71e91000 [pid 9912] fcntl(0, F_GETFD) = 0 [pid 9912] fcntl(1, F_GETFD) = 0 [pid 9912] fcntl(2, F_GETFD) = 0 [pid 9912] access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory) [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f2000 [pid 9912] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) [pid 9912] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=13704, ...}) = 0 [pid 9912] mmap(NULL, 13704, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2d715ee000 [pid 9912] close(3) = 0 [pid 9912] open("/lib64/libc.so.6", O_RDONLY) = 3 [pid 9912] read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832 [pid 9912] fstat(3, {st_mode=S_IFREG|0755, st_size=1916568, ...}) = 0 [pid 9912] mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2d71041000 [pid 9912] mprotect(0x7f2d711cb000, 2093056, PROT_NONE) = 0 [pid 9912] mmap(0x7f2d713ca000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7f2d713ca000 [pid 9912] mmap(0x7f2d713cf000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2d713cf000 [pid 9912] close(3) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f9000 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715ed000 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715ec000 [pid 9912] arch_prctl(ARCH_SET_FS, 0x7f2d715ed700) = 0 [pid 9912] mprotect(0x7f2d713ca000, 16384, PROT_READ) = 0 [pid 9912] mprotect(0x7f2d715f3000, 4096, PROT_READ) = 0 [pid 9912] munmap(0x7f2d715ee000, 13704) = 0 [pid 9912] brk(0) = 0x7f2d71e91000 [pid 9912] brk(0x7f2d71eb2000) = 0x7f2d71eb2000 [pid 9912] getuid() = 48 [pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 [pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 9912] close(3) = 0 [pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 [pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 9912] close(3) = 0 [pid 9912] open("/etc/nsswitch.conf", O_RDONLY) = 3 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000 [pid 9912] read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688 [pid 9912] read(3, "", 4096) = 0 [pid 9912] close(3) = 0 [pid 9912] munmap(0x7f2d715f1000, 4096) = 0 [pid 9912] open("/etc/ld.so.cache", O_RDONLY) = 3 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=13704, ...}) = 0 [pid 9912] mmap(NULL, 13704, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2d715ee000 [pid 9912] close(3) = 0 [pid 9912] open("/lib64/libnss_files.so.2", O_RDONLY) = 3 [pid 9912] read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832 [pid 9912] fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0 [pid 9912] mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2d70e33000 [pid 9912] mprotect(0x7f2d70e3f000, 2097152, PROT_NONE) = 0 [pid 9912] mmap(0x7f2d7103f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f2d7103f000 [pid 9912] close(3) = 0 [pid 9912] mprotect(0x7f2d7103f000, 4096, PROT_READ) = 0 [pid 9912] munmap(0x7f2d715ee000, 13704) = 0 [pid 9912] open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 [pid 9912] fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC) [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=952, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000 [pid 9912] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 952 [pid 9912] close(3) = 0 [pid 9912] munmap(0x7f2d715f1000, 4096) = 0 [pid 9912] open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=952, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000 [pid 9912] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 952 [pid 9912] close(3) = 0 [pid 9912] munmap(0x7f2d715f1000, 4096) = 0 [pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 [pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 9912] close(3) = 0 [pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 [pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) [pid 9912] close(3) = 0 [pid 9912] open("/etc/group", O_RDONLY|O_CLOEXEC) = 3 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=520, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000 [pid 9912] read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 520 [pid 9912] close(3) = 0 [pid 9912] munmap(0x7f2d715f1000, 4096) = 0 [pid 9912] open("/var/log/httpd/suexec.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=17043, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000 [pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=17043, ...}) = 0 [pid 9912] lseek(3, 17043, SEEK_SET) = 17043 [pid 9912] gettimeofday({1371690955, 897472}, NULL) = 0 [pid 9912] open("/etc/localtime", O_RDONLY) = 4 [pid 9912] fstat(4, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0 [pid 9912] fstat(4, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f0000 [pid 9912] read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2102 [pid 9912] lseek(4, -1337, SEEK_CUR) = 765 [pid 9912] read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 1337 [pid 9912] close(4) = 0 [pid 9912] munmap(0x7f2d715f0000, 4096) = 0 [pid 9912] write(3, "[2013-06-20 03:15:55]: uid: (500"..., 77) = 77 [pid 9912] setgid(500) = 0 [pid 9912] open("/proc/sys/kernel/ngroups_max", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 9912] open("/etc/group", O_RDONLY|O_CLOEXEC) = 4 [pid 9912] fstat(4, {st_mode=S_IFREG|0644, st_size=520, ...}) = 0 [pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f0000 [pid 9912] lseek(4, 0, SEEK_CUR) = 0 [pid 9912] read(4, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 520 [pid 9912] read(4, "", 4096) = 0 [pid 9912] close(4) = 0 [pid 9912] munmap(0x7f2d715f0000, 4096) = 0 [pid 9912] setgroups(1, ) = 0 [pid 9912] setuid(500) = 0 [pid 9912] getcwd("/var/www/username/cgi-bin", 4096) = 22 [pid 9912] chdir("/var/www") = 0 [pid 9912] getcwd("/var/www", 4096) = 9 [pid 9912] chdir("/var/www/username/cgi-bin") = 0 [pid 9912] lstat("/var/www/username/cgi-bin", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 9912] lstat("php-fcgi-starter", {st_mode=S_IFREG|0755, st_size=128, ...}) = 0 [pid 9912] close(3) = 0 [pid 9912] munmap(0x7f2d715f1000, 4096) = 0 [pid 9912] execve("php-fcgi-starter", ["php-fcgi-starter"], [/* 1 var */]) = -1 ENOENT (No such file or directory) [pid 9912] open("/var/log/httpd/suexec.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1 EACCES (Permission denied) [pid 9912] write(2, "suexec failure: could not open l"..., 40) = 40 [pid 9912] write(2, "fopen: Permission denied\n", 25) = 25 [pid 9912] exit_group(1) = ? the last ~20 lines is where the server throws the error.
Asked by compixtr (385 rep)
Jun 19, 2013, 11:34 PM
Last activity: Jul 10, 2024, 06:01 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "permissions"
More questions tagged "apache-httpd"
More questions tagged "php"
Footer Ad - 728x90