Hi, I'm installng Liquidfeedback on my ispconfig3 managed virtual host, on an Ubuntu 12.04 server. The app is composed by a bunch of LUA scripts. Scripts are located inside a subfolder of virtualhost path: Code: lrwxrwxrwx 1 web8 client1 19 Dec 18 16:23 cgi-bin -> lqfb/webmcp/cgi-bin drwxr-xr-x 2 web8 client1 4096 Dec 19 09:46 log drwxr-xr-x 6 web8 client1 4096 Dec 18 16:21 lqfb cgi-bin is a symlink INSIDE web root, so from suexec docs it should work. with DEFAULT ubuntu permissions on suexec : Code: -rwsr-xr-- 1 root www-data 18456 Jul 12 15:38 /usr/lib/apache2/suexec I get following error, in virtual host log : Code: [Thu Dec 19 10:23:00 2013] [error] [client 79.16.12.118] (13)Permission denied: exec of '/usr/lib/apache2/suexec' failed [Thu Dec 19 10:23:00 2013] [error] [client 79.16.12.118] Premature end of script headers: webmcp-wrapper.lua So suexec wrapper isnt' executed. If I change suexec permissions and group (got from some other forums) like this : Code: -rwsr-xr-x 1 root root 18456 Jul 12 15:38 /usr/lib/apache2/suexec I get following error from virtual host log: Code: [Thu Dec 19 10:25:54 2013] [error] [client 79.16.12.118] suexec policy violation: see suexec log for more details [Thu Dec 19 10:25:54 2013] [error] [client 79.16.12.118] Premature end of script headers: webmcp-wrapper.lua and this one in suexec log: Code: [2013-12-19 10:25:54]: user mismatch (web8 instead of www-data) Which shows suexec being executed as web8 user instead of www-data user. I tried different virtual host setups, the SuexecUserGroup directve is there and correct, but no way. Any suggestion ? Max
www-data group owner for suexec should be correct, not root. Maybe your main apache is configured to run under a different user than www-data?
Nope, it runs some processes as root and spawns some processes as www-data. But I've seen that suexec calls are done as web8 (owner of virtual host) and not as www-data, which is weird. At least, it seems to me from suexec log. The only way I've found so far is to install suexec-custom, which allows suexec runs from other users than www-data. If I configure it to allow runs from web8 user it's ok. But I don't like this solution.
