perl files don't run unless SuexecUserGroup is commented out

Hi,

I’m making headway with Virtualmin on our test server. One strange thing is though that perl scripts do not run on the server UNLESS I comment out the SuexecUserGroup directive. Currently, the directive appears as:

SuexecUserGroup "#503" "#502"

If I hit the script with www.mysite.com/cgi-bin/test.pl I get a “Premature end of script headers” entry in the error log, and obviously the script doesn’t work. If I comment out the SuexecUserGroup line, then the script works but I don’t really feel comfortable with leaving this uncommented.

What’s the work-around for this?

Thanks,
Chris

Hey Chris,

No workaround needed. You need to get your permissions right (they need to be tighter, not looser…I see folks all the time saying “But it can’t be permissions, I’ve set them 777!”).

If group or other has write privileges, SuExec will give an error. It would be a security hole, otherwise. So make the permissions 750, and you’ll be fine.

Nothing like responding to one’s own posts. :slight_smile:

Turns out the script that wasn’t running was set to be owned by “root:root”. I changed this to the owner of the virtual server and everything works great. Fortunately, now this post will be here for anyone else that runs into this issue.

Thanks.

Hey Chris,

No workaround needed. You need to get your permissions right (they need to be tighter, not looser…I see folks all the time saying “But it can’t be permissions, I’ve set them 777!”).

If group or other has write privileges, SuExec will give an error. It would be a security hole, otherwise. So make the permissions 750, and you’ll be fine.

Joe,

Wow, what a quick response. Thanks. As I just posted (we were likely typing at the same time), it was an issue not with permissions, but of ownership of the file.

BTW, did I mention that I’m really liking Virtualmin?

Thanks for your hard work and dedication on this project.

Chris

Hey Chris,

No workaround needed. You need to get your permissions right (they need to be tighter, not looser…I see folks all the time saying “But it can’t be permissions, I’ve set them 777!”).

If group or other has write privileges, SuExec will give an error. It would be a security hole, otherwise. So make the permissions 750, and you’ll be fine.

Joe,

Wow, what a quick response. Thanks. As I just posted (we were likely typing at the same time), it was an issue not with permissions, but of ownership of the file.

BTW, did I mention that I’m really liking Virtualmin?

Thanks for your hard work and dedication on this project.

Chris

Wow, what a quick response.

Hehehe…We try. If I’m not buried in code, I check mail at least every half hour or (and I’m doing investor relations right now, so nose is in the mail client full-time). You just got lucky. :wink:

Thanks for the update.

BTW, did I mention that I’m really liking Virtualmin?

Can I quote you on that?

Anyway, just wait until you see what we’ve been working on these past couple of months…