We’ve just taken ove the hosting of a site which uses a cgi script to search the html based site (reads the html and creates a search index) it works fine on the old server however now when we try and run the search in the logs we get:
suexec policy violation: see suexec log for more details
Looking at the suexec log
[2012-05-02 09:19:29]: uid: (519/username) gid: (508/508) cmd: search.pl
[2012-05-02 09:19:29]: command not in docroot (/www/vhtdocs/username/cgi-bin/search.pl)
It sounds like it’s trying to execute a script that exists in /www.
However, suexec is setup to only allow commands to run that are within /home.
My recommendation would be to create a Virtual Server for this website – and then to setup the code for this particular site to reside within that Virtual Server… that would be in /home/USER/.
You may have to tweak a few paths in your script, but once you do that, you should be good to go!
Hmm, well, check out the path mentioned in the error message there:
/www/vhtdocs/username/cgi-bin/search.pl
And the error you’re getting is this:
command not in docroot
That’s saying that suexec thinks you’re trying to execute a script outside of /home… so if the script is in the correct location, it’s possible that a path is set correctly somewhere within your website.
Well, that’s what I was suggesting in my initial comment above… the folder structure you have there won’t work.
The suexec binary is setup to only be able to execute programs in /home – so if you’re trying to use /www instead, that’ll cause some trouble
If you’re using Ubuntu or Debian, there may be a way to tweak that – but otherwise, you’d have to manually recompile Apache to get that structure to work.
Unless you’re using Debian or Ubuntu, my suggestion would be to go with the Virtualmin default of having the home dirs and DocumentRoot within /home… that would resolve the errors you’re seeing there.
Sorry about this still having issues, I’ve moved the cgi-bin inside the site root now and it still will not run so I’ve uploaded a ‘helper.cgi’ script which should just print out an overview of the server configuration doc roots stuff like that chmod it it to 755 and this won’t run either.
Getting a similar error message…
[2012-05-02 17:57:09]: uid: (519/username) gid: (508/508) cmd: helper.cgi
[2012-05-02 17:57:09]: command not in docroot (/www/vhtdocs/username/public_html/cgi-bin/helper.cgi)
One other thing which may or may not be related is that Webmin says I have an perl update to V 5.8.8-38.el5 however I’ve tried to install this a few times and it fails each time?
OK I see what you are saying howeverin Virtualmin I changed the home directory for this (and other) domains to be /www/vhtdocs/username/ is this not OK everything else works fine for other domains, this is the first time I’ve tried to use cgi though. Can I change the home for cgi to run in my preferred ‘home’ location for users?
With CentOS – suexec is hard coded to only work with /home.
The likely reason it’s working for you now for some sites is probably that you’re using mod_php for running PHP apps (or just using static HTML pages or other non-CGI stuffs), which doesn’t utilize suexec.
However, if you want to be able to use CGI scripts on CentOS, you’d either need to place them in /home, or you’d need to recompile Apache and tell it to use a different path for suexec.