SuExec: “command not in docroot” Even Though It Is?

apache-2.2 php fastcgi arch-linux suexec
9,934

Solution 1

You need to recompile suexec.c --with-suexec-docroot=/srv/www

Solution 2

You don't need to recompile it. You can use this package to set a custom path on debian or ubuntu:

apt-get install apache2-suexec-custom

After installing the package, there is a special directory, where you can set the suexec path for every user. There should be an example file für www-data user:

/etc/apache/suexec/<some-user-name>

If you don't have Debian or Ubuntu, you have to look for such a package or recompile suexec with the right docroot (see suexec doc). The param is:

--with-suexec-docroot=DIR

You have to check, how to do it for your distro.

Solution 3

There's a www-data file (/etc/apache2/suexec/www-data) with 2 lines:

/var/www
/public/cgi-bin/

you can change that lines to what you prefer

Solution 4

Find the fcgid configurations with this command:

/usr/lib/apache2/suexec -V

-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="www-data"
-D AP_LOG_EXEC="/var/log/apache2/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

The wrapper must be written in the directory tree of: AP_DOC_ROOT to be accessed and run.

Share:
9,934

Related videos on Youtube

Hugh Guiney
Author by

Hugh Guiney

Hi, my name’s Hugh Guiney (🗣 GUY-knee). I’m a UX Developer, which means I design and code thoughtful digital products. I’ve worked with organizations of all sizes, from startups to SMBs to household names. In my spare time I build open-source software (check out my interactive video player, RedBlue), play fighting games, and perform improv comedy. Last name is pronounced “GUY-knee”.

Updated on September 18, 2022

Comments

  • Hugh Guiney
    Hugh Guiney almost 2 years
    • Arch Linux 2011.08.19 (Linux 3.4.2 i686)
    • Apache 2.2.22 with SuExec
    • PHP 5.4.4 (cli) via FastCGI

    My sites were all working fine earlier… I’m not sure when it happened because I noticed it over a week later (I’m guessing perhaps after a system upgrade), but all my VirtualHosts went offline with the dreaded “Premature end of script headers: php-fcgid-wrapper” 500 error.

    SuExec logs gave me this for each site:

    [2012-07-16 00:45:02]: uid: (1001/site) gid: (1001/site) cmd: php-fcgid-wrapper
[2012-07-16 00:45:02]: command not in docroot (/var/www/site/fcgi-bin/php-fcgid-wrapper)

    This isn’t (or at least shouldn’t be) true… I automatically compile Apache with --with-suexec-docroot=/srv/www set. Still, I tried a sanity check, to see what docroot SuExec actually thought it had:

    $ suexec -V
suexec policy violation: see suexec log for more details

    For which the logs claimed:

    [2012-07-16 01:07:52]: too few arguments

    Tried it with sudo as well; same thing. So, even this makes no sense, and prevents me from being able to diagnose the problem properly.

    Another thing I tried was moving everything from /srv/www to /var/www, the default docroot, to see if maybe it had reverted to the raw repository version during the upgrade. Updated my VirtealHosts, restarted Apache, but still got the same 500 errors.

    What else could be causing this?

    • user9517
      user9517 almost 12 years
      Erm you say ... perhaps after a system upgrade ... surely you know if you did that or not ?
    • Hugh Guiney
      Hugh Guiney almost 12 years
      I did do that, but I don’t know that that is actually the cause of the problem; it’s just the only thing I can remember changing. Apache itself did not upgrade, and I didn’t edit any of my config files. I also don’t do full system backups currently, and Arch is rolling release anyway, so it’s non-trivial for me to attempt to recreate a previous server state here—I’d have to downgrade all of my packages manually. I’m willing to try it, but I think that’s a last resort.
  • Jenny D
    Jenny D almost 12 years
    I think you mean --with-suexec-docroot=/var/www .
  • Hugh Guiney
    Hugh Guiney almost 12 years
    How would this help? My docroot is /srv/www, and it was already compiled with that.
  • Hugh Guiney
    Hugh Guiney almost 12 years
    So, I’m not sure why, but recompiling did actually solve this, albeit with my custom docroot specified. I was previously unable to recompile, but this answer to my related question on Unix & Linux got me there.
  • Andrew Smith
    Andrew Smith almost 12 years
    OK I corrected this
  • Hugh Guiney
    Hugh Guiney almost 11 years
    I have Arch Linux, not Debian. See OP.
  • Fa11enAngel
    Fa11enAngel almost 11 years
    recompile suexec with the path you need. I've added this to the answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Multiple php versions simultaneously on Ubuntu
"no input file specified" with apache/php after recompile
PHP via FastCGI: "terminated by calling exit()"
Access Denied for PHP Files Only
PHP + Apache long wait time
FastCGI and Apache 500 error intermittently
PHP-FPM is not displayed in phpinfo()
Unable to set php_value in .htaccess file
How to run PHP files as another user with Apache and FastCGI?
A single php-fastcgi process blocks all other PHP requests