Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - netstores

Pages: [1]
1
To whom it may concern @ CWP.

After my exhaustive research on the issue of Server Wide Scripts, and why Cpanel has this working and not the cwp-httpd-2.4.39-3.x86_64.rpm is that I need to be able to have access to the source of this apache 2.4 build.

I know your installer creates and loads this rpm, and for me to use CWP, I would need access to the source of this build process.

I discovered how and what Cpanel did to allow this function of suexec that I desperately need.

It is a small change to the support/suexec.h and support/suexec.c files in the source tree of the make/build of the apache 2.4.

It is a few lines of code that they have done that creates this abillity to have a TRUSTED_USERS_SCRIPTS and it is a patch they created that allows our app to run on cpanel/ea4.

see: ea-apache2/0010-Update-suexec-to-allow-trusted-scripts.patch at master · CpanelInc/ea-apache2 · GitHub

I would be happy to make the changes, and would like to keep in line with everything you do to the httpd.rpm.

Would you be able to give me access to the build that makes the rpm so I can make the small changes necessary to add the allow trusted scripts functions of suexec binary?

I would greatly appreciate this, And, I will share all this work I will do with your community, because I believe that their may be others that want this function for larger hosting platforms.

READ THIS BEFORE CONTINUING!!
The patch below adds a feature which makes it possible to run “shared”
scripts. Suppose you are a systems admin for $large hosting provider and
you want to offer your customers some standard scripts. These scripts would
cause a security violation based on the uid owner of the script.
This patch makes it possible to “trust” a certain user/group. Look below to
define the user/group ID.
Uncomment the define to make it actually happen.
*/
Thanks

I hope we can continue working together in my quest to no longer use Cpanel and move to a different control panel.

2
I am spending time trying to recreate the suexec configuration to match our cpanel EasyApache4 Configuration from cpanel conversion.

The reason is I need to run server wide scripts, meaning (1) or (2) custom scripting bin directories from the location of /usr/local/apache that each and every virtual host account can access using suexec uid security the same as Cpanel.

I have narrowed it down to 2 issues.

I can run the server wide scripts only with suexec turned off, not loading the module, but with the module on I get errors.

So first issue is suexec on the Server is set for

 -D AP_DOC_ROOT="/home"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="nobody"
 -D AP_LOG_EXEC="/usr/local/apache/logs/suexec_log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

And Cpanel sets AP_DOC_ROOT="/"

Here is Cpanel

 -D AP_DOC_ROOT="/"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="nobody"
 -D AP_LOG_EXEC="/etc/apache2/logs/suexec_log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

I need to recompile Suexec with this similar AP_DOC_ROOT="/"


2.  Then be able to have the httpd.conf and Vhosts.conf work in the similar manner.

I tried copying the Cpanel Suexec binary over and get the same suexec result, but when I run it I get this error in the suexec_log.

[2021-07-20 13:26:42]: uid: (1000/netstore) gid: (1000/netstore) cmd: test.pl
[2021-07-20 13:26:42]: error: target uid/gid (1000/1000) mismatch with directory (0/0) or program (0/0) or trusted user (0/10)


Running the script on the Cpanel Apache provides this in the log.

[2021-07-20 13:26:36]: uid: (1001/netstore) gid: (1002/netstore) cmd: test.pl


Any help would be appreciated.



Pages: [1]