Cherokee Web Server

Xan xan | 1 Oct 2010 20:48

Picon

Re: perl scripts (oddmuse)

Anyone could help me?

Regards,
Xan.

2010/9/27 xancorreu <xancorreu <at> gmail.com>:
> Hi,
>
> Is there any way for running perl scripts? I put virtual domain--> rules -->
> add --> extensions --> pl --> cgi --> and /usr/bin/perl. But I get error
> 504 Gateway Timeout
>
>
> With thttpd it works.
> What can I do?
>
> Thanks,
> Xan.
>
> PS: I attach cherokee.conf
>
> ------------------------------------------------------------------------
>
> config!version = 001000008
> server!bind!1!port = 8081
> server!group = www-data
> server!keepalive = 1
> server!keepalive_max_requests = 500
> server!panic_action = /usr/share/cherokee/cherokee-panic
> server!pid_file = /var/run/cherokee.pid

(Continue reading)

David Taylor | 3 Oct 2010 09:28

Cherokee failing to exec spawn-fcgi

  Hi,

I have configured a MoinMoin wiki vServer in Cherokee 1.08.  I am 
getting 503 Service Unavailable whenever I request a page.

It looks like Cherokee is failing to execute spawn-fcgi.

When I run Cherokee from the command line and request a page I see the 
following:

root <at> hal:/var/log/cherokee# /usr/sbin/cherokee --admin_child -C 
/etc/cherokee/cherokee.conf
Cherokee Web Server 1.0.8 (Aug 18 2010): Listening on port ALL:80, TLS 
disabled,
IPv6 enabled, using epoll, 4096 fds system limit, max. 2041 connections,
caching I/O, 20 threads, 102 connections per thread, standard scheduling
policy
PID 1765: launched '/bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1 
-p 53993 -- /usr/share/moin/server/moin.fcg' with uid=33, gid=33, 
env=inherited
PID 1765: exited re=1
PID 1766: launched '/bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1 
-p 53993 -- /usr/share/moin/server/moin.fcg' with uid=33, gid=33, 
env=inherited
PID 1766: exited re=1
PID 1767: launched '/bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1 
-p 53993 -- /usr/share/moin/server/moin.fcg' with uid=33, gid=33, 
env=inherited
PID 1767: exited re=1
PID 1768: launched '/bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1

(Continue reading)

"Juan J." Martínez | 3 Oct 2010 10:36

Re: Cherokee failing to exec spawn-fcgi

El dom, 03-10-2010 a las 18:28 +1100, David Taylor escribió:
> Hi,
> 
> I have configured a MoinMoin wiki vServer in Cherokee 1.08.  I am 
> getting 503 Service Unavailable whenever I request a page.
> 
> It looks like Cherokee is failing to execute spawn-fcgi.

Once Cherokee drops privileges and switches user (I don't know your
case, www-data may be?), it can't spawn the CGI process with a different
user (it needs to run as root to do that).

> Any hints/suggestions on what I should do?

Can you tell us the users you're trying to use for Cherokee and you CGI?

I guess one solution it's to run the CGI with the same user than
Cherokee (as long as Cherokee isn't running as root, in that case you
could run the CGI with any user you want).

Another solution would be set the suid flag in the CGI span-fcgi, and
chown the file to the user/group you want to use to run it. In that way
Cherokee should be able to ejecute the file with the right user without
being root.

Cheers,

Juanjo

--

--

(Continue reading)

"Juan J." Martínez | 3 Oct 2010 10:45

Re: Cherokee failing to exec spawn-fcgi

El dom, 03-10-2010 a las 09:36 +0100, Juan J. Martínez escribió:
> [...]
> 
> Another solution would be set the suid flag in the CGI span-fcgi, and
> chown the file to the user/group you want to use to run it. In that way
> Cherokee should be able to ejecute the file with the right user without
> being root.

Sorry, I was talking in theory :). In practice, it won't work if your
spawn-fcgi it's a shell script.

Cheers,

Juanjo

--

-- 
jjm's home: http://www.usebox.net/jjm/
blackshell: http://blackshell.usebox.net/
 ramble on: http://rambleon.usebox.net/

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee

xancorreu | 3 Oct 2010 11:22

Picon

Re: perl scripts (oddmuse)

  Well, guys, If no one could help me, I will to try other web server 
with less annoying cgi configuration (lighttpd or thttpd). I want to try 
cherokee because it's clear more faster.

Xan.

Al 27/09/10 21:59, En/na xancorreu ha escrit:
> Hi,
>
> Is there any way for running perl scripts? I put virtual domain--> 
> rules --> add --> extensions --> pl --> cgi --> and /usr/bin/perl. But 
> I get error
> 504 Gateway Timeout
>
>
> With thttpd it works.
> What can I do?
>
> Thanks,
> Xan.
>
> PS: I attach cherokee.conf
>
> ------------------------------------------------------------------------
>
> config!version = 001000008
> server!bind!1!port = 8081
> server!group = www-data
> server!keepalive = 1
> server!keepalive_max_requests = 500

(Continue reading)

"Juan J." Martínez | 3 Oct 2010 11:27

Re: perl scripts (oddmuse)

El dom, 03-10-2010 a las 11:22 +0200, xancorreu escribió:
> Well, guys, If no one could help me, I will to try other web server 
> with less annoying cgi configuration (lighttpd or thttpd). I want to try 
> cherokee because it's clear more faster.

I don't think you have the same problem than David (check that thread)
because "vserver!1!rule!105!handler!change_user" it's 0 in your
configuration.

You're running Cherokee as www-data:www-data, so I'd check permissions
first. Can www-data user run the command you have setup in the
script_alias to execute any of the pl files?

# su -m www-data -
$ /usr/bin/perl /whatever/file.pl

Does it work?

Cheers,

Juanjo

--

-- 
jjm's home: http://www.usebox.net/jjm/
blackshell: http://blackshell.usebox.net/
 ramble on: http://rambleon.usebox.net/

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com

(Continue reading)

David Taylor | 3 Oct 2010 11:58

Re: Cherokee failing to exec spawn-fcgi

  On 03/10/10 19:36, Juan J. Martínez wrote:
> El dom, 03-10-2010 a las 18:28 +1100, David Taylor escribió:
>> Hi,
>>
>> I have configured a MoinMoin wiki vServer in Cherokee 1.08.  I am
>> getting 503 Service Unavailable whenever I request a page.
>>
>> It looks like Cherokee is failing to execute spawn-fcgi.
> Once Cherokee drops privileges and switches user (I don't know your
> case, www-data may be?), it can't spawn the CGI process with a different
> user (it needs to run as root to do that).
>

Hola Juan,

Cherokee is running as www-data:www-data.

Cherokee is not trying to exec spawn-fcgi as a different user -- there 
is no -u or -g specified in the command line.  It's using exec to run it 
in a separate process with inherited privileges:

PID 1765: launched '/bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1 
-p 53993 -- /usr/share/moin/server/moin.fcg' with uid=33, gid=33, 
env=inherited
PID 1765: exited re=1

On my system, uid 33 and gid 33 are www-data:www-data:

root <at> hal:/var/log/cherokee# grep 33 /etc/passwd
www-data:x:33:33:www-data:/var/www:/bin/sh

(Continue reading)

"Juan J." Martínez | 3 Oct 2010 12:33

Re: Cherokee failing to exec spawn-fcgi

El dom, 03-10-2010 a las 20:58 +1100, David Taylor escribió:
> [...]
> It does work from the command line.  But when Cherokee does it, it fails.

I can see a difference. Cherokee uses /bin/sh -c exec ... Is it possible
that there's something in the spawn-fcgi script that makes it behave
differently?

I don't know, may be the PATH it's different and it's failing to execute
something (?).

> ps.  I just noticed this mailing list doesn't set reply-to, so this is a 
> re-send.  Sorry for the duplicate e-mail, Juan.

NP, you're welcome :)

Cheers,

Juanjo

--

-- 
jjm's home: http://www.usebox.net/jjm/
blackshell: http://blackshell.usebox.net/
 ramble on: http://rambleon.usebox.net/

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee

(Continue reading)

"Juan J." Martínez | 3 Oct 2010 15:01

Running process as a different user (was Cherokee failing to exec spawn-fcgi)

El dom, 03-10-2010 a las 09:45 +0100, Juan J. Martínez escribió:
> El dom, 03-10-2010 a las 09:36 +0100, Juan J. Martínez escribió:
> > [...]
> > 
> > Another solution would be set the suid flag in the CGI span-fcgi, and
> > chown the file to the user/group you want to use to run it. In that way
> > Cherokee should be able to ejecute the file with the right user without
> > being root.
> 
> Sorry, I was talking in theory :). In practice, it won't work if your
> spawn-fcgi it's a shell script.

OK, thinking about it... I wrote a simple tool to accomplish that: run
whatever you want from a suid program, so you can spawn the fast-cgi
stuff as a different user that the one running Cherokee.

It was very easy to do, but quite insecure (it allows any user to run
anything as the target user), so I added a simple ACL so you can limit
the commands to be executed and the users allowed to do so.

And I stopped there, because I don't want to reimplement SUDO!

If someone want to play with it:

http://www.usebox.net/jjm/suidexec/

Some people asked for suEXEC support in Cherokee, this might do the
trick, but obviously without any kind of warranty ;)

It's been roughly tested and any comment it's welcome.

(Continue reading)

David Taylor | 3 Oct 2010 16:11

Re: Cherokee failing to exec spawn-fcgi

  On 03/10/10 21:33, Juan J. Martínez wrote:
> El dom, 03-10-2010 a las 20:58 +1100, David Taylor escribió:
>> [...]
>> It does work from the command line.  But when Cherokee does it, it fails.
> I can see a difference. Cherokee uses /bin/sh -c exec ...

Any ideas how to debug what's going on in spawn-fcgi?

As far as I can tell, it's not running anything at all:

www-data <at> hal:~$ /bin/sh -c exec /usr/bin/spawn-fcgi -n -a 127.0.0.1 -p 
53993 -- /usr/bin/python -c "open('/tmp/testing', 'w').write('this is a 
test under exec\n')"
www-data <at> hal:~$ cat /tmp/testing
cat: /tmp/testing: No such file or directory

www-data <at> hal:~$ /usr/bin/spawn-fcgi -n -a 127.0.0.1 -p 53993 -- 
/usr/bin/python -c "open('/tmp/testing', 'w').write('this is a test 
without exec\n')"
www-data <at> hal:~$ cat /tmp/testing
this is a test without exec

How do I begin to debug this?

> Is it possible
> that there's something in the spawn-fcgi script that makes it behave
> differently?
>
> I don't know, may be the PATH it's different and it's failing to execute
> something (?).

(Continue reading)

Group

gmane.comp.web.cherokee.general.

Project Web Page

Cherokee Web Server

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 24

Articles in period: 230

October 2010

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Migration from Apache to Cherokee: URI tweaking (1 May 2013)
New features in separate branches (29 Apr 2013)
Cherokee Digest, Vol 58, Issue 14 (27 Apr 2013)
Migration of website is done. (19 Apr 2013)
Setting a user defined password at cherokee-admin (17 Apr 2013)
Embedded server (13 Apr 2013)
Migration of website is done. (7 Apr 2013)
Interpreter users (uwsgi/scgi/etc.) ? Keep an eye on this one. (7 Apr 2013)
URL structure /index.php/param1/param2 (5 Apr 2013)
cherokee-remote.py script (4 Apr 2013)
Embedded server (3 Apr 2013)
Merging submodule cherokee/CTK back into cherokee/webserver. (3 Apr 2013)
[Cherokee-dev] Issue 1397 in cherokee: +++ PLEASE READ – ISSUES ARE (20 Mar 2013)
cherokee-admin suddenly not working (26 Feb 2013)
Why fastcgi using load balancers (ip hash, round robin, failover)? (21 Feb 2013)
What is the diference between Http reverse Proxy and FastCGI? (18 Feb 2013)
Session Status Cherokee configuration (13 Feb 2013)
Error with cherokee-admin (13 Feb 2013)
Streaming with loadbalance (10 Feb 2013)
WG: [Cherokee-dev] Need help with "Makefile.am" (9 Feb 2013)
cherokee.pot (3 Feb 2013)

Archives

5	May 2013
35	April 2013
3	March 2013
55	February 2013
16	January 2013
60	December 2012
22	November 2012
31	October 2012
13	September 2012
7	August 2012
8	July 2012
22	June 2012
7	May 2012
28	April 2012
23	March 2012
63	February 2012
116	January 2012
82	December 2011
71	November 2011
83	October 2011
79	September 2011
66	August 2011
50	July 2011
83	June 2011
99	May 2011
106	April 2011
112	March 2011
174	February 2011
217	January 2011
209	December 2010
137	November 2010
230	October 2010
164	September 2010
120	August 2010
89	July 2010
255	June 2010
241	May 2010
175	April 2010
120	March 2010
163	February 2010
152	January 2010
215	December 2009
173	November 2009
258	October 2009
276	September 2009
299	August 2009
176	July 2009
224	June 2009
203	May 2009
199	April 2009
140	March 2009
92	February 2009
198	January 2009
143	December 2008
222	November 2008
254	October 2008
78	September 2008
152	August 2008
57	July 2008
71	June 2008
49	May 2008
63	April 2008
83	March 2008
43	February 2008
21	January 2008
47	December 2007
12	November 2007
51	October 2007
24	September 2007
25	August 2007
47	July 2007
46	June 2007
29	May 2007
38	April 2007
9	March 2007
46	February 2007
73	January 2007
88	December 2006
33	November 2006
86	October 2006
84	September 2006
88	August 2006
64	July 2006
29	June 2006
53	May 2006
64	April 2006
92	March 2006
72	February 2006
77	January 2006

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template