RES: RES: RES: problem with suexec

Wilson A. Galafassi Jr. wilson.galafassi at gmail.com
Wed Mar 12 22:26:34 CET 2008


Hello.
if  i use the commands:
chmod g-w sbin
chmod g-w sbin/* 

suexec tell me: 
[2008-03-12 18:25:02]: error: target uid/gid (32042/32044) mismatch with
directory (32121/32123) or program (32121/32123) or trusted user (0/10)


Any other sugestion?
Thanks
Wilson

-----Mensagem original-----
De: nagios-users-bounces at lists.sourceforge.net
[mailto:nagios-users-bounces at lists.sourceforge.net] Em nome de Max
Enviada em: quarta-feira, 12 de março de 2008 14:30
Para: nagios-users at lists.sourceforge.net
Assunto: Re: [Nagios-users] RES: RES: problem with suexec

> [2008-03-11 21:22:04]: directory is writable by others:
(/usr/local/nagios/sbin)

group writable directory and group writable files ...

On Wed, Mar 12, 2008 at 12:12 PM, Wilson A. Galafassi Jr.
<wilson.galafassi at gmail.com> wrote:
>
>  # ls -la
>  drwxrwxr-x   8 nagios nagios 4096 Mar 10 20:00 .
>  drwxr-xr-x  22 root   root   4096 Mar 10 20:00 ..
>  drwxrwxr-x   2 nagios nagios 4096 Mar 10 20:00 bin
>  drwxrwxr-x   3 nagios nagios 4096 Mar 10 20:32 etc
>  drwxrwxr-x   2 nagios nagios 4096 Mar 10 20:41 libexec
>  drwxrwxr-x   2 nagios nagios 4096 Mar 10 20:00 sbin
>  drwxrwxr-x   9 nagios nagios 4096 Mar 10 20:41 share
>  drwxrwxr-x   5 nagios nagios 4096 Mar 12 13:11 var
>
>  sbin
>  # ls -la
>  total 3092
>  drwxrwxr-x  2 nagios nagios   4096 Mar 10 20:00 .
>  drwxrwxr-x  8 nagios nagios   4096 Mar 10 20:00 ..
>  -rwxrwxr-x  1 nagios nagios 214472 Mar 10 20:00 avail.cgi
>  -rwxrwxr-x  1 nagios nagios 210760 Mar 10 20:00 cmd.cgi
>  -rwxrwxr-x  1 nagios nagios 180680 Mar 10 20:00 config.cgi
>  -rwxrwxr-x  1 nagios nagios 230024 Mar 10 20:00 extinfo.cgi
>  -rwxrwxr-x  1 nagios nagios 184936 Mar 10 20:00 histogram.cgi
>  -rwxrwxr-x  1 nagios nagios 168456 Mar 10 20:00 history.cgi
>  -rwxrwxr-x  1 nagios nagios 164328 Mar 10 20:00 notifications.cgi
>  -rwxrwxr-x  1 nagios nagios 160200 Mar 10 20:00 outages.cgi
>  -rwxrwxr-x  1 nagios nagios 164616 Mar 10 20:00 showlog.cgi
>  -rwxrwxr-x  1 nagios nagios 221704 Mar 10 20:00 status.cgi
>  -rwxrwxr-x  1 nagios nagios 180904 Mar 10 20:00 statusmap.cgi
>  -rwxrwxr-x  1 nagios nagios 176648 Mar 10 20:00 statuswml.cgi
>  -rwxrwxr-x  1 nagios nagios 164360 Mar 10 20:00 statuswrl.cgi
>  -rwxrwxr-x  1 nagios nagios 181832 Mar 10 20:00 summary.cgi
>  -rwxrwxr-x  1 nagios nagios 176680 Mar 10 20:00 tac.cgi
>  -rwxrwxr-x  1 nagios nagios 189064 Mar 10 20:00 trends.cgi
>
>
>  -----Mensagem original-----
>  De: nagios-users-bounces at lists.sourceforge.net
>  [mailto:nagios-users-bounces at lists.sourceforge.net] Em nome de Hendrik
>  Bäcker
>  Enviada em: quarta-feira, 12 de março de 2008 12:07
>  Para: nagios-users at lists.sourceforge.net
>  Assunto: Re: [Nagios-users] RES: problem with suexec
>
>
>
>
>
>  Wilson A. Galafassi Jr. schrieb:
>  > I have tried but the problem persist.
>  >
>  With the same error message? Show us your directory (ls -la).
>
>  > Any other idea?
>  >
>
>  > Thanks,
>  > Wilson
>  >
>  > -----Mensagem original-----
>  > De: nagios-users-bounces at lists.sourceforge.net
>  > [mailto:nagios-users-bounces at lists.sourceforge.net] Em nome de Hendrik
>  > Bäcker
>  > Enviada em: quarta-feira, 12 de março de 2008 04:27
>  > Para: wilson at galafassi.com.br
>  > Cc: nagios-users at lists.sourceforge.net
>  > Assunto: Re: [Nagios-users] problem with suexec
>  >
>  > Hi Wilson,
>  >
>  > Wilson Galafassi schrieb:
>  >> hello.
>  >> i have installed nagios on my server running apache 2.2.6.
>  >>
>  >> when i try to access the web interface i see: Internal Server Error
>  >>
>  >> in error_log i see:
>  >> [Tue Mar 11 21:20:15 2008] [error] [client xxx.yyy.zzz.xxxx] suexec
>  >> policy violation: see suexec log for more details, referer:
>  >> http://www.digitalstorage.com.br/nagios/side.html
>  >> [Tue Mar 11 21:20:15 2008] [error] [client xxx.yyy.zzz.xxxx] Premature
>  >> end of script headers: tac.cgi, referer:
>  >> http://www.digitalstorage.com.br/nagios/side.html
>  >> [Tue Mar 11 21:20:15 2008] [error] [client xxx.yyy.zzz.xxxx] File does
>  >> not exist: /home/digital/public_html/500.shtml, referer:
>  >> http://www.digitalstorage.com.br/nagios/side.html
>  >>
>  >> in suexec_log:
>  >> [2008-03-11 21:22:04]: uid: (32042/digital) gid: (32044/32044) cmd:
>  > tac.cgi
>  >> [2008-03-11 21:22:04]: directory is writable by others:
>  > (/usr/local/nagios/sbin)
>  > Well, did you begin to re-set the permissions?
>  > I don't know suexec in depth but in your situation I would start to try
>  > to do what suexec suggests. After each step I would control if the
>  > balance between application and security is givven.
>  >
>  > So like your suexec_log: change the directory permission of
>  > "/usr/local/nagios/sbin" to make it not writable by "other" (chmod o-w
>  > /usr/local/nagios/sbin)
>  >
>  > Regards
>  > Hendrik
>  >
>  >
-------------------------------------------------------------------------
>  > This SF.net email is sponsored by: Microsoft
>  > Defy all challenges. Microsoft(R) Visual Studio 2008.
>  > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>  > _______________________________________________
>  > Nagios-users mailing list
>  > Nagios-users at lists.sourceforge.net
>  > https://lists.sourceforge.net/lists/listinfo/nagios-users
>  > ::: Please include Nagios version, plugin version (-v) and OS when
>  reporting
>  > any issue.
>  > ::: Messages without supporting info will risk being sent to /dev/null
>  >
>  >
>
>  -------------------------------------------------------------------------
>  This SF.net email is sponsored by: Microsoft
>  Defy all challenges. Microsoft(R) Visual Studio 2008.
>  http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>  _______________________________________________
>  Nagios-users mailing list
>  Nagios-users at lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/nagios-users
>  ::: Please include Nagios version, plugin version (-v) and OS when
reporting
>  any issue.
>  ::: Messages without supporting info will risk being sent to /dev/null
>
>
>  -------------------------------------------------------------------------
>  This SF.net email is sponsored by: Microsoft
>  Defy all challenges. Microsoft(R) Visual Studio 2008.
>  http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>  _______________________________________________
>  Nagios-users mailing list
>  Nagios-users at lists.sourceforge.net
>  https://lists.sourceforge.net/lists/listinfo/nagios-users
>  ::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
>  ::: Messages without supporting info will risk being sent to /dev/null
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue. 
::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list