suexec로 mod_fcgid를 실행하기 위해 루트가 지정된 Apache 환경을 얻으려고 합니다.
감옥 내부의 suexec 로그를 보면 래퍼 스크립트가 문제 없이 실행되지만 Apache의 오류 로그를 보면 다음 오류가 표시됩니다.
suexec failure: could not open log file
fopen: Permission denied
Su 실행 로그;
[2013-06-20 01:15:39]: uid: (500/user) gid: (500/user) cmd: php-fcgi-starter
[2013-06-20 01:16:30]: uid: (500/user) gid: (500/user) cmd: php-fcgi-starter
[2013-06-20 01:16:39]: uid: (500/user) gid: (500/user) cmd: php-fcgi-starter
[2013-06-20 01:18:07]: uid: (500/user) gid: (500/user) cmd: php-fcgi-starter
[2013-06-20 01:22:21]: uid: (500/user) gid: (500/user) cmd: php-fcgi-starter
strace
and 를 실행할 때 누락된 라이브러리나 파일에 대해 불평하지 않습니다 php
. suexec
로그에는 "로그 파일을 열 수 없습니다"라고 표시되어 있지만 분명히 감옥 내의 오류 로그 파일에 기록됩니다. 이 설정에 문제가 있나요? 무엇이 이 오류를 유발할 수 있나요?
편집하다:
추적 결과;
[pid 9912] rt_sigaction(SIGCHLD, {SIG_DFL, [], SA_RESTORER|SA_INTERRUPT, 0x7fca687fe500}, {SIG_DFL, [], 0}, 8) = 0
[pid 9912] chdir("/var/www/username/cgi-bin/") = 0
[pid 9912] execve("/usr/sbin/suexec", ["/usr/sbin/suexec", "500", "500", "php-fcgi-starter"], [/* 1 var */]) = 0
[pid 9912] brk(0) = 0x7f2d71e91000
[pid 9912] fcntl(0, F_GETFD) = 0
[pid 9912] fcntl(1, F_GETFD) = 0
[pid 9912] fcntl(2, F_GETFD) = 0
[pid 9912] access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory)
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f2000
[pid 9912] access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
[pid 9912] open("/etc/ld.so.cache", O_RDONLY) = 3
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=13704, ...}) = 0
[pid 9912] mmap(NULL, 13704, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2d715ee000
[pid 9912] close(3) = 0
[pid 9912] open("/lib64/libc.so.6", O_RDONLY) = 3
[pid 9912] read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360\355\1\0\0\0\0\0"..., 832) = 832
[pid 9912] fstat(3, {st_mode=S_IFREG|0755, st_size=1916568, ...}) = 0
[pid 9912] mmap(NULL, 3745960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2d71041000
[pid 9912] mprotect(0x7f2d711cb000, 2093056, PROT_NONE) = 0
[pid 9912] mmap(0x7f2d713ca000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x189000) = 0x7f2d713ca000
[pid 9912] mmap(0x7f2d713cf000, 18600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2d713cf000
[pid 9912] close(3) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f9000
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715ed000
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715ec000
[pid 9912] arch_prctl(ARCH_SET_FS, 0x7f2d715ed700) = 0
[pid 9912] mprotect(0x7f2d713ca000, 16384, PROT_READ) = 0
[pid 9912] mprotect(0x7f2d715f3000, 4096, PROT_READ) = 0
[pid 9912] munmap(0x7f2d715ee000, 13704) = 0
[pid 9912] brk(0) = 0x7f2d71e91000
[pid 9912] brk(0x7f2d71eb2000) = 0x7f2d71eb2000
[pid 9912] getuid() = 48
[pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
[pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 9912] close(3) = 0
[pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
[pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 9912] close(3) = 0
[pid 9912] open("/etc/nsswitch.conf", O_RDONLY) = 3
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000
[pid 9912] read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1688
[pid 9912] read(3, "", 4096) = 0
[pid 9912] close(3) = 0
[pid 9912] munmap(0x7f2d715f1000, 4096) = 0
[pid 9912] open("/etc/ld.so.cache", O_RDONLY) = 3
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=13704, ...}) = 0
[pid 9912] mmap(NULL, 13704, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2d715ee000
[pid 9912] close(3) = 0
[pid 9912] open("/lib64/libnss_files.so.2", O_RDONLY) = 3
[pid 9912] read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360!\0\0\0\0\0\0"..., 832) = 832
[pid 9912] fstat(3, {st_mode=S_IFREG|0755, st_size=65928, ...}) = 0
[pid 9912] mmap(NULL, 2151824, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2d70e33000
[pid 9912] mprotect(0x7f2d70e3f000, 2097152, PROT_NONE) = 0
[pid 9912] mmap(0x7f2d7103f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc000) = 0x7f2d7103f000
[pid 9912] close(3) = 0
[pid 9912] mprotect(0x7f2d7103f000, 4096, PROT_READ) = 0
[pid 9912] munmap(0x7f2d715ee000, 13704) = 0
[pid 9912] open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
[pid 9912] fcntl(3, F_GETFD) = 0x1 (flags FD_CLOEXEC)
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=952, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000
[pid 9912] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 952
[pid 9912] close(3) = 0
[pid 9912] munmap(0x7f2d715f1000, 4096) = 0
[pid 9912] open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=952, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000
[pid 9912] read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 952
[pid 9912] close(3) = 0
[pid 9912] munmap(0x7f2d715f1000, 4096) = 0
[pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
[pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 9912] close(3) = 0
[pid 9912] socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3
[pid 9912] connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
[pid 9912] close(3) = 0
[pid 9912] open("/etc/group", O_RDONLY|O_CLOEXEC) = 3
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=520, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000
[pid 9912] read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 520
[pid 9912] close(3) = 0
[pid 9912] munmap(0x7f2d715f1000, 4096) = 0
[pid 9912] open("/var/log/httpd/suexec.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=17043, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f1000
[pid 9912] fstat(3, {st_mode=S_IFREG|0644, st_size=17043, ...}) = 0
[pid 9912] lseek(3, 17043, SEEK_SET) = 17043
[pid 9912] gettimeofday({1371690955, 897472}, NULL) = 0
[pid 9912] open("/etc/localtime", O_RDONLY) = 4
[pid 9912] fstat(4, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0
[pid 9912] fstat(4, {st_mode=S_IFREG|0644, st_size=2102, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f0000
[pid 9912] read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 2102
[pid 9912] lseek(4, -1337, SEEK_CUR) = 765
[pid 9912] read(4, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 1337
[pid 9912] close(4) = 0
[pid 9912] munmap(0x7f2d715f0000, 4096) = 0
[pid 9912] write(3, "[2013-06-20 03:15:55]: uid: (500"..., 77) = 77
[pid 9912] setgid(500) = 0
[pid 9912] open("/proc/sys/kernel/ngroups_max", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 9912] open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
[pid 9912] fstat(4, {st_mode=S_IFREG|0644, st_size=520, ...}) = 0
[pid 9912] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2d715f0000
[pid 9912] lseek(4, 0, SEEK_CUR) = 0
[pid 9912] read(4, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 520
[pid 9912] read(4, "", 4096) = 0
[pid 9912] close(4) = 0
[pid 9912] munmap(0x7f2d715f0000, 4096) = 0
[pid 9912] setgroups(1, [500]) = 0
[pid 9912] setuid(500) = 0
[pid 9912] getcwd("/var/www/username/cgi-bin", 4096) = 22
[pid 9912] chdir("/var/www") = 0
[pid 9912] getcwd("/var/www", 4096) = 9
[pid 9912] chdir("/var/www/username/cgi-bin") = 0
[pid 9912] lstat("/var/www/username/cgi-bin", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 9912] lstat("php-fcgi-starter", {st_mode=S_IFREG|0755, st_size=128, ...}) = 0
[pid 9912] close(3) = 0
[pid 9912] munmap(0x7f2d715f1000, 4096) = 0
[pid 9912] execve("php-fcgi-starter", ["php-fcgi-starter"], [/* 1 var */]) = -1 ENOENT (No such file or directory)
[pid 9912] open("/var/log/httpd/suexec.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1 EACCES (Permission denied)
[pid 9912] write(2, "suexec failure: could not open l"..., 40) = 40
[pid 9912] write(2, "fopen: Permission denied\n", 25) = 25
[pid 9912] exit_group(1) = ?
마지막 20줄 정도는 서버에서 오류가 발생하는 부분입니다.
답변1
권한 문제인 것 같습니다. 특히 SUExec에서는 동일한 사용자가 디렉터리를 소유해야 한다고 생각합니다 /var/www/html
./var/www/cgi-bin/php5/php-fcgi-starter
나는 둘 다 uid: 500 및 gid: 500 또는 특정 시스템/설정이 사용하기에 적합한 사용자가 소유하고 있는지 확인합니다.