While working on setting up some old scripts to process some forms, I was hitting the dreaded Internal Server Error. The apache log said:
suexec policy violation: see suexec log for more details, referer:
Premature end of script headers: submit_comments.pl, referer:
I read up on suexec at the apache site and found there are 20 rules that must be met in order for suexec to work. The script implementation must be violating (at least!) one of them, but how to find which one? I tried to “see the suexec log” as the error stated but anything I found that looked like a place for the suexec log was either missing, outdated, or empty 🙁
After looking around in frustration for this mythical suexec log, I looked at the man page for suexec (rtfm) and found there is a command to show the compilation options of suexec:
suexec -V (must be run as root!)
# suexec -V
-D AP_DOC_ROOT="/var/htdocs"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="nobody"
-D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public"
Now I was able to find the real suexec log in this out-of-the-way location, and looking in there I quickly found the cause of my suffering:
[2011-09-25 18:11:59]: target uid/gid (816/816) mismatch with directory (408/408) or program (816/816)
[2011-09-25 18:16:21]: uid: (816/webguy) gid: (816/816) cmd: submit_comments.pl
After seeing this, I realized the problem is that the folder containing the script doesn’t match the ownership and group of the suexec user, so I looked in the virtual host config file to find the user & group specified with ‘SuexecUserGroup’. Then used chown to set the user and group of the script and the folder containing it to match the suexec user and group. After that the script worked without an error!