[BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC
2008-12-12 11:57:42
Hello all! I'm normally a Debian guy, but for a project I'm forced to use CentOS 4.7. I installed BackupPC 3.1.0 from source. I'm trying to get BackupPC running on that box, and I cannot seem to get BackupPC_Admin (or the testsuid script found here - http://backuppc.sourceforge.net/faq/debugCGI.html) to work.
Judging by what I've seen in this thread, http://www.mail-archive.com/backuppc-users AT lists.sourceforge DOT net/msg02493.html there seems to be a hurdle with suid that I can't overcome. I can get the permissions correct from a BackupPC perspective, but then the CentOS apache doesn't want to play nice.
[root@telephony conf.d]# ls -al /var/www/cgi-bin/ total 24 drwxr-xr-x 2 root root 4096 Dec 12 11:35 . drwxr-xr-x 9 root root 4096 Dec 11 22:40 .. -r-sr-x--- 1 backuppc apache 3993 Dec 11 18:13 BackupPC_Admin
-rwxr-xr-x 1 backuppc backuppc 76 Dec 12 11:35 testsetuid
Here's the end of the apache error log -
[Fri Dec 12 11:44:25 2008] [error] [client 192.168.0.4] Premature end of script headers: testsetuid
[Fri Dec 12 11:44:36 2008] [error] [client 192.168.0.4] Premature end of script headers: BackupPC_Admin
The premature end of headers message is all over the backuppc archives, and it pointed me to the page I mentioned above - http://backuppc.sourceforge.net/faq/debugCGI.html . Going through that page in order, I can generate the html at the command line when I execute BackupPC_Admin as either backuppc or apache, but when I try through a browser, I encounter suid issues. Here's the full output of the /var/log/httpd/suexec.log -
[2008-12-11 22:37:44]: uid: (150/backuppc) gid: (150/150) cmd: BackupPC_Admin [2008-12-11 22:37:44]: cannot run as forbidden uid (150/BackupPC_Admin) [2008-12-12 10:05:20]: uid: (150/backuppc) gid: (150/150) cmd: BackupPC_Admin
[2008-12-12 10:05:20]: cannot run as forbidden uid (150/BackupPC_Admin) [2008-12-12 10:10:41]: uid: (150/backuppc) gid: (150/150) cmd: testsetuid [2008-12-12 10:10:41]: cannot run as forbidden uid (150/testsetuid)
[2008-12-12 10:24:03]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 10:24:03]: file is either setuid or setgid: (/var/www/cgi-bin/testse tuid) [2008-12-12 10:27:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:27:22]: file is either setuid or setgid: (/var/www/cgi-bin/testse tuid) [2008-12-12 10:27:24]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 10:27:24]: file is either setuid or setgid: (/var/www/cgi-bin/testse
tuid) [2008-12-12 10:38:30]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 10:38:30]: file is either setuid or setgid: (/var/www/cgi-bin/testse tuid) [2008-12-12 10:56:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 10:56:22]: file is either setuid or setgid: (/var/www/cgi-bin/testse tuid) [2008-12-12 10:57:44]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid [2008-12-12 10:57:44]: cannot run as forbidden gid (48/testsetuid)
[2008-12-12 10:58:48]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid [2008-12-12 10:58:48]: cannot run as forbidden gid (48/testsetuid) [2008-12-12 11:18:31]: uid: (1010/backuppc) gid: (48/48) cmd: testsetuid
[2008-12-12 11:18:31]: cannot run as forbidden gid (48/testsetuid) [2008-12-12 11:19:26]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 11:19:26]: target uid/gid (1010/1010) mismatch with directory (0/0) or program (1010/48)
[2008-12-12 11:20:30]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 11:20:30]: target uid/gid (1010/1010) mismatch with directory (0/0) or program (1010/1010) [2008-12-12 11:21:23]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:25:01]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 11:25:22]: uid: (1010/backuppc) gid: (1010/1010) cmd: BackupPC_Admin [2008-12-12 11:25:22]: file is either setuid or setgid: (/var/www/cgi-bin/BackupPC_Admin)
[2008-12-12 11:33:59]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 11:35:05]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 11:43:26]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid
[2008-12-12 11:43:26]: target uid/gid (1010/1010) mismatch with directory (0/0) or program (1010/1010) [2008-12-12 11:43:32]: uid: (1010/backuppc) gid: (1010/1010) cmd: BackupPC_Admin [2008-12-12 11:43:32]: file is either setuid or setgid: (/var/www/cgi-bin/BackupPC_Admin)
[2008-12-12 11:44:25]: uid: (1010/backuppc) gid: (1010/1010) cmd: testsetuid [2008-12-12 11:44:25]: target uid/gid (1010/1010) mismatch with directory (0/0) or program (1010/1010) [2008-12-12 11:44:36]: uid: (1010/backuppc) gid: (1010/1010) cmd: BackupPC_Admin
[2008-12-12 11:44:36]: file is either setuid or setgid: (/var/www/cgi-bin/BackupPC_Admin)
Obviously I changed the uid and gid for backuppc, thinking that was part of the problem. It seemed to play a role, but wether it had the low uid (150) or the higher (1010) it still wouldn't work.
Do I have to create a 2nd instance of apache running as backuppc to get this functional on CentOS 4.7?
If any additional info is needed I'll be glad to provide it.
Thanks, Jim
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [BackupPC-users] CentOS 4.7 suid fails repeatedly with BackupPC,
Jim McNamara <=
|
|
|