Virtualmin & suEXEC

15 Dec
2008

If by chance you have installed the Webmin module Virtualmin at some point you may have come across the following error message when setting up the module:

Failed to save enabled features: The Suexec command on your system is configured to only run scripts under /var/www, but the Virtualmin base directory is /home. CGI and PHP scripts run as domain owners will not be executed.

This error message is caused by using a version of suEXEC compiled by default to use /var/www as the document root of Apache. The suEXEC feature allows to execute scripts as the user owning the virtual host instead of the global apache user increasing security. The solution has either been to recompile suEXEC with the new desired path (/home in this case) or simply disable (Server Templates > Apache Website > Automatically add appropriate SuExec directive?) suEXEC completely inside the Virtualmin module configuration.

A much simpler approach I used was to create a link between the two directories. I used mount to bind the two directories together and act as one. Voila, Virtualmin now continued the module setup without a remark!

To achieve this I ran the following command as root:

mount --bind /var/www /home

That is it really. Now the directories act as one for the suEXEC wrapper too.

Please note this will usually only last till next reboot. To mount permanently include the following line into your /etc/fstab:

/var/www /home none bind

The following is the extract from the mount man page:

Since Linux 2.4.0 it is possible to remount part of the file hierarchy somewhere else. The call is
mount --bind olddir newdir
or fstab entry is:
/olddir  /newdir  none  bind
After this call the same contents is accessible in two places.  One can also remount a single file (on a single file).

One note is that if you already had local users set up inside the /home directory you will mount on top of it, making the existing users data unavailable (not deleted). Simply unmount again and the users data will be back again. To get around this change the default path Virtualmin uses to create new virtual hosts home directories to something else e.g. /virtualmin. This can be done in the Users & Groups module.

10 Responses to Virtualmin & suEXEC

Avatar

jesse

March 8th, 2009 at 13:04

Thank you! I have been stuck on this for 3 days and this fixed it 🙂

Avatar

Eamonn Sweeney

April 13th, 2009 at 02:41

No need to mount anything, just create a symlink in /var to point to /home, shell commands prefixed by #
remove the original /var/www directory
#rm -fr /var/www
create a symbolic link
#ln -s /home /var/www
Done. Start using virtualmin.

Avatar

mr-euro

April 22nd, 2009 at 11:08

@Eamonn

I am certain that a symlink was the first (and simplest) solution I tried. Since this issue came up long time ago I do not recall the exact outcome, although it seems a symlink did not work properly or else I would not have looked into the mount alternative.

Best Regards!

Avatar

Xavstarblues

June 1st, 2009 at 02:06

Simply brilliant… i was afraid of compiling stuff on a online server, your solution is really easy and fully working, greatest thanks 😉

Avatar

Anuj

August 30th, 2009 at 18:17

Thanks Dude !!, that symbolic linking really works !!

Avatar

Todd

September 1st, 2009 at 05:12

Sadly, this solution can break quotas on some systems. This link has an alternate solution (http://www.webminforum.com/viewtopic.php?f=5&p=190) which may help better for some users.

Avatar

mr-euro

September 3rd, 2009 at 18:36

@Todd

Disabling Suexec completely is actually mentioned already in the 3rd paragraph of my post:

…or simply disable (Server Templates > Apache Website > Automatically add appropriate SuExec directive?) suEXEC completely inside the Virtualmin module configuration.

Best Regards!

Avatar

Alex

September 18th, 2009 at 03:25

I did this, and now my entire home directory is missing. Shit, this is a big problem.

How do I undo this command: mount –bind /var/www /home

Avatar

mr-euro

September 23rd, 2009 at 14:07

@Alex

It is not deleted. You simply mounted a new location on top as also described in the last paragraph of this post.

Simply unmount it using the umount command.

Avatar

eklmn

February 10th, 2011 at 01:37

Great! Спасибо )

Comment Form

top