This is a discussion on Config Bugzilla on CentOS w Plesk (with suexec) - Security ; Hi all, There was another old thread in Mozilla about this problem that I've been fighting with for a couple days. Anyway, rather than revive the 3yo thread, I thought I'd post new here. I hoping this is a better ...
There was another old thread in Mozilla about this problem that I've been fighting with for a couple days. Anyway, rather than revive the 3yo thread, I thought I'd post new here. I hoping this is a better place than the Mozilla forum.
The general task was installing Bugzilla (3.6) within a dedicated subdomain (e.g. bugzilla.sample.com) on a CentOS 5 box managed with Pesk 8.6.0
Of course, following the installation instructions is obligatory!! However, there were a couple things that were not clear/settled in the documentation and other threads on this problem turned up by google.
After following the instructions to the best of my ability, I was still getting Error 500's and seeing the cryptic message:
==> error_log <== ( /var/www/vhosts/bugzilla.sample.com/statistics/logs/error_log)
[Mon May 03 21:32:06 2010] [error] [client xx.xx.xx.xx] Premature end of script headers: index.cgi, referer: http://bugzilla.sample.com/
After a lot of searching I located another error file where some additional information was noted:
==> /var/log/httpd/suexec_log <==
[2010-05-03 21:31:41]: uid: (10030/plesk_user) gid: (2523/2523) cmd: index.cgi
[2010-05-03 21:31:41]: target uid/gid (10030/2523 or 2522) mismatch with directory (10030/2522) or program (10030/2522)
Everyone talking about this was clearly indicating a permission problem, but it was very tricky as to the exact combination necessary. This is the solution that eventually worked for me. (User beware, your mileage may vary.)
Edit localconfig (/var/www/vhosts/bugzilla.sample.com/httpdocs/localconfig)
Ensure $webservergroup = 'psacln';
(or whatever the SuexecUserGroup group value is in /var/www/vhosts/bugzilla.sample.com/conf/http.include)
Ensure $use_suexec = 1;
chown plesk_usersaserv httpdocs
chown -R plesk_user *.cgi *.txt *.pl *.pm *.dtd localconfig .htaccess README Bugzilla CVS contrib data docs extensions graphs images js lib skins t template
This got the site working, but the error log was still be clogged up with errors of the style of this:
==> error_log <==
[Mon May 03 21:33:27 2010] [error] [client xx.xx.xx.xx] mod_mime_magic: can't read `/var/www/vhosts/bugzilla.sample.com/httpdocs/index.cgi', referer: http://bugzilla.sample.com
As such, I added world read to *.cgi, e.g.
chmod o+r /var/www/vhosts/bugzilla.sample.com/httpdocs/*.cgi
Someone somewhere commented on needing to manually add the plesk_user to the server group (psaserv in my case?). I haven't tried this. Even so, I would probably create a NEW group defined equivalently to psaserv + plesk_user and use that instead...
Please feel free to comment if you can improve on this config.