Page MenuHomeDevCentral
Create Task
Maniphest T824

Tests for SuEXEC on Ysul
Closed, ResolvedPublic
Actions

Description

We can query the compile options of Apache HTTPD and SuEXEC to check if present and if the binary exists:

$ httpd -V
[...]
Server compiled with....
[...]
 -D SUEXEC_BIN="/usr/local/sbin/suexec"
[...]
$ suexec -V
 -D AP_DOC_ROOT="/usr/local/www/data"
 -D AP_GID_MIN=1000
 -D AP_HTTPD_USER="www"
 -D AP_LOG_EXEC="/var/log/httpd-suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=1000
 -D AP_USERDIR_SUFFIX="public_html"
$ ls /usr/local/sbin/suexec # the value from SUEXEC_BIN compile option
/usr/local/sbin/suexec

Revisions and Commits

rTESTSPRODENV Test suite for operations: prod-environment-behaves-correctly
D1826rTESTSPRODENV729e8dd54f89 Don't test Apache on Ysul anymore
rOPS Nasqueron Operations
D371rOPS86c8e06e7946 Check if Apache is up and SuEXEC installed on Ysul

Related Objects

Event Timeline

dereckson created this task.May 12 2016, 09:35
dereckson added a revision: D371: Check if Apache is up and SuEXEC installed on Ysul.May 12 2016, 09:53
dereckson mentioned this in D371: Check if Apache is up and SuEXEC installed on Ysul.
dereckson mentioned this in rOPS86c8e06e7946: Check if Apache is up and SuEXEC installed on Ysul.May 31 2016, 21:21
dereckson added a commit: rOPS86c8e06e7946: Check if Apache is up and SuEXEC installed on Ysul.May 31 2016, 21:26
dereckson added a comment.May 31 2016, 21:28

So far, we've a minimal test checking for hard-coded value /usr/local/sbin/suexec.

@amj shares my concern about SuEXEC path

21:15:28 < amj> je me demande juste si on veut absolument que suexec soit à la place /usr/local/sbin/suexec

So we should detect this httpd -V | grep SUEXEC_BIN.

Sandlayth added a subscriber: Sandlayth.May 31 2016, 22:19

We can have the complete path to the executable through

httpd -V | grep SUEXEC_BIN | grep -o "/.*" | sed 's/.$//'
dereckson added a comment.Jun 3 2016, 16:59

Another thing to test: SuEXEC AP_DOC_ROOT should be /var/wwwroot.

dereckson mentioned this in rTESTSPRODENV0e8fea18d15b: Check if Apache is up and SuEXEC installed on Ysul.Jul 28 2016, 01:55
dereckson added a project: Operations sprints (Consolidate them all).EditedFeb 16 2020, 03:25

Tests should be extended to development servers and made optional, as we don't currently have an Apache working.

AFAIK all services have been migrated to nginx.

dereckson moved this task from Backlog to Pending review on the Operations sprints (Consolidate them all) board.Feb 16 2020, 03:25
dereckson claimed this task.Sep 22 2020, 00:59
dereckson closed this task as Resolved.Sep 22 2020, 01:02
dereckson added a revision: D1826: Don't test Apache on Ysul anymore.
dereckson added a commit: rTESTSPRODENV729e8dd54f89: Don't test Apache on Ysul anymore.

Code added in 2016 and pruned in 2018, as we don't use it anymore. So all is fine.

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator