Sometimes you will see errors in your
error_log which look like this:
[Tue Feb 26 04:52:56 2008] [error] [client 220.127.116.11] suexec policy violation: see suexec log for more details [Tue Feb 26 04:52:56 2008] [error] [client 18.104.22.168] Premature end of script headers: gitweb.cgi
On RHEL 5.1 the
suexec.log itself can be found in
/etc/httpd/logs (itself just a symlink to
/var/log/httpd); if you are using another distro or OS then you may have to look elsewhere. It is a per-server log, not per VirtualHost.
cannot run as forbidden uid
You’ll see this error if you try to run as a user with a system account (which on most systems means an account with a UID below 500). I discovered this because I initially tried to run my Gitweb install as the
git user with a UID below 500.
The solution is to either change your
SuexecUserGroup directive to another (non-system account) user and group, or to change the user and group ID numbers using
usermod. I went for the latter solution.
command not in docroot
suexec requires the CGI script to be under the server’s DocumentRoot (not the VirtualHost DocumentRoot). It is permitted, however, for the VirtualHost DocumentRoot to be a symlink to a directory that appears under the real DocumentRoot.