Home » Tips n Tricks, Tutorials

Target uid/gid Mismatch with Directory or Program

10 December 2007 7 Comments

This Sunday at 2 AM, I got a call from one client, who complained that cgi scripts on his website stopped working all of a sudden. This being peak season for his business, he was a worried lot and wanted me to give it an immediate attention. I rushed to my workstation. Client was on phone telling me the urls and script names which stopped working. I saw it was throwing “500 Internal Server Error”. My first question to client was if he has made any changes to the scripts or re-uploaded or changed the permissions on the files. He denied doing anything. On the other hand he said that might be something has changed on server. I wasn’t sure as neither data centre housing my servers nor the server management guy, managing my servers, had informed me of any changes. I told client to wait for sometime as I look into it.

My next stop was error log. It was of little help as it showed:

[Sun Dec 02 01:58:02 2007] [error] [client xx.xx.xx.xxx] suexec 
policy violation: see suexec log for more details     

[Sun Dec 02 01:58:02 2007] [error] [client xxx.xx.xx.xxx] Premature 
end of script headers: FrmsMail2.cgi 

However, it made one thing sure that some updation / patching of APACHE / Kernel or firewall has taken place on server which broke these cgi scripts. I shoot a mail to my Data Centre as well as the Server Management person and I started looking at suexec.log. Within minutes I had reply from both place. Data centre team said that they will take a look at the issue and the server management guy said that he is already looking at the problem as another client had directly contacted him. But, I needed some solution immediately as the client who called me first hand was calling again and again.

suexec log had me:

target uid/gid (uid-1/gid-1) mismatch with directory 
(uid-2/gid-2) or program (uid-3/gid-3)

I googled it and came to a decision that it is related to some ownership / permission issues of folders and files. Now I started taking a stock of all files and folders involved. The page calling the offending script was owned by user ‘xxxxxx’ under group ‘psacln’. CGI-BIN folder was owned by same user but under group ‘psaserv’, while the cgi script itself was owned by user ‘xxxxxx’ under group ‘psacln’ (this server uses hence psaserv and psacln). The cgi file was in root of cgi-bin folder. I wasn’t sure if this could be the problem, however I tried to adopt some error and trial method. Just created another folder under cgi-bin folder, made a copy of cgi script under the new folder and called the script from my browser.

WOW!!!!!!!!! it was working perfect. I looked at the temp folders’ ownership. It was owned by user ‘xxxxxx’ under group ‘psacln’. So, now the page calling the script, the folder housing the script and the script itself was owned by same user under same group and it was working fine without changing a bit of code. I quickly changed the reference of cgi-bin file in the calling page and informed the client about success.

Didn’t forget to thank and inform the data centre team and my server management person and it was just 2.45 am so still I could get some sleep.

7 Comments »

  • Scott said:

    Thanks – was caught out with this one!

  • arnaud said:

    Thanks ! that was very helpful !

  • jesus said:

    that was very helpful!!!
    i just changed ownership and group and my cgi files worked
    thanks!!!

  • Mark said:

    Mad props to you bro. I encountered the same problem and googled for a solution. Couldn’t find one that really worked till I found yours. – Thanks man, at times I tend to overcomplicate stuffs when the solution is so straightforward

    Mark Derulo
    Wichita, KS

  • Grahame said:

    Thanks for your help, this one has been annoying me for so long and I’ve been having to work around it for years.

  • Mat said:

    Trying to figure out what was going wrong took me ages. This old post has helped me enormously. Thanks a lot!

  • Rajeev Kumar said:

    Awesome !! Thank you. save a lot of time. Worked in first go 🙂

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.