You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mike Scott <Mi...@Sun.COM> on 2002/01/17 15:35:16 UTC
UserDir and setuid CGI's
I have a setup that requires that I use the UserDir to give user access to their home directories (on a VHOSTed config). I also need to grant them access to cgi-bin directories, and have their scripts run as their own userid's.
I've got the UserDir working, but I can't figure out from the documentation how to get the setuid cgi directory working...
I found this in http://httpd.apache.org/docs/suexec.html
"For security and efficiency reasons, all suexec requests must remain within either a top-level document root for virtual host requests, or one top-level personal document root for userdir requests. For example, if you have four VirtualHosts configured, you would need to structure all of your VHosts' document roots off of one main Apache document hierarchy to take advantage of suEXEC for VirtualHosts. (Example forthcoming.) "
This isn't very clear, and am having trouble getting it to work...
Can anyone more experienced than I perhaps give an example config that I can work from..
Regards,
Mike
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: UserDir and setuid CGI's
Posted by Joshua Slive <jo...@slive.ca>.
> From: Mike.Scott@Sun.COM [mailto:Mike.Scott@Sun.COM]
> Thanks! - Halfway there... I see where I was going wrong now,
> but it's now complaining about something else... the suexec
> module is bombing out when I try to execute a CGI script (the
> same script works when not used with the UserDir/suexec..) - the
> following message in suexec-log:
>
> [2002-01-17 16:41:06]: emerg: cannot get docroot information (/home/mike)
>
> ("/home/mike" does exist, is readable, and the directory has the
> correct permissions)
If you know a little C, the best thing to do is actually read through
suexec.c for where this error message occurs, and check to see what is
happening.
The only thing I can suggest is to make sure that /home, /home/mike, and
/home/mike/public_html are world searchable (chmod +x).
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: UserDir and setuid CGI's
Posted by Mike Scott <Mi...@Sun.COM>.
Thanks! - Halfway there... I see where I was going wrong now, but it's now complaining about something else... the suexec module is bombing out when I try to execute a CGI script (the same script works when not used with the UserDir/suexec..) - the following message in suexec-log:
[2002-01-17 16:41:06]: emerg: cannot get docroot information (/home/mike)
("/home/mike" does exist, is readable, and the directory has the correct permissions)
Any ideas - I did a search, but couldn't find anything relevant... :(
Joshua Slive wrote:
>
> > From: Mike.Scott@Sun.COM [mailto:Mike.Scott@Sun.COM]
>
> > I've got the UserDir working, but I can't figure out from the
> > documentation how to get the setuid cgi directory working...
> >
> > I found this in http://httpd.apache.org/docs/suexec.html
>
> For user directories, that means that all cgi scripts must be underneath the
> public_html directory, assuming that was the designated user directory when
> you compiled suexec. Therefore, you will want to use a setup like number 2
> in http://httpd.apache.org/docs/misc/FAQ.html#user-cgi
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: UserDir and setuid CGI's
Posted by Joshua Slive <jo...@slive.ca>.
> From: Mike.Scott@Sun.COM [mailto:Mike.Scott@Sun.COM]
> I've got the UserDir working, but I can't figure out from the
> documentation how to get the setuid cgi directory working...
>
> I found this in http://httpd.apache.org/docs/suexec.html
For user directories, that means that all cgi scripts must be underneath the
public_html directory, assuming that was the designated user directory when
you compiled suexec. Therefore, you will want to use a setup like number 2
in http://httpd.apache.org/docs/misc/FAQ.html#user-cgi
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org