You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Zachary Palmer <ze...@bahj.com> on 2011/09/02 15:56:36 UTC
Re: [users@httpd] UserDir + Alias = suexec not being invoked
As an update, I have yet to find a solution to this nagging problem.
Does anyone have any suggestions or am I stuck trying to write my own
patch for UserDir?
Thanks,
Zach
> All,
>
> I have an Apache HTTPD instance I am trying to configure for a fairly
> small group of users. We're using mod_userdir and mod_suphp to ensure
> that user scripts are run as the users themselves rather than as the www
> user.
>
> My objective is to configure the website in such a way that certain
> distinguished portions of the site can be made easier to access. For
> instance, I would like
>
> http://mysite.com/~foouser/barsite
>
> to be equivalent to
>
> http://mysite.com/bazsite
>
> To this end, we have the following subset of configuration:
>
> <VirtualHost *:80>
> <Directory/var/www/>
> Options Indexes FollowSymLinks MultiViews ExecCGI Includes
> AllowOverride None
> Order allow,deny
> allow from all
> </Directory>
> <Directory/home/*/public_html>
> Options ExecCGI MultiViews Indexes SymLinksIfOwnerMatch
> IncludesNoExec
> AllowOverride All
> <Limit GET POST OPTIONS>
> Order allow,deny
> allow from all
> </Limit>
> <LimitExcept GET POST OPTIONS>
> Order deny,allow
> deny from all
> </LimitExcept>
> Order allow,deny
> allow from all
> </Directory>
> Alias /bazsite /home/foouser/public_html/barsite
> UserDir public_html
> UserDir disabled root
> # ... more stuff here ...
> </VirtualHost>
>
> Unfortunately, this does not permit suexec to do its job; in fact, it
> seems that suexec is never used. A script
> /home/foouser/public_html/barsite/test.py is executed correctly if
> accessed via the URL
>
> http://mysite.com/~foouser/barsite/test.py
>
> but, when accessed via the URL
>
> http://mysite.com/bazsite/test.py
>
> the script runs as the www user rather than as foouser. I would not
> have expected this, since it doesn't meet my intuitions about aliasing.
>
> Clearly, these alias directories need not be generative; they will be
> assigned on a case-by-case basis. Does anyone know how I would express
> to Apache that scripts in a specific subdirectory (recursively downward,
> of course) should always be executed by suexec to a given user?
>
> Thanks!
>
> Zach
>
Re: [users@httpd] UserDir + Alias = suexec not being invoked
Posted by Tom Evans <te...@googlemail.com>.
On Fri, Sep 2, 2011 at 2:56 PM, Zachary Palmer
<ze...@bahj.com> wrote:
> As an update, I have yet to find a solution to this nagging problem. Does
> anyone have any suggestions or am I stuck trying to write my own patch for
> UserDir?
>
> Thanks,
>
> Zach
>
I don't think this is a problem with mod_userdir. mod_userdir solely
maps requests with a user component in them (~foo) to the appropriate
user's directory. mod_suphp (not stock Apache) is what then
subsequently uses the user discovered during that phase to suexec as
the right user.
However, when you use the alias, mod_userdir is not involved - there
is no user component in the requested URI for it to get involved, and
so mod_suphp does nothing. I don't use PHP, let alone mod_suphp, but
looking at the docs, you can specify explicitly the user and group to
run as for a specific location or directory (suPHPUser_Group). You
will have to do this for any location/directory that you want to alias
away from using mod_userdir.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org