You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/03/19 20:03:05 UTC
DO NOT REPLY [Bug 18156] New: -
Suexec runs as the VirtualHost user instead of the owner of the UserDir
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18156>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18156
Suexec runs as the VirtualHost user instead of the owner of the UserDir
Summary: Suexec runs as the VirtualHost user instead of the owner
of the UserDir
Product: Apache httpd-2.0
Version: 2.0.44
Platform: PC
URL: http://ares.penguinhosting.net:8000/~david/website/
OS/Version: Linux
Status: NEW
Severity: Normal
Priority: Other
Component: mod_suexec
AssignedTo: bugs@httpd.apache.org
ReportedBy: ian@penguinhosting.net
When executing CGI's inside a Userdir, Apache attempts to run the CGI at the
SuexecUserGroup from the VirtualHost directive instead of the user who's
directory we're looking at. This trips the security protection in suexec and
causes an Internal Server Error message. Suexec logs something like:
[2003-03-19 18:57:32]: target uid/gid (1000/1000) mismatch with directory
(1053/1053) or program (1053/1053)
(Where 1000/1000 is the SuexecUserGroup for the 'ares.penguinhosting.net' named
virtual host, and 1053/1053 is the user/group of 'david' for the listed URL).
Apache 1 behaves properly in the same case.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org