Re: suexec permissions

To: debian-isp@lists.debian.org
Subject: Re: suexec permissions
From: "Maarten" <debian@ultratux.org>
Date: Mon, 10 Jan 2005 12:28:28 +0100
Message-id: <[🔎] 200501101228.28241.debian@ultratux.org>
In-reply-to: <[🔎] 4466.213.164.3.90.1105355124.squirrel@213.164.3.90>
References: <[🔎] 65138.213.164.3.90.1105350492.squirrel@213.164.3.90> <[🔎] 200501101203.03099.debian@ultratux.org> <[🔎] 4466.213.164.3.90.1105355124.squirrel@213.164.3.90>

On Monday 10 January 2005 12:05, nodata wrote:
> > On Monday 10 January 2005 11:34, nodata wrote:
> >> > nodata wrote:

> >> Ah this would explain things more - but then shouldn't running
> >> http://website/cgi-bin/test.pl work? I get the same search permissions
> >> error..
> >
> > Why of course.  The server doesn't 'know' anything about that file (or
> > that it
> > even exists) until it can 'stat' it.  And now it _cannot_ stat it ;-)
> > It sound like a chicken and egg problem to me.
> >
> > Maarten
>
> Ah. So what do other people do?

Dunno, I'm not really into apache in a deep way.

> I could chgrp www-data, but then suexec complains.
> I could give o+rx access, but then I'm left with anyone on the machine
> being able to read everything.

Experiment. Maybe setting 711 on the directories leading up to that file 
changes things enough ?   Or maybe leaving all dirs 755 (but not the files 
itself) fixes it and leaves enough security for your setup ? Try it.

Maarten 

--

Reply to:

References:
- suexec permissions
  - From: "nodata" <debian@nodata.co.uk>
- Re: suexec permissions
  - From: Maarten <debian@ultratux.org>
- Re: suexec permissions
  - From: "nodata" <debian@nodata.co.uk>

Prev by Date: Re: suexec permissions
Next by Date: Re: suexec permissions
Previous by thread: Re: suexec permissions
Next by thread: Re: suexec permissions
Index(es):
- Date
- Thread