Re: suexec permissions
> nodata wrote:
>>><discussion of User directive in VirtualHost elided>
>>>>Ah this would explain things more - but then shouldn't running
>>>>http://website/cgi-bin/test.pl work? I get the same search permissions
>>>Er, yep, as far as I can see, it should. suEXEC can be a little...
>>>What does /var/log/apache/suexec.log say?
>> Nothing :/
>> But the error log for this host has the "failed because search
>> are missing on a component of the path" error.
> A couple of things.
> The suEXEC wrapper itself does setuid() before most of the path/file
> so that's probably not the problem. The absence of anything in the log
> also indicates that Apache itself is having trouble reading things, not
> suEXEC wrapper.
> You might want to try loosening the read permissions on the CGI + path to
> CGI, and verify (by perhaps touching a file in /tmp) that it is running as
> user you intended it to. Then try tightening the read permissions on the
> itself, and then along the path to it.
Done. chmod o+rx on:
then running a system("touch /tmp/blairtest") from cgi-bin/test.pl creates
a file with bob:bob permissions.
> The other thing to check is that your scripts are physically located under
> suEXEC's DOC_ROOT (/var/www on Sarge, I think).
The problem with this setup is that I have to have o+rx permission on
directories and non-executables, which is a little messy (and I'm not sure
whether vsftpd can handle this).
Plus everyone on the machine can now read the files.