Re: suexec permissions
> nodata wrote:
>>><discussion of User directive in VirtualHost elided>
>>>
>>>nodata wrote:
>>>
>>>>Ah this would explain things more - but then shouldn't running
>>>>http://website/cgi-bin/test.pl work? I get the same search permissions
>>>>error..
>>>
>>>Er, yep, as far as I can see, it should. suEXEC can be a little...
>>>finicky :)
>>>
>>>What does /var/log/apache/suexec.log say?
>>
>>
>> Nothing :/
>>
>> But the error log for this host has the "failed because search
>> permissions
>> are missing on a component of the path" error.
>
> A couple of things.
>
> The suEXEC wrapper itself does setuid() before most of the path/file
> checks,
> so that's probably not the problem. The absence of anything in the log
> file
> also indicates that Apache itself is having trouble reading things, not
> the
> suEXEC wrapper.
>
> You might want to try loosening the read permissions on the CGI + path to
> the
> CGI, and verify (by perhaps touching a file in /tmp) that it is running as
> the
> user you intended it to. Then try tightening the read permissions on the
> CGI
> itself, and then along the path to it.
Done. chmod o+rx on:
/var/www/bob
/var/www/bob/htdocs
/var/www/bob/cgi-bin
then running a system("touch /tmp/blairtest") from cgi-bin/test.pl creates
a file with bob:bob permissions.
> The other thing to check is that your scripts are physically located under
> suEXEC's DOC_ROOT (/var/www on Sarge, I think).
They are.
>
> Regards,
>
> Blair.
>
The problem with this setup is that I have to have o+rx permission on
directories and non-executables, which is a little messy (and I'm not sure
whether vsftpd can handle this).
Plus everyone on the machine can now read the files.
Ack.
Reply to: