[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

suExec annoyances

Can anyone explain to me the restriction on where I can place cgi
scripts if suExec is being used with apache? As best as I can
understand, all cgi scripts must be contained under the *global*
DocumentRoot in order for suExec to run them. This means that when I
have a setup like

DocumentRoot /var/www

<VirtualHost my.ip.address>
  ServerName my.virtualhost.com
  DocumentRoot /usr/local/share/virtualhost
  ScriptAlias /cgi-bin/ /usr/local/share/virtualhost/cgi-bin/
  User vhostusr
  Group vhostgrp

Then requests to any cgi script within
http://my.virtualhost.com/cgi-bin/ will fail with an internal server
error, claiming that the command is "not in the docroot".

Why do I have to completely rearrange my directory structure just to get
suExec to work? All cgi scripts in user home directories fail under this
setup because /home/username is not under /var/www (and any page
accessed using ~username automatically triggers suExec).

The obvious workaround is to set DocumentRoot to /, but I can't think of
a more crazily insecure option.

Does anyone have any suggestions? It seems to me that suExec should be
seeing whether the command is in the documentroot *for this virtual
host*... and I don't understand why it isn't doing that.


Reply to: