Can anyone explain to me the restriction on where I can place cgi
scripts if suExec is being used with apache? As best as I can
understand, all cgi scripts must be contained under the *global*
DocumentRoot in order for suExec to run them. This means that when I
have a setup like
ScriptAlias /cgi-bin/ /usr/local/share/virtualhost/cgi-bin/
Then requests to any cgi script within
http://my.virtualhost.com/cgi-bin/ will fail with an internal server
error, claiming that the command is "not in the docroot".
Why do I have to completely rearrange my directory structure just to get
suExec to work? All cgi scripts in user home directories fail under this
setup because /home/username is not under /var/www (and any page
accessed using ~username automatically triggers suExec).
The obvious workaround is to set DocumentRoot to /, but I can't think of
a more crazily insecure option.
Does anyone have any suggestions? It seems to me that suExec should be
seeing whether the command is in the documentroot *for this virtual
host*... and I don't understand why it isn't doing that.