Re: suExec annoyances
On Wed, 9 Feb 2000, Adam Shand wrote:
>
> > Can anyone explain to me the restriction on where I can place cgi
> > scripts if suExec is being used with apache? As best as I can
> > understand, all cgi scripts must be contained under the *global*
> > DocumentRoot in order for suExec to run them. This means that when I
> > have a setup like
>
> cgi's go in exactly the same place they would go if you weren't running
> suexec.
>
> > DocumentRoot /var/www
> >
> > <VirtualHost my.ip.address>
> > ServerName my.virtualhost.com
> > DocumentRoot /usr/local/share/virtualhost
> > ScriptAlias /cgi-bin/ /usr/local/share/virtualhost/cgi-bin/
> > User vhostusr
> > Group vhostgrp
> > </VirtualHost>
> >
> > Then requests to any cgi script within
> > http://my.virtualhost.com/cgi-bin/ will fail with an internal server
> > error, claiming that the command is "not in the docroot".
If suexec is used then virtualhost cgi-s which are suid-ed (you gave user
and group at virtualhost) must reside physically under /var/www/htdocs in
slink and I don't know exactly off my head where they must be in potato
version of apache-common.
They must be go-w and must reside in a go-w directory. (must be writable
only by the user). They must be owned by the user and group given in the
virtual host section.
If there is still more problem, look at /var/log/apache/suexec.log,
plaintext error messages are there for other existing constraints.
> that is *NOT* a good idea.
>
> > Does anyone have any suggestions? It seems to me that suExec should be
> > seeing whether the command is in the documentroot *for this virtual
> > host*... and I don't understand why it isn't doing that.
>
> the way you think it should work *is* the way it works, something else is
> going wrong.
>
> adam.
I myself put cgi-s under /var/www/htdocs/vhostname and the default docroot
is /var/www/default.
The vhost docroots are in the /home.
Robert Varga
Reply to: