Re: Apache fails to ExecCGI properly

To: Daniel Whelan <merlin@ophelan.com>
Cc: Tim Moss <debian@to11.net>, debian-user@lists.debian.org
Subject: Re: Apache fails to ExecCGI properly
From: Tim Moss <debian@to11.net>
Date: Fri, 1 Mar 2002 16:54:49 -0800
Message-id: <[🔎] 20020302005448.GA937@hmpiii2.trinity200.org>
In-reply-to: <[🔎] 3C7FD708.D90061CD@ophelan.com>
References: <3C7E9654.36434FFC@ophelan.com> <[🔎] 20020301175805.GA20872@hmpiii2.trinity200.org> <[🔎] 3C7FD708.D90061CD@ophelan.com>

Apparently, on Fri, Mar 01, 2002 at 02:31:20PM -0500, Daniel Whelan wrote:
> > Look at /var/log/apache/suexec.log. I think it's because your scripts
> > are outside the suexec docroot (which is /var/www/ in the Debian
> > packages).
> 
> Looks like you might be onto something. This is what I get in the
> suexec.log:
> 
> [2002-03-01 14:27:25]: info: (target/actual) uid: (whelan/whelan) gid:
> (dialout/dialout) cmd: foo.sh
> [2002-03-01 14:27:25]: crit: cannot run as forbidden gid (20/foo.sh)
> 
> So...it is correctly identifying my user as whelan and my group as
> dialout (group being a result of group mismapping across architectures).
> The questions are, why is gid 20 forbidden and how can this be changed.
> 
It's probably that the gid is below the minimum number allowed by suexec to
execute CGI's. Looks like Debian uses the default minimum of 100 (same
for the minimum uid).

For more info about how suexec works, check out
http://httpd.apache.org/docs/suexec.html

--

Reply to:

References:
- Re: Apache fails to ExecCGI properly
  - From: Tim Moss <debian@to11.net>
- Re: Apache fails to ExecCGI properly
  - From: Daniel Whelan <merlin@ophelan.com>

Prev by Date: Re: ssh and private resources?
Next by Date: Re: Enough time wasted, moving on
Previous by thread: Re: Apache fails to ExecCGI properly
Next by thread: fetchmail? screwed up
Index(es):
- Date
- Thread