Re: Apache fails to ExecCGI properly
Apparently, on Fri, Mar 01, 2002 at 02:31:20PM -0500, Daniel Whelan wrote:
> > Look at /var/log/apache/suexec.log. I think it's because your scripts
> > are outside the suexec docroot (which is /var/www/ in the Debian
> > packages).
> Looks like you might be onto something. This is what I get in the
> [2002-03-01 14:27:25]: info: (target/actual) uid: (whelan/whelan) gid:
> (dialout/dialout) cmd: foo.sh
> [2002-03-01 14:27:25]: crit: cannot run as forbidden gid (20/foo.sh)
> So...it is correctly identifying my user as whelan and my group as
> dialout (group being a result of group mismapping across architectures).
> The questions are, why is gid 20 forbidden and how can this be changed.
It's probably that the gid is below the minimum number allowed by suexec to
execute CGI's. Looks like Debian uses the default minimum of 100 (same
for the minimum uid).
For more info about how suexec works, check out