DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=32229>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=32229 Strange behaviour of suexec + userdir Summary: Strange behaviour of suexec + userdir Product: Apache httpd-2.0 Version: 2.0.52 Platform: PC OS/Version: FreeBSD Status: NEW Severity: Normal Priority: Other Component: mod_suexec AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I have some problems with ~userdir suexec. Apache build parameters: ./configure \ --with-mpm=prefork \ --enable-so \ --enable-suexec \ --with-suexec-caller=nobody \ --with-suexec-userdir=public_html \ --with-suexec-docroot=/web/vhosting \ --with-suexec-uidmin=100 \ --with-suexec-gidmin=100 \ --with-suexec-safepath="/bin:/usr/bin:/usr/local/bin" \ --enable-ssl \ --enable-rewrite \ --enable-charset-lite ScriptAlias for user: ScriptAlias /~luthien/cgi-bin/ /web/users/luthien/public_html/cgi-bin/ When I place CGI script test.cgi to ~luthien/public_html/cgi-bin/, and try to open URL http://site/~luthien/cgi-bin/test.cgi, Apache runs test.cgi with nobody/nogroup permissions, and writes nothing to suexec_log. But with these settings: <Directory /web/users/luthien/public_html> AddHandler cgi-script .cgi Options ExecCGI </Directory> and test.cgi moved to public_html, Apache runs CGI with user's permissions, as it should be, and logs this to suexec_log. If I remove ScriptAlias from configuration, and move test.cgi back to cgi-bin, Apache runs it as nobody/nogroup again. Is it my mistake or a bug ? Apache 1.3 handles such situation with ScriptAlias correctly (I've just upgraded from Apache 1.3 to Apache2). I also have some virtual hosts with SuexecUserGroup directive, and it works correctly. Some details about server configuration: Suexec -V output: # ./suexec -V -D AP_DOC_ROOT="/web/vhosting" -D AP_GID_MIN=100 -D AP_HTTPD_USER="nobody" -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log" -D AP_SAFE_PATH="/bin:/usr/bin:/usr/local/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="public_html" A piece of httpd.conf: [...] ServerRoot "/usr/local/apache2" User nobody Group nobody ServerAdmin [EMAIL PROTECTED] ServerName www.vsi.ru UseCanonicalName Off DocumentRoot /web/vhosting/www.vsi.ru ScriptAlias /cgi-bin/ /web/vhosting/www.vsi.ru/cgi-bin/ <Directory "/web/users"> Options IncludesNOEXEC AllowOverride AuthConfig FileInfo Indexes Limit XBitHack On Order Allow,Deny Allow From All php_admin_flag engine off </Directory> <Directory "/web/vhosting/www.vsi.ru"> AllowOverride All php_admin_value open_basedir /web/vhosting/www.vsi.ru/ php_admin_flag safe_mode off </Directory> Include conf/vhosts.conf Include conf/vusers.conf UserDir public_html A piece of vusers.conf: # For ~luthien ScriptAlias /~luthien/cgi-bin/ /web/users/luthien/public_html/cgi-bin/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
