Package: apache Version: 1.3.31-4 Severity: wishlist Looks that currently (unless suexec is recompiled) it's impossible to make a virtual host that will run cgi scripts under user configured by User= directive, if script are located under virtual hosts's DocumentRoot that is outside of /var/www, e.g. in vhost maintainer's home directory under /home.
This is caused by "docroot" compiled in suexec binary. It would be good if suexec will follow DocumentRoot setting in apache configuration instead. To do so without making suexec less secure, probably current virtual host should be passed to suexec in additional command line argument, and appropriate docroot parsed from apache configuration by suexec itself. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (620, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.7-1-k7-smp Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R Versions of packages apache depends on: ii apache-common 1.3.31-4 Support files for all Apache webse ii debconf 1.4.30.3 Debian configuration management sy ii dpkg 1.10.23 Package maintenance system for Deb ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [ ii libexpat1 1.95.6-8 XML parsing C library - runtime li ii libmagic1 4.09-1 File type determination library us ii logrotate 3.7-2 Log rotation utility ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap ii perl 5.8.4-2 Larry Wall's Practical Extraction -- debconf information excluded