Romain Francoise <[EMAIL PROTECTED]> said: > Then you'll have to recompile suEXEC to suit your needs, Debian cannot > support _every_ possible configuration and the default probably is the > most reasonable one since most people will have CGIs in the docroot.
Wait... what? Sure, Debian can't support *every* configuration, but what's wrong with supporting the default configuration that Debian ships with? (CGI scripts - like php-cgi - in /usr/lib/cgi-bin) Further, the situation where users have their files in the home directories is pretty common. I'd go so far as to say that any other layout is a contortion to work around this bug. I can't come up with a single good reason for the suexec docroot to be hard-coded to '/var/www' in Debian over a config file, or even hard coding it to '/'. There's no obvious security advantage, in fact it forces people to tamper with suexec themselves - which potentially introduces security problems. At very least, not being able to blindly install security updates to 'apache-common' is a problem. This bug has been submitted something like 5 times. Having CGI scripts run as their owner is an important bit of functionality that should just work, but instead the user is forced to mess around with recompiling a basic package to get this functionality. Why not fix this? Am I missing something? Is this just an issue with not wanting to diverge from upstream? What's the story here? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]