> nodata wrote: >>><discussion of User directive in VirtualHost elided> >>> >>>nodata wrote: >>> >>>>Ah this would explain things more - but then shouldn't running >>>>http://website/cgi-bin/test.pl work? I get the same search permissions >>>>error.. >>> >>>Er, yep, as far as I can see, it should. suEXEC can be a little... >>>finicky :) >>> >>>What does /var/log/apache/suexec.log say? >> >> >> Nothing :/ >> >> But the error log for this host has the "failed because search >> permissions >> are missing on a component of the path" error. > > A couple of things. > > The suEXEC wrapper itself does setuid() before most of the path/file > checks, > so that's probably not the problem. The absence of anything in the log > file > also indicates that Apache itself is having trouble reading things, not > the > suEXEC wrapper. > > You might want to try loosening the read permissions on the CGI + path to > the > CGI, and verify (by perhaps touching a file in /tmp) that it is running as > the > user you intended it to. Then try tightening the read permissions on the > CGI > itself, and then along the path to it.
Done. chmod o+rx on: /var/www/bob /var/www/bob/htdocs /var/www/bob/cgi-bin then running a system("touch /tmp/blairtest") from cgi-bin/test.pl creates a file with bob:bob permissions. > The other thing to check is that your scripts are physically located under > suEXEC's DOC_ROOT (/var/www on Sarge, I think). They are. > > Regards, > > Blair. > The problem with this setup is that I have to have o+rx permission on directories and non-executables, which is a little messy (and I'm not sure whether vsftpd can handle this). Plus everyone on the machine can now read the files. Ack.