On Mon, 2005-01-10 at 10:48 +0100, nodata wrote: > Good morning, > > I'm having a some permissions trouble with suexec running on Sarge. > > I have a virtualhost for a user called Bob which specifies User Bob and > Group Bob in the /etc/apache/conf.d/bob.conf file. > > The permissions on /var/www/bob are: > drwx------ 2 bob bob 4096 Jan 10 10:30 cgi-bin > drwx------ 26 bob bob 4096 Jan 10 10:30 htdocs > > and the permissions on /var/www/bob/htdocs/index.html are: > drwx------ 1 bob bob 4096 Jan 10 10:30 index.html > > When I restart Apache, I get the following message in the Apache error log: > [Mon Jan 10 10:35:00 2005] [notice] suEXEC mechanism enabled (wrapper: > /usr/lib/apache/suexec) > > But when I try to access index.html, bob's error log shows: > > [Mon Jan 10 10:36:00 2005] [error] [client 10.1.1.1] (13)Permission > denied: access to /index.html failed because search permissions are > missing on a component of the path > Ofcourse you get this. Apache is run under www-data user and with this permissions www-data user cant stat any CGI in Bob's directory. You must put execute/access permission on directory and that is access bit (x) for directories.
`chmod 701 /var/www/bob` and same for any directory where apache (www-data) must enter to get files/scripts. With this setup other users can enter his directory but can't read anything. If they try to something like `ls -l` they'll get "ls: .: Permission denied" -- v , v v Zeljko Brajdic - Zorz