Can anyone explain to me the restriction on where I can place cgi scripts if suExec is being used with apache? As best as I can understand, all cgi scripts must be contained under the *global* DocumentRoot in order for suExec to run them. This means that when I have a setup like
DocumentRoot /var/www <VirtualHost my.ip.address> ServerName my.virtualhost.com DocumentRoot /usr/local/share/virtualhost ScriptAlias /cgi-bin/ /usr/local/share/virtualhost/cgi-bin/ User vhostusr Group vhostgrp </VirtualHost> Then requests to any cgi script within http://my.virtualhost.com/cgi-bin/ will fail with an internal server error, claiming that the command is "not in the docroot". Why do I have to completely rearrange my directory structure just to get suExec to work? All cgi scripts in user home directories fail under this setup because /home/username is not under /var/www (and any page accessed using ~username automatically triggers suExec). The obvious workaround is to set DocumentRoot to /, but I can't think of a more crazily insecure option. Does anyone have any suggestions? It seems to me that suExec should be seeing whether the command is in the documentroot *for this virtual host*... and I don't understand why it isn't doing that. Stuart.
