On Feb 14, 2006, at 10:35 AM, Mehmet Fatih AKBULUT wrote:
yes,
> Options FollowSymLinks ExecCGI for cgi-bin directories.
setuid root means what ? ;)
did some google analysis and found out this : qmailadmin must be
setuid root ?
dont know what this is and not sure if my qmailadmin is setuid root
or not ?
do you know anything about this ?
setuid is part of suexec. "The suEXEC feature -- introduced in
Apache 1.2 -- provides Apache users the ability to run CGI and SSI
programs under user IDs different from the user ID of the calling web-
server. Normally, when a CGI or SSI program executes, it runs as the
same user who is running the web server."
qmailadmin does not need to be run as root. I believe doing so would
be a bad idea. If you are not confident about how to configure it
securely, I would not use setuid at all.
http://httpd.apache.org/docs/2.0/suexec.html
http://httpd.apache.org/docs/1.3/suexec.html
Rather than symlinking /var/www/cgi-bin to /usr/lib/cgi-bin, you
could try adding this to your configuration : "ScriptAlias /cgi-bin/ /
usr/lib/cgi-bin/". Put this in the VirtualHost which serves /var/www.
http://httpd.apache.org/docs/2.0/mod/mod_alias.html
http://httpd.apache.org/docs/1.3/mod/mod_alias.html
http://httpd.apache.org/docs/2.0/misc/security_tips.html#saliasedcgi
http://httpd.apache.org/docs/2.0/mod/core.html#options
Could you post all relevant parts of your Apache configuration? I
believe that is where your trouble lies.
alex
.
