On 6/7/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
"Joshua Slive" <[EMAIL PROTECTED]> writes:
> Check the group ownership. If the apache user is in the group that
> owns suexec, then group execute permissions are enough.
Ahh yes it was set `root apache' but when I do that on my home setup
then I an execute cgi in public_html as user but as my program tries
to access other files it fails.
That is:
-rwx--x--- 1 root apache 10880 May 31 15:09 /usr/sbin/suexec2
I can execute cgi but later on in the running program I get errors
like this:
Exception 435: unable to open image `image-cache/Sample Album/Orange
Flower_disp100.jpg': Permission denied at /idsShared.pm line 696.
But with:
-rwx--x--x 1 root root 10880 May 31 15:09 /usr/sbin/suexec2
It works fine. All that changed is the permission shown above.
Does require an apache restart.
You lost the suid "s" bit somewhere along the way. Without this,
suexec doesn't do anything.
As to your question of whether it is more secure to run with only the
group execute bit, it doesn't make much difference in the case of
suexec because the binary will exit if it isn't called by the specific
user/group registered at compile-time.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
