httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 18156] New: - Suexec runs as the VirtualHost user instead of the owner of the UserDir
Date Wed, 19 Mar 2003 19:03:05 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18156>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=18156

Suexec runs as the VirtualHost user instead of the owner of the UserDir

           Summary: Suexec runs as the VirtualHost user instead of the owner
                    of the UserDir
           Product: Apache httpd-2.0
           Version: 2.0.44
          Platform: PC
               URL: http://ares.penguinhosting.net:8000/~david/website/
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_suexec
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: ian@penguinhosting.net


When executing CGI's inside a Userdir, Apache attempts to run the CGI at the
SuexecUserGroup from the VirtualHost directive instead of the user who's
directory we're looking at.  This trips the security protection in suexec and
causes an Internal Server Error message.  Suexec logs something like:

[2003-03-19 18:57:32]: target uid/gid (1000/1000) mismatch with directory
(1053/1053) or program (1053/1053)

(Where 1000/1000 is the SuexecUserGroup for the 'ares.penguinhosting.net' named
virtual host, and 1053/1053 is the user/group of 'david' for the listed URL).

Apache 1 behaves properly in the same case.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message