httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 32229] New: - Strange behaviour of suexec + userdir
Date Sun, 14 Nov 2004 09:24:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32229>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32229

Strange behaviour of suexec + userdir

           Summary: Strange behaviour of suexec + userdir
           Product: Apache httpd-2.0
           Version: 2.0.52
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_suexec
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: oleg@vsi.ru


I have some problems with ~userdir suexec.

Apache build parameters:

./configure \
    --with-mpm=prefork \
    --enable-so \
    --enable-suexec \
    --with-suexec-caller=nobody \
    --with-suexec-userdir=public_html \
    --with-suexec-docroot=/web/vhosting \
    --with-suexec-uidmin=100 \
    --with-suexec-gidmin=100 \
    --with-suexec-safepath="/bin:/usr/bin:/usr/local/bin" \
    --enable-ssl \
    --enable-rewrite \
    --enable-charset-lite

ScriptAlias for user:

ScriptAlias /~luthien/cgi-bin/ /web/users/luthien/public_html/cgi-bin/

When I place CGI script test.cgi to ~luthien/public_html/cgi-bin/, and try to 
open URL http://site/~luthien/cgi-bin/test.cgi, Apache runs test.cgi with 
nobody/nogroup permissions, and writes nothing to suexec_log. But with these 
settings:

<Directory /web/users/luthien/public_html>
AddHandler cgi-script .cgi
Options ExecCGI
</Directory>

and test.cgi moved to public_html, Apache runs CGI with user's permissions, as 
it should be, and logs this to suexec_log. If I remove ScriptAlias from 
configuration, and move test.cgi back to cgi-bin, Apache runs it as 
nobody/nogroup again. Is it my mistake or a bug ? Apache 1.3 handles such 
situation with ScriptAlias correctly (I've just upgraded from Apache 1.3 to 
Apache2). I also have some virtual hosts with SuexecUserGroup directive, and it 
works correctly.

Some details about server configuration:

Suexec -V output:

# ./suexec -V
 -D AP_DOC_ROOT="/web/vhosting"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="nobody"
 -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
 -D AP_SAFE_PATH="/bin:/usr/bin:/usr/local/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

A piece of httpd.conf:

[...]
ServerRoot "/usr/local/apache2"
User  nobody
Group nobody
ServerAdmin noc@vsi.ru
ServerName www.vsi.ru
UseCanonicalName Off
DocumentRoot /web/vhosting/www.vsi.ru
ScriptAlias /cgi-bin/ /web/vhosting/www.vsi.ru/cgi-bin/
<Directory "/web/users">
    Options        IncludesNOEXEC
    AllowOverride  AuthConfig FileInfo Indexes Limit
    XBitHack       On
    Order          Allow,Deny
    Allow          From All
    php_admin_flag engine off
</Directory>
<Directory "/web/vhosting/www.vsi.ru">
    AllowOverride   All
    php_admin_value open_basedir /web/vhosting/www.vsi.ru/
    php_admin_flag  safe_mode off
</Directory>
Include conf/vhosts.conf
Include conf/vusers.conf
UserDir public_html

A piece of vusers.conf:

# For ~luthien
ScriptAlias /~luthien/cgi-bin/ /web/users/luthien/public_html/cgi-bin/

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message