httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aidan Cully <>
Subject Re: [PATCH] "responsible party" for requests.
Date Thu, 06 May 1999 19:27:11 GMT
On Wed, May 05, 1999 at 12:07:16PM, Rodent of Unusual Size said:
> I've played with this patch, and it looks rather interesting.
> I've made some tweaks for style and consistency; the updated
> patch (against to-day's HEAD) is attached.
> I haven't tested this with CGI or suexec; I don't use suexec
> at all.  Maybe someone else could run it through some suexec
> paces?
> +1 for 1.3.7.

In an effort to make this a slightly easier discussion for people
to get involved in, let me explain what the SuEXEC-related changes
are supposed to do..

Basically, I wanted this directive to be able to solve the PR I
submitted, suexec/4069: SuEXEC doesn't work with mod_userdir as
well as it should.  The problem (as I'm sure everyone is aware) is
that when a /~user request comes in, apache calls SuEXEC with a
~user argument.  When SuEXEC gets that argument, it tries to look
up the username in the password file, chdir ~user/public_html, and
then find the CGI-script to execute relative to that directory.
When using mod_userdir, there's no way to know that the ~userdir
will be located in ~user/public_html, so SuEXEC will never execute
a script for this user.

The only solution I had was to call SuEXEC with a 'user' argument,
instead of a '~user' argument, if the httpd.conf is configured to
do that.  If you specify a URIOwner for a file, SuEXEC gets 'user'
instead of '~user'.  If you don't specify the URIOwner, SuEXEC
continues to behave in the current fashion.

I've been running my hacked up Apache for about a month, now
(though it's still not running on the default port..  hopefully
that'll be fixed in the next two weeks), and I haven't noticed any
ill effects with our CGIs..  That should probably be taken with a
grain of salt, though, since we were always living with a
functionally equivalent hack.

I'd like to know that I solved this PR in a good way..  Can
someone else that uses SuEXEC please look at the patch?

Aidan Cully       "I'd rather have a bottle in front of me than a frontal
Panix Staff        lobotomy."        --Dorothy Parker

View raw message