httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dooley, Ryan" <dool...@missouri.edu>
Subject RE: CGI's, symlinks, and configurations oh my...
Date Wed, 18 Jul 2001 00:00:21 GMT
Ok... It's not an issue with apache... I just needed to get away from the
office :-)

Just needed to make sure that nosuid wasn't part of the fstab options for
the file system on which apache resides.

I did have to hack (brutally commented out) suexec.c to avoid the tests for
home directories being symlinks.  I'll see if I can come up with something a
bit more elegant and post back if anybody is intrested.

Cheers,
	Ryan

-----Original Message-----
From: Gonyou, Austin [mailto:austin@coremetrics.com]
Sent: Tuesday, July 17, 2001 2:36 PM
To: 'new-httpd@apache.org'
Subject: RE: CGI's, symlinks, and configurations oh my...


I found that to do this properly, I had to make sure the dirs were owned to
the process running HTTPD. Not sure why, that's the only thing that seemed
to fix it. Either that or 777 all the way down to the userdir. No good there
either. I know it's simpler than that though. 

-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-796-9023
email: austin@coremetrics.com 

> -----Original Message-----
> From: Dooley, Ryan [mailto:dooleyr@missouri.edu]
> Sent: Tuesday, July 17, 2001 2:25 PM
> To: 'new-httpd@apache.org'
> Subject: CGI's, symlinks, and configurations oh my...
> 
> 
> Hi,
> 
> If this is the wrong list please let me know...
> 
> Heres' the setup of apache_1.3.20 and redhat linux 7.1
> 
> Users's home dir is in /home but is a symlink to some other place (ie,
> /home/foobar -> /users/r/foobar) which is managed by amd (from
> http://www.am-utils.org/).
> 
> Apache has been setup with the following directive in httpd.conf
> 
> <Directory />
>     Options FollowSymLinks
>     AllowOverride None
> </Directory>
> 
> and
> 
> <Directory /home/*/www>
>     AllowOverride FileInfo AuthConfig Limit
>     Options MultiViews Indexes SymLinksIfOwnerMatch 
> IncludesNoExec ExecCGI
>     <Limit GET POST OPTIONS PROPFIND>
>         Order allow,deny
>         Allow from all
>     </Limit>
>     <LimitExcept GET POST OPTIONS PROPFIND>
>         Order deny,allow
>         Deny from all
>     </LimitExcept>
> </Directory>
> 
> Which produces the error
> 
> [Tue Jul 17 14:13:09 2001] [error] (1)Operation not permitted: exec of
> /home/foobar/www/helloworld.cgi failed
> [Tue Jul 17 14:13:09 2001] [error] [client 128.206.94.220] 
> Premature end of
> script headers: /home/foobar/www/helloworld.cgi
> 
> So, I change the above Directory config to: (/users/*/*/www 
> would be the
> path to the real home directory)
> 
> <Directory /users/*/*/www>
>     AllowOverride FileInfo AuthConfig Limit
>     Options MultiViews Indexes SymLinksIfOwnersMatch 
> IncludesNoExec ExecCGI
>     <Limit GET POST OPTIONS PROPFIND>
>         Order allow,deny
>         Allow from all
>     </Limit>
>     <LimitExcept GET POST OPTIONS PROPFIND>
>         Order deny,allow
>         Deny from all
>     </LimitExcept>
> </Directory>
> 
> No dice here either... the error is:
> 
> [Tue Jul 17 14:03:10 2001] [error] [client 128.206.94.220] 
> Options ExecCGI
> is off in this directory: /home/foobar/www/helloworld.cgi
> 
> I've also tried changing SymlinksIfOwnersMatch to 
> FollowSymlinks under the
> idea that apache saw that the owner of the symlink 
> /home/foobar is root.root
> 
> Any pointers would be great (or a thwack from the Clue x4 :-)
> 
> Cheers and Thanks in Advance,
> 	Ryan
> 

Mime
View raw message