httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] Suexec and shared CGI-BIN
Date Fri, 08 Aug 2003 15:38:39 GMT
Remco Bressers wrote:
> These scripts will be run by
> www.domainnameofcustomer.nl/cgi-bin/whatever.pl, so it will have to run
> from the customers domainname.
>
> Ofcourse, i get the following error:
> [2003-08-08 12:30:38]: error: target uid/gid (1064/1064) mismatch with
> directory (0/0) or program (80/80)

I'm no SuExec expert, but I assume this is step 18 in its security model:
http://httpd.apache.org/docs/suexec.html#model

I'd have thought it was enough that it had world permissions, but it seems
as it isn't.

> Is there any workaround for this? I don't want to put the CGI in every
> home directory, i want it systemwide (/usr/local/www/cgi-bin).

Obviously you could hack away the check and recompile, but that is not a
good solution.

A possible workaround is to perform an internal proxy request or a redirect
through mod_rewrite, or even an external redirect, to a shared virtual host
which user owns the CGIs. There are numerous ways to perform the end result
of having the CGIs executed by a single user.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message