httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Richardson <br...@cubik.ca>
Subject Re: [users@httpd] Permissions?
Date Mon, 18 Aug 2003 06:02:53 GMT
On August 17, 2003 10:27 pm, Leo Fouseki wrote:
> How can it be that where so many obstacles have been resolved, cgi-bin
> cannot be accessed...permission is denied... cgi-bin is in the
> "Standard" documentroot var/www/cgi-bin and/or var/www/html/cgi-bin and
> each of the directories has permissions set to the most permissive, and
> alias and scriptalias have been used.  Oddly, other users can access
> their cgi-bin  var/www/html/~user/public_html/cgi-bin if they log in and
> are authenticated. I wish I were posting a different query!  Thank you
> in advance crowd......if I'm drowning in oblivion please be gentle.
> Leo

Humm. I've read these postings in the opposite order you've posted. I think my 
previous reply was a little incomplete in light of this posting.

OK. Let me try and give you the basic rundown of how to set this up correctly.
You seem to want to set up two separate cgi-bin directories, one for your main 
server, and one for each user. A cgi-bin is a special directory, defined 
either as:

ScriptAlias /cgi-bin/ /path/to/cgi-bin/

or

<Directory /path/to/cgi-bin/>
    Options +ExecCGI
</Directory>

So, what you need is a line in your httpd.conf that says this:

ScriptAlias /cgi-bin/ /var/www/cgi-bin

And all scripts in this directory need to be mode 755 (rwxr-xr-x)

I would suspect the reason that your ~user/cgi-bin/ example works is that you 
have the following entry in your httpd.conf:

<Directory /home/*/public_html>
    Options Indexes, ...
    ...
</Directory>

Therefore, any attempt to access ~user/cgi-bin/ will succeed, giving a 
directory listing of all programs contained in 
/home/user/public_html/cgi-bin. However, unless your Userdirs are configured 
with Options +ExecCGI (YIKES!!!!), none of those scripts will execute.

Realistically, your best option to keep user CGIs separate, is to give them 
write access to their own directory under /var/www/cgi-bin so that you can 
control who is allowed to put CGIs onto the system.

HTH,
Brian

-- 
We must believe that it is the darkest before the dawn of a beautiful
new world.  We will see it when we believe it.
		-- Saul Alinsky
[Public key available at http://www.cubik.ca/~brian/]

Mime
View raw message