httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John T. Stucki" <jstu...@stern.nyu.edu>
Subject Re: [users@httpd] suEXEC to execute CGI programs as the user to which the request is being directed
Date Thu, 06 Nov 2003 17:07:11 GMT
Actually I got it, I had to change the default group of my user in the 
password file.  Thanks Joshua.

John T. Stucki wrote:

> Thanks, but...
> 
> Ok, so I took out the SuexecUserGroup directive, but now I get this:
> [2003-11-06 11:50:47]: uid: (73503/localuser) gid: (1/1) cmd: cgi1.pl
> [2003-11-06 11:50:47]: cannot run as forbidden gid (1/cgi1.pl)
> 
> If I can't use SuexecUserGroup I can't set the gid, If I use 
> SuexecUserGroup  I can't get it to use the user's uid.  Seems like I'm 
> stuck between a rock and a hard place.
> 
> Here's additional info:
> # ls -al
> drwxr-xr-x   2 localuser nogroup      512 Nov  4 22:51 .
> drwxr-xr-x   3 localuser apache       512 Nov  4 22:51 ..
> -rw-r--r--   1 localuser nogroup     3088 Nov  6 11:31 castor-suexec.log
> -rwxr-xr-x   1 localuser nogroup      133 Nov  4 19:42 cgi1.pl
> 
> # ./apachectl -V
> Server version: Apache/2.0.47
> Server built:   Nov  3 2003 15:45:19
> Server's Module Magic Number: 20020903:4
> Architecture:   32-bit
> Server compiled with....
>  -D APACHE_MPM_DIR="server/mpm/prefork"
>  -D APR_HAS_SENDFILE
>  -D APR_HAS_MMAP
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
>  -D APR_USE_PROC_PTHREAD_SERIALIZE
>  -D APR_USE_PTHREAD_SERIALIZE
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>  -D APR_HAS_OTHER_CHILD
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>  -D HTTPD_ROOT="/usr/local/apache-2.0.47"
>  -D SUEXEC_BIN="/usr/local/apache-2.0.47/bin/suexec"
>  -D DEFAULT_PIDLOG="logs/httpd.pid"
>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>  -D DEFAULT_LOCKFILE="logs/accept.lock"
>  -D DEFAULT_ERRORLOG="logs/error_log"
>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
> 
> 
> 
> Joshua Slive wrote:
> 
>> On Thu, 6 Nov 2003, John T. Stucki wrote:
>>
>>> when this cgi script is run:
>>> http://myserver/~userA/test.cgi
>>> the test.cgi process is run as userA
>>>
>>> and
>>>
>>> when this cgi script is run:
>>> http://myserver/~userB/test.cgi
>>> the test.cgi process is run as userB
>>>
>>> right???  but how do I configure it to do that?
>>>
>>> When I do this:
>>> SuexecUserGroup ~ nogroup
>>> I get this:
>>> httpd: bad user name ~
>>
>>
>>
>> You don't need to use the SuexecUserGroup directive.  User directories 
>> are
>> handled automatically by mod_userdir and suexec.
>>
>>
>>> Here's some additional info:
>>> I'm running Apache apache-2.0.47 on Solaris 9
>>> suexec -V
>>>  -D AP_DOC_ROOT="/web/pages"
>>>  -D AP_GID_MIN=100
>>>  -D AP_HTTPD_USER="apache"
>>>  -D AP_LOG_EXEC="castor-suexec.log"
>>>  -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
>>>  -D AP_UID_MIN=100
>>>  -D AP_USERDIR_SUFFIX="public_html"
>>
>>
>>
>> And what do you get from apachectl -V?
>>
>> Joshua.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message