httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Derevenetz" <o...@vsi.ru>
Subject [users@httpd] Apache 2.0.52, suexec and user home dirs
Date Sat, 13 Nov 2004 16:20:17 GMT
Hi all,

I just installed Apache 2.0.52, and have some troubles with suexec setup.

OS: FreeBSD 4.10

Configure parameters:

./configure \
    --with-mpm=prefork \
    --enable-so \
    --enable-suexec \
    --with-suexec-caller=nobody \
    --with-suexec-docroot=/web \
    --with-suexec-uidmin=100 \
    --with-suexec-gidmin=100 \
    --with-suexec-safepath="/bin:/usr/bin:/usr/local/bin" \
    --enable-ssl \
    --enable-rewrite \
    --enable-charset-lite

Suexec -V output:

# ./suexec -V
 -D AP_DOC_ROOT="/web"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="nobody"
 -D AP_LOG_EXEC="/usr/local/apache2/logs/suexec_log"
 -D AP_SAFE_PATH="/bin:/usr/bin:/usr/local/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

A piece of httpd.conf:

[...]
ServerRoot "/usr/local/apache2"
User  nobody
Group nobody
ServerAdmin noc@vsi.ru
ServerName www.vsi.ru
UseCanonicalName Off
DocumentRoot /web/vhosting/www.vsi.ru
ScriptAlias /cgi-bin/ /web/vhosting/www.vsi.ru/cgi-bin/
<Directory "/">
    Options       Includes FollowSymLinks
    AllowOverride AuthConfig FileInfo Indexes Limit
    XBitHack      On
    Order         Allow,Deny
    Allow         From All
</Directory>
<Directory "/web/users">
    Options        IncludesNOEXEC
    AllowOverride  AuthConfig FileInfo Indexes Limit
    XBitHack       On
    Order          Allow,Deny
    Allow          From All
    php_admin_flag engine off
</Directory>
<Directory "/web/vhosting/www.vsi.ru">
    AllowOverride   All
    php_admin_value open_basedir /web/vhosting/www.vsi.ru/
    php_admin_flag  safe_mode off
</Directory>
Include conf/vhosts.conf
Include conf/vusers.conf
UserDir public_html
[...]

A piece of vhosts.conf:

NameVirtualHost 80.82.32.11:80
NameVirtualHost 80.82.32.11:443
<VirtualHost "80.82.32.11:80">
    ServerName      admin.test.velest.ru
    ServerAdmin     noc@vsi.ru
    DocumentRoot    /web/vhosting/admin.test.velest.ru
    ScriptAlias     /cgi-bin/ /web/vhosting/admin.test.velest.ru/cgi-bin/
    SuexecUserGroup bobrov web_bobrov
    php_admin_value open_basedir /web/vhosting/admin.test.velest.ru/
</VirtualHost>
[...]

A piece of vusers.conf:

ScriptAlias /~yegor/cgi-bin/ /web/users/yegor/public_html/cgi-bin/
<Directory "/web/users/yegor">
    Options Includes
    php_admin_flag  engine on
    php_admin_value open_basedir /web/users/yegor
</Directory>

Machine have two IP addresses on Ethernet interface: 80.82.32.11 and
80.82.32.14. 80.82.32.11 is for virtualhosting and 80.82.32.14 is for
www.vsi.ru site.

The problem: when I open URL http://www.vsi.ru/~yegor/cgi-bin/gb.cgi (for
example), Apache execute it as nobody/nobody permissions instead of user
permissions, and I can't see nothing about this in suexec_log. But when I
open open URL http://admin.test.velest.ru/cgi-bin/something.cgi, it's OK.

How can I resolve this ?

---
Oleg Derevenetz <oleg@vsi.ru> OOD3-RIPE
Phone: +7 (0732) 531789
Fax:   +7 (0732) 531415       http://www.vsi.ru
CenterTelecom Voronezh ISP    http://isp.vsi.ru



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message