httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Clarke <acla...@civica.com.au>
Subject [users@httpd] howto configure parameterised personal cgi bin
Date Mon, 10 Oct 2005 06:17:20 GMT

Hi folks,

I want to configure my Apache 2.0.54 so support a personalised cgi bin, 
specifically so that I can use the DirectoryIndex directive.

I have the usual public_html definition:

    <Directory /home/*/public_html>
        AllowOverride FileInfo AuthConfig Limit Indexes
        Options +Indexes
        DirectoryIndex /WHATGOESHERE/mycgi/index.cgi
    </Directory>

and an entry to configure the the personal mycgi directory:

    <Directory /home/*/public_html/mycgi>
        AllowOverride None
        Options +ExecCGI
    </Directory>

The CGI is executing when invoked as

    http://localhost/~me/mycgi/index.cgi

but my question is, what do I need to put into that DirectoryIndex directive 
to make this work? I have shown it can work when I put

        DirectoryIndex /~me/mycgi/index.cgi

But of course it will only work for me, not for any other users.

Reasons I'm heading down this path:

The DirectoryIndex directive seems to have a number of weaknesses:

Firstly, to make it work with a script in the generic /cgi-bin I was advised 
to get around the harsh SuEXEC rules by removing the SUID bit 
from /usr/sbin/suexec2 executable. However every time I restart apache, the 
damn thing keeps putting the SUID bit back. I am getting tired of manually 
clearing the SUID bit from that executable, and feel it would be easier to 
just live with the conditions Apache seems to be (rein)forcing at startup.

Therefore to make DirectoryIndex work the script must be within the users 
public_html tree - according to rule 13 for SUEXEC. This is why I need to 
parameterise the DirectoryIndex directive.

DirectoryIndex seems to run the CGI script within the cgi bin directory, NOT 
in the directory you are getting indexed! This effect is particularly 
ridiculous, since all you achieve is an index listing of your CGI 
directory. STUPID! Perhaps there's some sensible reason for this when using 
general SUEXEC, but surely the DirectoryIndex statement needs to be 
adjusted to do something that might actually be useful for it's stated 
purpose. Fortunately I have managed to get around this by abusing the 
$REQUEST_URI and mapping it backwards through /etc/passwd for the home 
directory (and making a huge assumption about what the public_html 
directory will be)

I installed Apache from the SuSE install disks because I figured it was time 
to learn to live with default configurations (previously I built it from 
source) so I can't stick to this principle if I'm going to recompile 
Apache. What's a more effective way of disabling the SUID part of SUEXEC 
without fiddling the mode bits every time? If I can stop the SUID part of 
SUEXEC's work, then I could go back to using the script from the top 
cgi-bin.

-- 
This email is from Civica Pty Limited and it, together with any 
attachments, is confidential to the intended recipient(s) and 
the 
contents may be legally privileged or contain proprietary and 
private information. It is intended solely for the person to 
whom 
it is addressed. If you are not an intended recipient, you may 
not 
review, copy or distribute this email. If received in error, 
please 
notify the sender and delete the message from your system 
immediately. Any views or opinions expressed in this email and 
any 
files transmitted with it are those of the author only and may 
not 
necessarily reflect the views of Civica and do not create any 
legally binding rights or obligations whatsoever. Unless 
otherwise 
pre-agreed by exchange of hard copy documents signed by duly 
authorised representatives, contracts may not be concluded on 
behalf of Civica by email. Please note that neither Civica nor 
the 
sender accepts any responsibility for any viruses and it is your 
responsibility to scan the email and the attachments (if any). 
All 
email received and sent by Civica may be monitored to protect 
the 
business interests of Civica. 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message