httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Goggan <>
Subject [users@httpd] Proper config for suexec and maintain chroot'ed FTP?
Date Wed, 09 Nov 2005 14:09:42 GMT

I recently went from Apache v1.x to v2.0.54.  Most things went fine, but I am 
having trouble finding the proper way to configure things for suexec support 
while still maintaining the filesystem the way I would like it.

As an example, say I host acmecorp.dom as a virtual host and they want to run 
their own CGI scripts.  Under Apache v1.x, I configured them as follows:

1. I used "User acme" and "Group acme" directives in the httpd.conf.
2. I had their DocumentRoot set to /home/acme/web.
3. Their CGI scripts were in /home/acme/web/cgi-bin.
4. I had them set up so that FTPd kept them chroot'ed to /home/acme.

This worked well.

I seem unable to find a way to do the same thing properly under Apache v2.0 
with suexec2's requirement that the files be in the docroot.  It does not use 
the docroot of the virtual host -- but uses the default/main docroot of /var/www.

I tried doing a symlink from /var/www/acme to /home/acme/web, but suexec2 
still considers the final script to be in /home/acme/web/cgi-bin (not 
/var/www/acme/cgi-bin) and therefore considers it "not in docroot."

I could move acme's entire web directory to /var/www/acme, of course, and then 
suexec would be happy -- but then it makes it more difficult to chroot them to 
their home directory via FTP and such -- so I end up with permission errors on 
the other side.

Is there a way to do this properly and make it work -- leaving the actual 
files in their home directory?

A couple notes:

1. I do this for multiple virtual hosts with different accounts -- so I 
couldn't find a way to override suexec's docroot for each one individually.

2. I don't want these to be ~acme type sites, so I don't think suexec's "user 
home directory" support will do what I want, right?

Thanks for thoughts/suggestions/tips/solutions!  :)

  - John Goggan

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message