httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jehan PROCACCIA <Jehan.Procac...@int-evry.fr>
Subject [users@httpd] SuexecUserGroup command not in docroot
Date Wed, 08 Mar 2006 18:18:16 GMT
Hello,
I am using apache 2.0.54 on an Fedora Core 4 system.
I want to allow my users to have personnal web pages by giving them a 
DNS entry and a virtual host associated whith their name, as many ISP do 
... ? (is that the way they do it ?)
I want them to be able to run cgi as themself.
Here my virtuahost config:

$ cat /etc/httpd/conf.d/jehan-procaccia.conf
<VirtualHost jehan-procaccia.int-evry.fr:80>
LogLevel debug
SuexecUserGroup procacci mci
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /mci/mci/procacci/public_html
ServerName jehan-procaccia.int-evry.fr
ErrorLog logs/jehan-procaccia.int-evry.fr-error_log
CustomLog logs/jehan-procaccia.int-evry.fr-access_log common
<Directory /mci/mci/procacci/public_html/>
Options +ExecCGI
SetHandler cgi-script
</Directory>

When I go to http://jehan-procaccia.int-evry.fr/cgi/printenv.cgi I get 
"500 Internal server Error", apache logs says "Premature end of script 
headers: printenv.cgi" and suexec logs:
[2006-03-08 19:05:26]: uid: (14503/procacci) gid: (145/145) cmd: 
printenv.cgi
[2006-03-08 19:05:26]: command not in docroot 
(/mci/mci/procacci/public_html/cgi/printenv.cgi)

user's procacci homedir is /mci/mci/procacci/, systems nss do recognize 
that user:
$ id procacci
uid=14503(procacci) gid=145(mci) groupes=145(mci)
the printenv.cgi is owned by the users.group and executable:
$ ls -al /mci/mci/procacci/public_html/cgi/printenv.cgi
-rwxr-xr-x  1 procacci mci 605 jan 12 16:24 
/mci/mci/procacci/public_html/cgi/printenv.cgi

What is wrong ?

Thanks.

PS: at yhe end of http://httpd.apache.org/docs/2.0/suexec.html, is is said:
 Hierarchy limitations
For security and efficiency reasons, all suEXEC requests must remain 
within either a top-level document root for virtual host requests, or 
one top-level personal document root for userdir requests. For example, 
if you have four VirtualHosts configured, you would need to structure 
all of your VHosts' document roots off of one main Apache document 
hierarchy to take advantage of suEXEC for VirtualHosts. (Example 
forthcoming.)

But I don't really understand it !, shoudl my cgi be in the root of my 
homedir and not in a cgi subdir ? I tried that with no success :-(
$ suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=500
 -D AP_USERDIR_SUFFIX="public_html"




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message