httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jehan PROCACCIA <>
Subject [users@httpd] SuexecUserGroup command not in docroot
Date Wed, 08 Mar 2006 18:18:16 GMT
I am using apache 2.0.54 on an Fedora Core 4 system.
I want to allow my users to have personnal web pages by giving them a 
DNS entry and a virtual host associated whith their name, as many ISP do 
... ? (is that the way they do it ?)
I want them to be able to run cgi as themself.
Here my virtuahost config:

$ cat /etc/httpd/conf.d/jehan-procaccia.conf
LogLevel debug
SuexecUserGroup procacci mci
DocumentRoot /mci/mci/procacci/public_html
ErrorLog logs/
CustomLog logs/ common
<Directory /mci/mci/procacci/public_html/>
Options +ExecCGI
SetHandler cgi-script

When I go to I get 
"500 Internal server Error", apache logs says "Premature end of script 
headers: printenv.cgi" and suexec logs:
[2006-03-08 19:05:26]: uid: (14503/procacci) gid: (145/145) cmd: 
[2006-03-08 19:05:26]: command not in docroot 

user's procacci homedir is /mci/mci/procacci/, systems nss do recognize 
that user:
$ id procacci
uid=14503(procacci) gid=145(mci) groupes=145(mci)
the printenv.cgi is owned by the and executable:
$ ls -al /mci/mci/procacci/public_html/cgi/printenv.cgi
-rwxr-xr-x  1 procacci mci 605 jan 12 16:24 

What is wrong ?


PS: at yhe end of, is is said:
 Hierarchy limitations
For security and efficiency reasons, all suEXEC requests must remain 
within either a top-level document root for virtual host requests, or 
one top-level personal document root for userdir requests. For example, 
if you have four VirtualHosts configured, you would need to structure 
all of your VHosts' document roots off of one main Apache document 
hierarchy to take advantage of suEXEC for VirtualHosts. (Example 

But I don't really understand it !, shoudl my cgi be in the root of my 
homedir and not in a cgi subdir ? I tried that with no success :-(
$ suexec -V
 -D AP_DOC_ROOT="/var/www"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="apache"
 -D AP_LOG_EXEC="/var/log/httpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=500
 -D AP_USERDIR_SUFFIX="public_html"

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message