httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Wiltshire <n...@customdesigns.ca>
Subject Re: [users@httpd] suExec & vhost problem
Date Wed, 09 Jul 2008 13:45:23 GMT
On July 8, 2008 06:30:01 pm Res wrote:
> On Tue, 8 Jul 2008, Nick Wiltshire wrote:
> > Hi list,
> >
> > I'm trying to set up suExec with virtual hosts, and I am either going
> > about this all wrong, or I have found a bug.
> >
> > Given the following vhost:
> >
> > <VirtualHost *:80>
> > 	SuexecUserGroup example.org example.org
>
> So long as your user is called example.org, thats fine, however the group
> should be the user  apache runs as
>

Why is that? 

> > The virtual hosts will obviously run as their own user, in their home
> > directory (/home/tld).
> >
> > The line in question is the ScriptAlias line. If I use a full path like:
> >
> > ScriptAlias /php5 /home/example.org/cgi-bin/php
> >
> > suExec fails saying it's outside of the docroot. I believe this is
> > correct behavior, though it would be nice if suExec knew
> > /home/example.org is the same as ~
> >
> > Where it gets buggy is if I have it as in the example:
> >
> > ScriptAlias /php5 ~/cgi-bin/php
> >
> > Now suExec is happy, but Apache (incorrectly, IMO) prepends ServerRoot
> > and cuts off all but the tilde. PHP scripts throw a 403 and In my log I
> > get:
>
> Why not just set /home as the suexec-docroot  Since your allowing
> /home/%domains% to use it anyway.
>

As explained, I have an app in /opt/ccp I want to keep there, and am using 
docroot for that.

> > Does anyone know how I can achieve this? I'm running Apache 2.2.9 on a
> > Gentoo box.
> >
> > Thanks,
> > Nick
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message