httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zachary Palmer <zep_apache_httpd_l...@bahj.com>
Subject [users@httpd] UserDir + Alias = suexec not being invoked
Date Wed, 24 Aug 2011 17:09:20 GMT
All,

I have an Apache HTTPD instance I am trying to configure for a fairly
small group of users.  We're using mod_userdir and mod_suphp to ensure
that user scripts are run as the users themselves rather than as the www
user.

My objective is to configure the website in such a way that certain
distinguished portions of the site can be made easier to access.  For
instance, I would like

      http://mysite.com/~foouser/barsite

to be equivalent to

      http://mysite.com/bazsite

To this end, we have the following subset of configuration:

<VirtualHost *:80>
<Directory/var/www/>
              Options Indexes FollowSymLinks MultiViews ExecCGI Includes
              AllowOverride None
              Order allow,deny
              allow from all
</Directory>
<Directory/home/*/public_html>
              Options ExecCGI MultiViews Indexes SymLinksIfOwnerMatch
IncludesNoExec
              AllowOverride All
<Limit GET POST OPTIONS>
                  Order allow,deny
                  allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
                  Order deny,allow
                  deny from all
</LimitExcept>
              Order allow,deny
              allow from all
</Directory>
          Alias /bazsite /home/foouser/public_html/barsite
          UserDir public_html
          UserDir disabled root
          # ... more stuff here ...
</VirtualHost>

Unfortunately, this does not permit suexec to do its job; in fact, it
seems that suexec is never used.  A script
/home/foouser/public_html/barsite/test.py is executed correctly if
accessed via the URL

      http://mysite.com/~foouser/barsite/test.py

but, when accessed via the URL

      http://mysite.com/bazsite/test.py

the script runs as the www user rather than as foouser.  I would not
have expected this, since it doesn't meet my intuitions about aliasing.

Clearly, these alias directories need not be generative; they will be
assigned on a case-by-case basis.  Does anyone know how I would express
to Apache that scripts in a specific subdirectory (recursively downward,
of course) should always be executed by suexec to a given user?

Thanks!

Zach


Mime
View raw message