Hi folks,
I want to configure my Apache 2.0.54 so support a personalised cgi bin,
specifically so that I can use the DirectoryIndex directive.
I have the usual public_html definition:
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options +Indexes
DirectoryIndex /WHATGOESHERE/mycgi/index.cgi
</Directory>
and an entry to configure the the personal mycgi directory:
<Directory /home/*/public_html/mycgi>
AllowOverride None
Options +ExecCGI
</Directory>
The CGI is executing when invoked as
http://localhost/~me/mycgi/index.cgi
but my question is, what do I need to put into that DirectoryIndex directive
to make this work? I have shown it can work when I put
DirectoryIndex /~me/mycgi/index.cgi
But of course it will only work for me, not for any other users.
Reasons I'm heading down this path:
The DirectoryIndex directive seems to have a number of weaknesses:
Firstly, to make it work with a script in the generic /cgi-bin I was advised
to get around the harsh SuEXEC rules by removing the SUID bit
from /usr/sbin/suexec2 executable. However every time I restart apache, the
damn thing keeps putting the SUID bit back. I am getting tired of manually
clearing the SUID bit from that executable, and feel it would be easier to
just live with the conditions Apache seems to be (rein)forcing at startup.
Therefore to make DirectoryIndex work the script must be within the users
public_html tree - according to rule 13 for SUEXEC. This is why I need to
parameterise the DirectoryIndex directive.
DirectoryIndex seems to run the CGI script within the cgi bin directory, NOT
in the directory you are getting indexed! This effect is particularly
ridiculous, since all you achieve is an index listing of your CGI
directory. STUPID! Perhaps there's some sensible reason for this when using
general SUEXEC, but surely the DirectoryIndex statement needs to be
adjusted to do something that might actually be useful for it's stated
purpose. Fortunately I have managed to get around this by abusing the
$REQUEST_URI and mapping it backwards through /etc/passwd for the home
directory (and making a huge assumption about what the public_html
directory will be)
I installed Apache from the SuSE install disks because I figured it was time
to learn to live with default configurations (previously I built it from
source) so I can't stick to this principle if I'm going to recompile
Apache. What's a more effective way of disabling the SUID part of SUEXEC
without fiddling the mode bits every time? If I can stop the SUID part of
SUEXEC's work, then I could go back to using the script from the top
cgi-bin.
--
This email is from Civica Pty Limited and it, together with any
attachments, is confidential to the intended recipient(s) and
the
contents may be legally privileged or contain proprietary and
private information. It is intended solely for the person to
whom
it is addressed. If you are not an intended recipient, you may
not
review, copy or distribute this email. If received in error,
please
notify the sender and delete the message from your system
immediately. Any views or opinions expressed in this email and
any
files transmitted with it are those of the author only and may
not
necessarily reflect the views of Civica and do not create any
legally binding rights or obligations whatsoever. Unless
otherwise
pre-agreed by exchange of hard copy documents signed by duly
authorised representatives, contracts may not be concluded on
behalf of Civica by email. Please note that neither Civica nor
the
sender accepts any responsibility for any viruses and it is your
responsibility to scan the email and the attachments (if any).
All
email received and sent by Civica may be monitored to protect
the
business interests of Civica.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|