The file /var/log/httpd/access_log is owned by root, but that's not the problem. I have other files owned by root that are in the /var/www/html directory and CGI scripts can read those with no problem (because they are world-*readable*, just like /var/log/httpd/access_log is). The problem is that apparently CGI scripts cannot open any files for reading that are located outside of /var/www . How can I change this setting so that the CGI scripts can also access files in /var/log/httpd ?
The other option would be to set the CGI script to run as setuid. This is how I've gotten this to work on some other dedicated machines. But on this machine, the setuid bit is not honored and setuid scripts still run as nobody. If anybody can tell me how to change this setting so that the setuid bit is honored, that will work too.
(Every time I ask about that, a bunch of people tell me that "running setuid scripts is a security hole". But nobody can ever say exactly why -- if a CGI script doesn't accept any input and only does what I've programmed it to do, then what difference does it make if a stranger invokes it as root? It just does the same thing as when I run it as root. So if you know how to change the system-wide setting to make setuid scripts run as root, that would be ideal.)
-Bennett bennett@xxxxxxxxxxxxx http://www.peacefire.org (425) 497 9002 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|