Re: suExec & vhost problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 8 Jul 2008, Nick Wiltshire wrote:


Hi list,

I'm trying to set up suExec with virtual hosts, and I am either going about
this all wrong, or I have found a bug.

Given the following vhost:

<VirtualHost *:80>
	SuexecUserGroup example.org example.org
So long as your user is called example.org, thats fine, however the group should be the user apache runs as 



The virtual hosts will obviously run as their own user, in their home
directory (/home/tld).

The line in question is the ScriptAlias line. If I use a full path like:

ScriptAlias /php5 /home/example.org/cgi-bin/php

suExec fails saying it's outside of the docroot. I believe this is correct
behavior, though it would be nice if suExec knew /home/example.org is the
same as ~

Where it gets buggy is if I have it as in the example:

ScriptAlias /php5 ~/cgi-bin/php

Now suExec is happy, but Apache (incorrectly, IMO) prepends ServerRoot and
cuts off all but the tilde. PHP scripts throw a 403 and In my log I get:
Why not just set /home as the suexec-docroot Since your allowing /home/%domains% to use it anyway. 




Does anyone know how I can achieve this? I'm running Apache 2.2.9 on a Gentoo
box.

Thanks,
Nick

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



--
Cheers
Res
	--- Usenet policy, and why I might ignore you ---
1/ GoogleGroups are UDP'd on my nntp server. If you use them, don't
   waste your time or energy replying to me.

2/ If only cleanfeed filtered out trolls as well as spam, usenet would be
   a nicer place.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux