Re: suExec & vhost problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On July 8, 2008 06:30:01 pm Res wrote:
> On Tue, 8 Jul 2008, Nick Wiltshire wrote:
> > Hi list,
> >
> > I'm trying to set up suExec with virtual hosts, and I am either going
> > about this all wrong, or I have found a bug.
> >
> > Given the following vhost:
> >
> > <VirtualHost *:80>
> > 	SuexecUserGroup example.org example.org
>
> So long as your user is called example.org, thats fine, however the group
> should be the user  apache runs as
>

Why is that? 

> > The virtual hosts will obviously run as their own user, in their home
> > directory (/home/tld).
> >
> > The line in question is the ScriptAlias line. If I use a full path like:
> >
> > ScriptAlias /php5 /home/example.org/cgi-bin/php
> >
> > suExec fails saying it's outside of the docroot. I believe this is
> > correct behavior, though it would be nice if suExec knew
> > /home/example.org is the same as ~
> >
> > Where it gets buggy is if I have it as in the example:
> >
> > ScriptAlias /php5 ~/cgi-bin/php
> >
> > Now suExec is happy, but Apache (incorrectly, IMO) prepends ServerRoot
> > and cuts off all but the tilde. PHP scripts throw a 403 and In my log I
> > get:
>
> Why not just set /home as the suexec-docroot  Since your allowing
> /home/%domains% to use it anyway.
>

As explained, I have an app in /opt/ccp I want to keep there, and am using 
docroot for that.

> > Does anyone know how I can achieve this? I'm running Apache 2.2.9 on a
> > Gentoo box.
> >
> > Thanks,
> > Nick
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> >   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux