trouble with suexec
Aaron Bliss
abliss at brockport.edu
Mon Aug 18 17:36:53 UTC 2008
Hi all,
I have a redhat 5 ES box that I'm having trouble with. Out of the box,
redhat 5 will not allow users with a uid < 500 to login. I modified the
/etc/pam.d/system-auth file to work around this:
Original : auth requisite pam_succeed_if.so uid >= 500 quiet
Modified: auth requisite pam_succeed_if.so uid >= 100 quiet
I had to make this change, as the box is authenticating against our ldap
environment, and there are a few users that have uid's less than 500. So,
for things such as ssh interactive logins, all is okay. I'm now running
into a problem in which httpd is not letting seemingly the same group of
users execute cgi's from their home directories. I've modified cat
/etc/httpd/conf/httpd.conf to allow for the execution of cgi's from users
home directories. For users with a uid greater than 500, cgi's execute as
expected. For users with a uid less than 500, the cgi doesn't execute and
the following is logged in /var/log/httpd/suexec.log:
cannot run as forbidden uid (402/hello.cgi)
Any ideas how I can modify the behavior to allow uid's < 500 to run cgi's?
If not, how do I disable suexec from loading? I would rather not re-compile
this, as I prefer to use yum to keep the box patched and from what I've
read, suexec does add some extended security to httpd. Thanks.
Aaron
More information about the redhat-list
mailing list