trouble with suexec

[Aaron Bliss]

Hi all,

I have a redhat 5 ES box that I'm having trouble with.  Out of the box,
redhat 5 will not allow users with a uid < 500 to login.  I modified the
/etc/pam.d/system-auth file to work around this:

Original : auth        requisite     pam_succeed_if.so uid >= 500 quiet

Modified: auth        requisite     pam_succeed_if.so uid >= 100 quiet

I had to make this change, as the box is authenticating against our ldap
environment, and there are a few users that have uid's less than 500.  So,
for things such as ssh interactive logins, all is okay.  I'm now running
into a problem in which httpd is not letting seemingly the same group of
users execute cgi's from their home directories.  I've modified cat
/etc/httpd/conf/httpd.conf to allow for the execution of cgi's from users
home directories.  For users with a uid greater than 500, cgi's execute as
expected.  For users with a uid less than 500, the cgi doesn't execute and
the following is logged in /var/log/httpd/suexec.log:

cannot run as forbidden uid (402/hello.cgi)

 

Any ideas how I can modify the behavior to allow uid's < 500 to run cgi's?
If not, how do I disable suexec from loading?  I would rather not re-compile
this, as I prefer to use yum to keep the box patched and from what I've
read, suexec does add some extended security to httpd.  Thanks.

 

Aaron