[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: apache suEXEC wrapper on 7.2



Thanks, i guess im a little confused, what i needed to do is
have some virtual ip web servers run with a different user / group
than the web user / group apache apache for those virtual spots
only.

The problem im trying to over come is some of our developers
do cgi send mail and in the cg'is they use send mail and the
mail bounces it then gets returned to the apache user in to term me.

So its hard to say where it came from or who was responsible for
not setting the return address in when they open sendmail.
Its more of a concern if i am trying to track one of our develops
that did something bad in a cgi via there virtual web account.

So i thought setting up a user / group of there own in apache
would do the job so i ended up trying to use  suexe. But could not
get it to work and the suexe gets and error about the cgi
"error: command not in docroot" so i guess suexe expects
the html & cgi in the same directory. not as we usually
have in html dir and the cgi-bin parent of it.

Again thanks to all of you for your feed back this is a great group ;)

At 09:48 AM 2/1/2002 +1100, you wrote:
On 00:42 31 Jan 2002, Stephen White <stephen sysconi com> wrote:
| Would anyone know is Redhat 7.2 Apache has the suexec in it

It does, see /usr/sbin/suexec.

| i tried  to set a virtual server with a different group user and the
| cgi's fail.

That'd be "CGIs".

Anyway, suexec has the expected Apache user and group hardwired into it.
Changing the user and group of the APache server _will_ stop it working
because it will infer that's it's being invoked by someone who isn't
the web server, which would be a security violation. This should be
being logged in one of apache's logs, btw.

| If i change the user / group outside the virtual tags it changes
| the user / group fine for the total web server

Yes.

| , that what makes me wonder if it is compile with apache.

Yes.

Your only fix is to either turn off suexec (just move it sideways
to, say, /usr/sbin/suexec.disabled - and "chmod 0" it for safety),
or to recompile it with the new user/group settings.
--
Cameron Simpson, DoD#743        cs zip com au    http://www.zip.com.au/~cs/

I hate to advocate drugs, alcohol, violence, or insanity to anyone, but
they've always worked for me.   - Hunter S. Thompson



_______________________________________________
Seawolf-list mailing list
Seawolf-list redhat com
https://listman.redhat.com/mailman/listinfo/seawolf-list





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]