CGI issues

GITK Services

Verified User
Joined
Mar 8, 2004
Messages
37
Location
Lancashire, UK
I had a problem with one of my servers and customers which had me banging my head against the desk for a good 2 days. He was trying to install MovableType (a set of Perl CGI scripts), using a .htaccess for Options +ExecCGI and the correct chmod'd files. Whatever I did, I was getting Error 500's, yet it worked perfectly on other people's users as a rule. Eventually managed to trace it back to a suexec error, which was complaining about a user/directory mismatch (the directory was owned by the user, with the apache group, and it wanted both to be the user). Changing the owner of the directory to the user / the user's group solved the issue, but can most users do this, without shell access? I really don't want to give SSH to all my users for it. It ended up set to 0755 on permissions, although it'd also been 775 before, to no effect.

My questions therefore boil down to this:
1: How do I stop this happening in the future, without having to manually chown?
2: Why did it work in one user, but not another (or more precisely, why did one get initialised one way, and one another)?

Cheers,
Richard.
 

jmstacey

Verified User
Joined
Feb 12, 2004
Messages
4,107
Location
Colorado
The cgi bin should have the correct ownership permissions in the beginning but sometimes it gets changed, either by a user or script accidentally. The reason it worked for some but not for this one, was probably because they didn't change its ownership. By default the cgi bin is created with username:username ownsership.

I don't think the File manager allows you to change group permissions. Perhaps a feature request? Users might be able to do it using ftp, which might be how it got changed in the first place.....
 

GITK Services

Verified User
Joined
Mar 8, 2004
Messages
37
Location
Lancashire, UK
Checked with the user, he's pretty advanced, although he didn't have a clue how to change the group in the first place. As I said though, it wasn't in cgi-bin, was a seperate directory that had been .htaccess'd to allow Perl CGIs to run. One thing I did notice was that the public_html directory was also user:apache owned, and changing THAT to user:user made Apache 403 everything (as it couldn't access it at all)...

Maybe an "enable CGI scripts in this directory" feature would be good for the file manager, which could check group ownership too for suexec...
 

chaser010

Verified User
Joined
Sep 12, 2006
Messages
13
Same Problem

Whenever a user uploads a cgi, pl script, I would have to chown user:group ( with group the same as the username ) the file before it would work. By default the system set the permissions to luke:users and I want it to be luke:luke by default. This is ok, because each time he only has to overwrite this file and it will still be working. BUT - If a new file is uploaded it won't work.

How can I solve this issue? I guess one will have to change the group for the specific FTP account?
 
Last edited:

xemaps

Verified User
Joined
Apr 13, 2006
Messages
430
Location
Europe
have you tried Httpd.conf Customization ?

php_admin_value safe_mode_exec_dir /some/dir


sample for safe_mode_off (best choise)
 

chaser010

Verified User
Joined
Sep 12, 2006
Messages
13
Still not working

Thank you for your reply.
I have tried that, but it is still not working.

I have found the following error under: /var/log/httpd/suexec_log
=============================================
[2006-09-13 08:34:58]: info: (target/actual) uid: (actinic/actinic) gid: (actinic/actinic) cmd: ss000001.pl
[2006-09-13 08:34:58]: error: target uid/gid (740/739) mismatch with directory (740/739) or program (740/100)
=============================================

I have tried setting this, but still unsuccessful.
uid=740actinic gid=740actinic groups=740actinic

Any ideas?
 
Top