Global cgi

rldev

Verified User
Joined
May 26, 2004
Messages
1,003
I have a question I need an awser to. So I will just use an example:

I have a global cgi bin

in this bin I have a script

script has permissions 4755 (setuid)

If I now access this script form my domain I get an internal server error(suexec error really)

However, if I comment out username and group in my apache config for my domain, the script runs.

So the question now is, what user/group is one running as if they remove user/group directives in the httpd.conf?

I
 
I think apache:apache is the default, could be wrong. If this is the cgi-bin directory that's located in your /home/username/public_html directory, then you chould chmod that 755 and chown it user:user

I'm not exactly sure how your global cgi-bin works, since I don't think thats how DirectAdmin configures it by default. Unless you mean /cgi-bin
Have you tried it in your home directory if that's the case?
 
No this is a server wide bin located in var/www/cgi-bin

If I remove the user/group in the httpd.conf it works with the cgi being setuid.

I assumed that it would run as apache/apache when I comment out the /user/group. But when I changed this info to apache/apache, it didn't work.

I really just want to know what user/group it is running as.
 
Search your httpd.conf for the following:

#ScriptAlias /cgi-sbin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-sbin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>

Uncomment the #ScriptAlias and you should be able to access your systemwide CGI-BIN directory with /cgi-sbin/

Of course there will be the typical ramifications of suexec and everything there will be running/writing as apache:apache. Chances are great that if running as apache outside of the suexec root that you will have problems writing to files in the user roots if that is what you are after.

If you want true sandbox ability you will have to hack the fp-suexec-patch and add an exclusion in the line that allows the frontpage executable to run without suexec involvement. I just add in my sandbox utilities, repatch and make install. Works great.

Big Wil
 
Back
Top