Very Computer

by **Ioannis Rizo** » Wed, 08 Dec 1999 04:00:00

I try to execute cgi scripts as a normal user. They work fine but they
refuse to write to a user directory if this is
not world writable or own by the apache user (wwwrun). They also refuse
to execute if they are not world readable
and executable.
I have suexec running and the relevant part of httpd.conf file is

ScriptAlias /user/cgi-bin/ "/home/user/public_html/cgi-bin/"
AddHandler cgi-script .cgi
<Directory "/home/user/public_html/cgi-bin">
AllowOverride None
Options +ExecCGI -FollowSymLinks
Order allow,deny
Allow from all
</Directory>

I would appreciate any help.
Regards
I. Rizos

by **Kurt J. Lanz** » Thu, 09 Dec 1999 04:00:00

> I try to execute cgi scripts as a normal user. They work fine but they
> refuse to write to a user directory if this is
> not world writable or own by the apache user (wwwrun). They also refuse
> to execute if they are not world readable
> and executable.
> I have suexec running and the relevant part of httpd.conf file is

> ScriptAlias /user/cgi-bin/ "/home/user/public_html/cgi-bin/"
> AddHandler cgi-script .cgi
> <Directory "/home/user/public_html/cgi-bin">
> AllowOverride None
> Options +ExecCGI -FollowSymLinks
> Order allow,deny
> Allow from all
> </Directory>

The Apache server runs as a particular user with a
particular group id. For a cgi to execute, it must be
executable by that user. For a CGI to create a file, it
must be creating in a directory which is writeable by
that user or group. That's how unix works. Arrange your
permissions accordingly.

by **Bill Mosele** » Thu, 09 Dec 1999 04:00:00

Quote:> The Apache server runs as a particular user with a
> particular group id. For a cgi to execute, it must be
> executable by that user.

There's a case where that's not exactly correct, from what I've seen.

Say you start Apache non-root, say, user moseley.

If you have static files (.html, .jpg) owned by moseley, they can be
served with permissions as 400 as expected.

Now, for a CGI owned by user moseley you would expect that to execute
you would need permissions 500. That doesn't work. You need 501.

I'm not sure if that's a bug or by design.

If you start Apache as root, but set User moseley then it will execute
with 500 permissions.

This has only been tested on 1.3.9 and Sun 2.6.

--

pls note the one line sig, not counting this one.

by **David Efflan** » Tue, 14 Dec 1999 04:00:00

>I try to execute cgi scripts as a normal user. They work fine but they
>refuse to write to a user directory if this is
>not world writable or own by the apache user (wwwrun). They also refuse
>to execute if they are not world readable
>and executable.
>I have suexec running and the relevant part of httpd.conf file is

Apparently your suexec is not running properly. If it was the following
CGI script would show the directory owner's name instead of 'nobody' (or
whoever the webserver is running as).

#!/bin/sh
echo "Content-type: text/plain"
echo ""
echo "This script is running as user:"
/usr/bin/whoami

Also if suexec is working properly a CGI script can run with 700
permission and be able to read and write files with 600 permission. You
also should not have any trouble creating files in a dir with 755
permission. What do your suexec_log and error_log say?

Quote:>ScriptAlias /user/cgi-bin/ "/home/user/public_html/cgi-bin/"
>AddHandler cgi-script .cgi
><Directory "/home/user/public_html/cgi-bin">
> AllowOverride None
> Options +ExecCGI -FollowSymLinks
> Order allow,deny
> Allow from all
></Directory>

>I would appreciate any help.
>Regards
>I. Rizos

--

http://www.de-srv.com/ http://cgi-help.virtualave.net/
http://thunder.prohosting.com/~cv-elgin/

Very Computer

Problem running CGI scripts ar a user (not root)

Problem running CGI scripts ar a user (not root)

Problem running CGI scripts ar a user (not root)

Problem running CGI scripts ar a user (not root)

Problem running CGI scripts ar a user (not root)