[svlug] apache file permission wierdness
Alvin Oga
alvin at planet.fef.com
Sat Mar 17 20:31:01 PST 2001
hi ya...
its a bad idea ( imho ) to add nobody to any other user,group...
( defeats the purpose ?? )
to run cgi....
- make sure it has the same uid or gid of apache...
- make sure the directory that the cgi is located is
also "Options ExecCGI ... "
if oyu wanna manually run the cgi script...either own it...
or add yourself to the "web" group
c ya
alvin
> On Thu, 15 Mar 2001, Tim Pepper wrote:
>
> > I'm having some trouble with apache (running as nobody user and group)
> > when it comes to executing some cgi scripts and I'm really stumped as to why
> > this would be. I'd really appreciate if anybody might have some insight as to
> > what is happening...
> >
> > It's a bit convoluted scenario.
> >
> > My user is in the group foogroup. I (tpepper) own a file test.cgi whose
> > ownership is tpepper.foogroup and permissions 750. The nobody account has
> > been added to foogroup under the expectation that it gain access to run the
> > file via the group permission. This does not work though...the script is not
> > executed.
> >
> > The web server is able to execute scripts...same file same directory with
> > tpepper.tpepper ownership and mode o+rx set executes as expected. A simple
> > perl script outputting $< $> $( and $) shows that when the web server runs the
> > script:
>
> Apache only takes on the uid and gid you specify. It does not log in as
> those, hence it does not get the extra group permission you're trying to
> specify.
>
> Have you considered just using suexec? Makes things a lot easier for
> me...
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/mailman/listinfo/svlug
>
More information about the svlug
mailing list