httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: [users@httpd] small Suexec problem
Date Fri, 09 May 2003 14:16:24 GMT
* <ldg@ulysium.net> wrote:

> Update on my suexec situation, although having the x bit set and not the r
> on a folder doesn't prevent pwd to work, it seems not to be enough for
> suexec. I added the r bit back to other in all folders in the path to the
> script and the getcwd now works and lets the script run.
> This doesn't make sense to me, and it forces to do something I was trying to
> avoid, which is giving r-x to other, to prevent prying eyes and give each
> user as much privacy as possible.

As I've guessed. Well, at least we have the reason now archived here. :-)

> Also, when I set suexec up, I gave it a umask of 007 which isn't a problem
> because all users have their own separate group, but suexec reports a
> warning about this. No big deal, it's just a warning and it's not a security
> risk in this case. Is there any way to set the umask for suexec at runtime?

No. I'd recompile with 027.

> I really would prefer not to give r-x at least on the parent folder of the
> script folders, is there any way to do this?

Hmm, this is obviously a system problem. suexec can't do much in that case.
(just a note: on my linux box it works the way you wanted to go). You may
have luck in a true64 support forum, perhaps there are similar system calls,
so you can patch suexec. (If so, a note on the httpd-dev-list or here would
be fine, so we may consider a suexec change according to this point).

nd
-- 
$_=q?tvc!uif)%*|#Bopuifs!A`#~tvc!Xibu)%*|qsjou#Kvtu!A`#~tvc!KBQI!)*|~
tvc!ifmm)%*|#Qfsm!A`#~tvc!jt)%*|(Ibdlfs(~  # What the hell is JAPH? ;
@_=split/\s\s+#/;$_=(join''=>map{chr(ord(  #             André Malo ;
$_)-1)}split//=>$_[0]).$_[1];s s.*s$_see;  #  http://www.perlig.de/ ;

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message