From nobody@hyperreal.com Wed Jun 4 14:04:36 1997 Received: (from nobody@localhost) by hyperreal.com (8.8.5/8.8.5) id OAA10744; Wed, 4 Jun 1997 14:04:36 -0700 (PDT) Message-Id: <199706042104.OAA10744@hyperreal.com> Date: Wed, 4 Jun 1997 14:04:36 -0700 (PDT) From: Bryan Murphy Reply-To: bryan@hcst.com To: apbugs@hyperreal.com Subject: Apache passes wrong value to suEXEC in regards to virtual hosts. X-Send-Pr-Version: 3.2 >Number: 675 >Category: suexec >Synopsis: Apache passes wrong value to suEXEC in regards to virtual hosts. >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Jun 4 14:10:01 1997 >Last-Modified: Sun Jul 20 23:06:16 PDT 1997 >Originator: bryan@hcst.com >Organization: >Release: 1.2b11 >Environment: Linux 2.0.27 gcc 2.7.2 Apache 1.2b11 >Description: We are attempting to use suEXEC on the latest version of Apache. I setup all the files, compiled it, set our virtual hosts, and the permissions. Created a directory off of the virtual hosts directory with a file. /home/web/systran/public_html/cgi/message.cgi and on my directory: /home/hcst/bryan/public_html/cgi-bin/message.cgi Calling message.cgi from my directory works fine, but not from www.systran.com (which is our virtual host). The virtual host directive has the User and Group options set in it. So, after much hair tearing, I took a look at what suEXEC is doing. It seems that apache is calling suEXEC as such: (http://www.hcst.com/~bryan/) suexec ~bryan hcst blah blah blah and (http://www.systran.com/) suexec systran web blah blah blah The problem is that suEXEC checks for the ~ at the beginning of the user name to determine wether it is off the users root or the main webs root. Obviously, since Apache is not passing systran as ~systran, suEXEC is not recognizing this user as a sub user and is trying to find the file in the main web's root. I haven't traced this into apache yet to know exactly why apache is doing this. I'm going to do that tomorrow. I'll should be able to provide more insight tomorrow. >How-To-Repeat: Not any real way I can think of off hand except by setting up a virtual host and trying to use suEXEC on it. >Fix: Take a look in apache. The problem appears to be that apache is passing an inconsistent value to suEXEC >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Sun Jul 20 23:06:16 PDT 1997 State-Changed-Why: (yes, this is an old PR. Sorry it wasn't dealt with sooner). This is the way suexec is supposed to work. There is now some documentation that should say something like that. If you use virtualhosts, they all have to be under the same directory because they are _not_ treated like ~user requests. >Unformatted: