[TriLUG] Apache question: su_exec and group permissions
Michael Donaghy
michael at donaghy.org
Fri May 30 14:41:40 EDT 2003
On Fri, 2003-05-30 at 13:36, Jeremy Portzer wrote:
> Hello,
>
> I like to use Apache's su_exec feature to allow folks CGI access with as
> much security as possible. (Yes, CGI access at all is a security
> problem of some degree, I understand that.) However, su_exec always
> fails when the CGI directory has group write permissions. Changing the
> permissions to 755 for the directories and CGI files fixes this, but I
> need the permissions to be 775.
>
> Is there any way to configure su_exec to allow group write permissions?
> --Jeremy
Jeremy,
It has been a while since I've coded in C, but I'd hazard a guess that
around line 552 of support/suexec.c in the 2.0.46 distribution is what
you're looking for. I don't exactly see anything to pass to "configure"
though.
/*
* Error out if cwd is writable by others.
*/
if ((dir_info.st_mode & S_IWOTH) || (dir_info.st_mode & S_IWGRP)) {
log_err("directory is writable by others: (%s)\n", cwd);
exit(116);
}
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030530/d5a29140/attachment.pgp>
More information about the TriLUG
mailing list