>Number: 341 >Category: suexec >Synopsis: Server not running as user specified in User directive in ><VirtualHost> >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache (Apache HTTP Project) >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Apr 9 13:30:01 1997 >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.2b8 >Environment: Linux lobos 2.0.29 #2 Sat Mar 15 22:10:23 PST 1997 i586 gcc version 2.7.2 >Description: According to the docs, "The User directive sets the userid as which the server will answer requests." I have a virtual server with the following configuration:
<VirtualHost 206.40.79.20> ServerName www.ender.org User hudson ServerAdmin [EMAIL PROTECTED] DocumentRoot /www/docs/www.ender.org ScriptAlias /cgi-bin/ /www/cgi-bin/hudson/ TransferLog logs/www.ender.org </VirtualHost> The server still uses the www:www user:gid for reading the files in DocumentRoot; that is, if I have a file owned by me (hudson) with permissions 0600, access to the file returns a 403. Access to a file owned by user "www" with the same permissions will work. Execution of CGI scripts using suexec does execute with the correct user (hudson). >How-To-Repeat: http://www.ender.org/ has two files on it, both with permissions 0600. "hudson" is owned by me, and "www" is owned by user www, the user the server normally runs at. http://www.ender.org/cgi-bin/printinfo will show the UID/GID it executes as on the bottom. I am UID 1000, user "www" is UID 500. This seems to be correct. >Fix: Does the "User" directive in a <VirtualHost> only affect execution of CGI scripts? If so, the documentation should be changed to reflect this. %0 >Audit-Trail: >Unformatted:
