* Bob Bell wrote: > The problem is that that user is in the /etc/passwd file for that domain only, > not in the global /etc/passwd file for the system, which is what suEXEC checks. > From http://httpd.apache.org/docs/suexec.html, a condition for success in > suEXEC is: > 5. Is the target user name valid? > Does the target user exist?
What does that mean? Is that domain chrooted? I don't know whether setuid(2) works without a valid system user. > I would like to know how to disable this check. Do I have to comment > out the lines implementing it in the suEXEC source and recompile? What > kind of problems do I open myself up to if I do? (I can't think of any, > as long as the other checks are all in place, and I'm a reasonably > security-minded guy) You're loosing some control anyway. AFAICS, simply commenting the code out is not sufficient, since the rest of suexec relies on the filled pw structure, so you have to rewrite it, too. Perhaps using <http://cgiwrap.unixtools.org/intro.html> is the better choice for you. nd -- "Eine Eieruhr", erkl�rt ihr Hermann, "besteht aus einem Ei. Du nimmst das Ei und kochst es. Wenn es hart ist, sind f�nf Minuten um. Dann wei�t du, da� die Zeit vergangen ist." -- Hannes H�ttner in "Das Blaue vom Himmel"
