At 17:42 02/10/00 -0400, Sam Varshavchik wrote:
>On Mon, 2 Oct 2000, Lou Hevly wrote:
>
>> My suexec error log says:
>> [2000-10-02 19:18:46]: info: (target/actual) uid: (ducaniveaux/ducaniveaux) gid:
>(ducaniveaux/ducaniveaux) cmd: sqwebmail
>> [2000-10-02 19:18:46]: error: file is either setuid or setgid:
>(/home/www/ducaniveaux/cgi-bin/sqwebmail)
>
>Sounds like your server is configured to prohibit execution of setuid
>apps. If you want to use sqwebmail, you will have to get rid of this
>"feature".
I'm using qmail and vpopmail in a virtual subhosting environment. Apache's suexec
wrapper is necessary for us because it provides our users the ability to run CGI and
SSI programs under their own user IDs, not that of the webserver. So if a user's CGI
program writes to some sort of database, this database doesn't have to be world
writable. (I really don't think flexible virtual subhosting can be done without
suexec, though I'd be happy to hear others' opinions.)
Unfortunately, one of the conditions suexec stipulates is that the CGI program NOT
setuid or setgid.
In sqwebmail's security doc, it states that "it is possible to install SqWebMail
setuided to the virtual userid, instead of root". However, I assume sqwebmail will
still setuid when called, and so it seems there is at present no way to use sqwebmail
on suexec-enabled Apache servers. Correct? If true, then might I suggest that his be
mentioned in the docs?
Thanks to Donald and Mr Sam for their help on this.
--
All the best (Ad�u-siau),
Lou Hevly
[EMAIL PROTECTED]
http://www.visca.com
