From owner-freebsd-questions@FreeBSD.ORG Thu Apr 29 07:07:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88BD216A4CE for ; Thu, 29 Apr 2004 07:07:01 -0700 (PDT) Received: from mail03.talkactive.net (mail03.talkactive.net [81.19.252.192]) by mx1.FreeBSD.org (Postfix) with SMTP id 70A5743D4C for ; Thu, 29 Apr 2004 07:07:00 -0700 (PDT) (envelope-from mikkel@talkactive.net) Received: (qmail 82093 invoked from network); 29 Apr 2004 14:06:57 -0000 Received: from unknown (HELO ?192.168.1.145?) (81.19.252.4) by mail03.talkactive.net with SMTP; 29 Apr 2004 14:06:57 -0000 From: Mikkel Christensen Organization: Talk|Active To: Peter Risdon Date: Thu, 29 Apr 2004 14:06:58 +0000 User-Agent: KMail/1.6.1 References: <200404262126.36157.mikkel@talkactive.net> <200404291058.44766.mikkel@talkactive.net> <409109D6.2090504@circlesquared.com> In-Reply-To: <409109D6.2090504@circlesquared.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404291406.58150.mikkel@talkactive.net> cc: freebsd-questions@freebsd.org Subject: Re: Suexec with Apache 1.3.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Apr 2004 14:07:01 -0000 On Thursday 29 April 2004 13:57, you wrote: > Mikkel Christensen wrote: > > > That sounds promising, suexec is now functioning. Although it's > annoyingly vague, that's a common error from perl cgi scripts. > > It sounds permissions-related. Try running the script on the command > line as the user you want the apache host to run as, and see whether it > gives a more meaningful error. My first thought is that the suexec user > doesn't have execute permissions on the script, or on the directory that > contains it. > I have figured it out now. I would call it quite a wierd rule! You are not allowed to run suexec in any combination og users you like. User=www Group=www -> allowed User=user1 Group=user1 -> allowed User=user1 Group=www -> NOT allowed User=user1 Group=nobody -> alloved So, apperently you are only allowed to run suexec as a different user and group as long as neither of them is the apache user. Otherwise you can do as you like. This seems extremely strange to me. But following theese rules it works as it should. My thanks to everybody who contributed with their knowlegde. - Mikkel