From owner-freebsd-isp  Wed Apr  1 07:41:40 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA23136
          for freebsd-isp-outgoing; Wed, 1 Apr 1998 07:41:40 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from mail.westbend.net (ns1.westbend.net [207.217.224.194])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA23107
          for <freebsd-isp@FreeBSD.ORG>; Wed, 1 Apr 1998 07:41:36 -0800 (PST)
          (envelope-from hetzels@westbend.net)
Received: from admin (admin.westbend.net [207.217.224.195])
	by mail.westbend.net (8.8.8/8.8.8) with SMTP id JAA11369;
	Wed, 1 Apr 1998 09:40:42 -0600 (CST)
	(envelope-from hetzels@westbend.net)
Message-ID: <009e01bd5d85$065047c0$c3e0d9cf@admin.westbend.net>
From: "Scot W. Hetzel" <hetzels@westbend.net>
To: "Dean Hollister" <dean@odyssey.apana.org.au>
Cc: <freebsd-isp@FreeBSD.ORG>
Subject: Re: suexec error
Date: Wed, 1 Apr 1998 09:44:14 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

From: Dean Hollister <dean@odyssey.apana.org.au>

>On Wed, 1 Apr 1998, Scot W. Hetzel wrote:
>
>> The files/Makefile redefines this to user "www", thus the server should
be
>> changed to run as this user in the config file.  If this isn't what your
>> server runs as then you need to change it here, before you build the
port.
>
>The fp install script sets the owners to what you want anyway...
>
>> This gets redefined to "public_html/cgi-bin" by the files/Makefile from
the
>> apache-fp port. This way all cgi programs are in one directory instead of
>> being run from any directory under public_html.
>
>CGI Scripts still run as root regardless...
>
Who owns the public_html and public_html/cgi-bin directories, it should be
the user. If root owns them, then scripts will be run as root.

In a previous message:
>However, upon installing the recompiled version, all cgi ran as root - a
>definite security no-no. So, I compiled the standalone version of suexec
>which works correctly.

What standalone version? the one in apache*/support (before / after the
patches have been applied), or the one located on the web page.

Scot



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message