Re: ownership of cgi program relevant?

Michael Smith (mjs@cursci.co.uk)
Wed, 05 Feb 1997 17:09:21 +0000

Message-Id: <32F8BEC1.501CDCA8@cursci.co.uk>
Date: Wed, 05 Feb 1997 17:09:21 +0000
From: Michael Smith <mjs@cursci.co.uk>
To: Stanley Gambarin <gambarin@OpenMarket.com>
Subject: Re: ownership of cgi program relevant?

Thanks for the reply - I did eventually manage to get to the bottom of
the problem - it was to do with the group of the particular user, which
had his home account on another machine and the file owned by "nobody". 
On the machine with the web server, his files come up with a ridiculous
group, like so:

drwxr-xr-x    2 mikep    4294967294    512 Feb  5  1997 docs

It seems to be this that makes the difference.  If the server is running
as mikep it runs OK despite the group.  If the server is running as a
different user but the group is sensible, it also runs OK.  I'm not
entirely sure why the group is showing up like this, but it's
understandable that a web server might choke on it.

Mike


Stanley Gambarin wrote:
> 
> > I'm using apache_1.2b4 on SGI, and mod_fastcgi 1.4.3.  I'm wondering if
> > the cgi program needs to be owned by the user the web server is running
> > as.  I'm getting the error
> >
> > apollo% ./run.sh
> > Syntax error on line 111 of /httpd/conf/httpd.conf:
> > AppClass: Could not access file /httpd/cgi-bin/fast.fpl
> >
> > when I attempt to run the web server as a different user.  This user has
> > no problems running the program on the command line.  fast.fpl has
> > permissions -rwxr-xr-x.
> >
>         In general, a fastcgi program must be executable by the user that
> the web server runs as.  The access permissions are based on the effective
> user and group ids and are checjed at runtime.  In addition, any directories
> that lead to the fastcgi application must be accessable by the effective
> uid.  (By accessable, I mean that you are allowed to search and read through
> those directories, usually translating into r-x permissions).
>         A couple of guesses as to what may be wrong with your setup above:
> you specified /httpd/cgi-bin/fast.fpl as the location of executable.  If the
> path above is relative to ServerRoot, then it will not work, since fastcgi
> does chdir(), which changes the current directory and so it will not be able
> to find the app (solution is to specify the full-path to the executable).
>         Directory /httpd or /httpd/cgi-bin are not readable and/or
> executable by the user.  Finally, it could be that server changes the
> effective uid, which results in different permissions.
>         Hopefully, one of those should fix your setup.   If not, I would
> appreciate a more detailed report with excerpts from the configuration
> file, describing User directive, as well as AppClass directives.
>                                                 Hope that was of some help.
>                                                                 Stanley.