Bug 107083 - suexec doesn't work with users in "users" group
suexec doesn't work with users in "users" group
Product: Fedora
Classification: Fedora
Component: httpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
Depends On:
  Show dependency treegraph
Reported: 2003-10-14 16:30 EDT by Ed Marshall
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version: 2.0.47-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-10-23 08:36:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ed Marshall 2003-10-14 16:30:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a) Gecko/20031013
Firebird/0.7+ (daihard; optimized for P4/SSE)

Description of problem:
Fedora Core and Red Hat Linux ship with a group called "users". When users are
actually given this group as their default group, suexec will not permit
execution of CGI scripts.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a new user in the "users" group: useradd -g users foo

2. Make a public_html directory: mkdir -p ~foo/public_html ; chown -R foo:users
~foo ; chmod 755 ~foo ~foo/public_html

3. Create a test CGI script for the user: echo -e '#!/bin/sh\necho
"Content-type: text/plain"\necho\necho Hello, world"' >
~foo/public_html/hello.cgi ; chown foo:users ~foo/public_html/hello.cgi ; chmod
755 ~foo/public_html/hello.cgi

4. Enable UserDir processing in httpd.conf (UserDir public_html) and permit CGI
execution (Allow ExecCGI).

5. Hit http://localhost/~foo/hello.cgi

Actual Results:  The following entry appears in /var/log/httpd/suexec.log:

[2003-10-14 15:20:19]: cannot run as forbidden gid (100/hello.cgi)

Expected Results:  "Hello, world" displayed in the browser.

Additional info:
Comment 1 Joe Orton 2003-10-23 08:36:41 EDT
Thanks for the report.  I've lowered the suexec minimum acceptable GID to 100 in

Note You need to log in before you can comment on or make changes to this bug.