From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a) Gecko/20031013 Firebird/0.7+ (daihard; optimized for P4/SSE) Description of problem: Fedora Core and Red Hat Linux ship with a group called "users". When users are actually given this group as their default group, suexec will not permit execution of CGI scripts. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Create a new user in the "users" group: useradd -g users foo 2. Make a public_html directory: mkdir -p ~foo/public_html ; chown -R foo:users ~foo ; chmod 755 ~foo ~foo/public_html 3. Create a test CGI script for the user: echo -e '#!/bin/sh\necho "Content-type: text/plain"\necho\necho Hello, world"' > ~foo/public_html/hello.cgi ; chown foo:users ~foo/public_html/hello.cgi ; chmod 755 ~foo/public_html/hello.cgi 4. Enable UserDir processing in httpd.conf (UserDir public_html) and permit CGI execution (Allow ExecCGI). 5. Hit http://localhost/~foo/hello.cgi Actual Results: The following entry appears in /var/log/httpd/suexec.log: [2003-10-14 15:20:19]: cannot run as forbidden gid (100/hello.cgi) Expected Results: "Hello, world" displayed in the browser. Additional info:
Thanks for the report. I've lowered the suexec minimum acceptable GID to 100 in 2.0.47-10.