Bug 107083 - suexec doesn't work with users in "users" group
Summary: suexec doesn't work with users in "users" group
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd   
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2003-10-14 20:30 UTC by Ed Marshall
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version: 2.0.47-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-10-23 12:36:41 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ed Marshall 2003-10-14 20:30:44 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6a) Gecko/20031013
Firebird/0.7+ (daihard; optimized for P4/SSE)

Description of problem:
Fedora Core and Red Hat Linux ship with a group called "users". When users are
actually given this group as their default group, suexec will not permit
execution of CGI scripts.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Create a new user in the "users" group: useradd -g users foo

2. Make a public_html directory: mkdir -p ~foo/public_html ; chown -R foo:users
~foo ; chmod 755 ~foo ~foo/public_html

3. Create a test CGI script for the user: echo -e '#!/bin/sh\necho
"Content-type: text/plain"\necho\necho Hello, world"' >
~foo/public_html/hello.cgi ; chown foo:users ~foo/public_html/hello.cgi ; chmod
755 ~foo/public_html/hello.cgi

4. Enable UserDir processing in httpd.conf (UserDir public_html) and permit CGI
execution (Allow ExecCGI).

5. Hit http://localhost/~foo/hello.cgi

Actual Results:  The following entry appears in /var/log/httpd/suexec.log:

[2003-10-14 15:20:19]: cannot run as forbidden gid (100/hello.cgi)

Expected Results:  "Hello, world" displayed in the browser.

Additional info:

Comment 1 Joe Orton 2003-10-23 12:36:41 UTC
Thanks for the report.  I've lowered the suexec minimum acceptable GID to 100 in

Note You need to log in before you can comment on or make changes to this bug.