Bug 74098 - su gets docroot wrong in vertual hosts
Summary: su gets docroot wrong in vertual hosts
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: apache   
(Show other bugs)
Version: 7.2
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2002-09-16 04:42 UTC by Need Real Name
Modified: 2007-04-18 16:46 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-09-21 10:41:34 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2002-09-16 04:42:08 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020513

Description of problem:
I have a virtual host called cc in which I set user/group to cc/cc, valid user
accounts on my system.
In the virtualhost definition I set documentroot to an area outside the main
server's document root, and use scriptalias to specify cgi-bin directories.

I cannot run cgi from within CC's docroot (which I should be able to do) and I
can run cgi from within the master docroot (which I should not be able to).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Create a virtual host like this:

    ServerAdmin webmaster@computerdatasafe.com.au
    DocumentRoot /var/ftp/pub/linux
    ServerName cc.computerdatasafe.com.au
    ServerAlias cc
         ScriptAlias /ks/ "/var/ftp/pub/linux/ks/"
         ScriptAlias /cgi-bin/ "/var/ftp/pub/linux/ks/"
         ScriptAlias /Cgi-bin/ /var/www/html/cgi-bin/
    ErrorLog logs/cc-error_log
    CustomLog logs/cc-access_log common
    user cc
    group cc
<Directory "/var/ftp/pub/linux/ks">
    AllowOverride None
    Options ExecCGI FollowSymLinks
    Order allow,deny
    Allow from all

Create a normal user account cc:cc.

With that setup I expect to be alble to fetch http://cc/ks/ks


Actual Results:  I cannot fetch http://cc/ks/ks
I can fetch http://cc/Cgi-bin/ks

Additional info:

Here are messages resulting from actually using testcgi:
[root@gw httpd]# tail -5 suexec_log cc-error_log cc-access_log
==> suexec_log <==
[2002-09-16 12:37:52]: info: (target/actual) uid: (cc/cc) gid: (cc/cc) cmd: testcgi
[2002-09-16 12:37:52]: error: target uid/gid (507/507) mismatch with directory
(507/507) or program (0/0)
[2002-09-16 12:39:22]: info: (target/actual) uid: (cc/cc) gid: (cc/cc) cmd: testcgi
[2002-09-16 12:40:03]: info: (target/actual) uid: (cc/cc) gid: (cc/cc) cmd: testcgi
[2002-09-16 12:40:03]: error: command not in docroot (/var/ftp/pub/linux/ks/testcgi)

==> cc-error_log <==
[Mon Sep 16 11:58:52 2002] [error] [client] Premature end of script
headers: /var/ftp/pub/linux/ks/testcgi
[Mon Sep 16 12:01:59 2002] [error] [client] script not found or
unable to stat: /var/www/html/cgi-bin/testcgi
[Mon Sep 16 12:35:48 2002] [error] [client] Premature end of script
headers: /var/www/html/cgi-bin/testcgi
[Mon Sep 16 12:37:52 2002] [error] [client] Premature end of script
headers: /var/www/html/cgi-bin/testcgi
[Mon Sep 16 12:40:03 2002] [error] [client] Premature end of script
headers: /var/ftp/pub/linux/ks/testcgi

==> cc-access_log <== - - [16/Sep/2002:12:35:48 +0800] "GET /Cgi-bin/testcgi HTTP/1.0" 500 624 - - [16/Sep/2002:12:37:31 +0800] "GET /Cgi-bin/testcgi HTTP/1.0" 403 296 - - [16/Sep/2002:12:37:52 +0800] "GET /Cgi-bin/testcgi HTTP/1.0" 500 624 - - [16/Sep/2002:12:39:22 +0800] "GET /Cgi-bin/testcgi HTTP/1.0" 200
1524 - - [16/Sep/2002:12:40:03 +0800] "GET /ks/testcgi HTTP/1.0" 500 624
[root@gw httpd]#

Comment 1 Joe Orton 2004-09-21 10:41:34 UTC
Thanks for the report.  This is a mass bug update; since this release
of Red Hat Linux is no longer supported, please either:

a) try and reproduce the bug with a supported version of Red Hat
Enterprise Linux or Fedora Core, and re-open this bug as appropriate
after changing the Product field, or,

b) if relevant, try and reproduce this bug using the current version
of the upstream package, and report the bug upstream.

Note You need to log in before you can comment on or make changes to this bug.