# apache and cgi

## simcop2387

i was wondering, i need to be able to aloow users to run cgi scripts and i want apache to run then under one specific user rather than trying to use their username when the cgi is in their public_html directory, anyone have any ideas?

----------

## klieber

 *simcop2387 wrote:*   

> i was wondering, i need to be able to aloow users to run cgi scripts and i want apache to run then under one specific user rather than trying to use their username when the cgi is in their public_html directory, anyone have any ideas?

 

Unless you use something like cgiwrap, then all CGI scripts are run as one user by default.  (the same user that apache runs as, which should be 'nobody' or a similarly-unprivileged account)

--kurt

----------

## simcop2387

well that means that i was wrong about what my logs were telling me, maybe someone can help me understand what this means then?

```

[Sun Nov  2 18:54:34 2003] [error] [client 192.168.10.1] (2)No such file or directory: getpwnam: invalid username gokuDX7

[Sun Nov  2 18:54:34 2003] [error] (2)No such file or directory: exec of /home/httpd/users/gokuDX7/cgi-bin/image/config.cgi failed

[Sun Nov  2 18:54:34 2003] [error] [client 192.168.10.1] Premature end of script headers: /home/httpd/users/gokuDX7/cgi-bin/image/config.cgi

[Sun Nov  2 18:54:36 2003] [error] [client 192.168.10.1] (2)No such file or directory: getpwnam: invalid username gokuDX7

[Sun Nov  2 18:54:37 2003] [error] (2)No such file or directory: exec of /home/httpd/users/gokuDX7/cgi-bin/image/config.cgi failed

```

sorry if it's wrapped i had to sorta break into my system to get that from the logs and it may have done that i'm not sure yet.

this happens whenever i try to goto http://24.158.33.143:5121/~gokuDX7/cgi-bin/image/config.cgi  i can run the script by hand no problems, but apache doesnt seem to want to run it when called from the web.

----------

## rac

Perhaps there is a prettier way, but try renaming /usr/sbin/suexec to something else, and then restarting Apache.

----------

## simcop2387

nope didnt do it, and now that i'm at home i can show you the permissions of the file, this same script was working at another path when it wasnt in a user's dir, i may have to move it back over so that it works again, which would honestly stink but i want it to work for him

```

[Mon Nov  3 14:13:57 2003] [error] [client 192.168.10.1] (2)No such file or directory: getpwnam: invalid username gokuDX7

[Mon Nov  3 14:13:57 2003] [error] (2)No such file or directory: exec of /home/httpd/users/gokuDX7/cgi-bin/image/config.cgi failed

[Mon Nov  3 14:13:57 2003] [error] [client 192.168.10.1] Premature end of script headers: /home/httpd/users/gokuDX7/cgi-bin/image/config.cgi

```

```

Permissions:

24 init.d # ll /home/httpd/users/gokuDX7/cgi-bin/image/config.cgi

-rwxr-xr-x    1 apache   apache      36543 Sep 13  2002 /home/.../cgi-bin/config.cgi

path shortened for space

24 init.d #

```

----------

## rac

OK, I guess I don't understand what you want to happen.  klieber discusses that normal CGIs are run under the same uid as the Apache server.  I added that if suEXEC is enabled, then CGIs in user directories run as that user.  This is usually a good thing.  I assumed, however, that you wanted CGIs in user directories to run under the apache uid as well, and that's what I described how to do.

I just tested it by making a CGI in a home directory that just printed the current UID.  The first time I ran it with suEXEC enabled, and it printed the uid of the user whose directory it was in.  Then I moved /usr/sbin/suexec to /usr/sbin/suexec-jail, stopped apache, started it again, checked the error log to make sure suEXEC was not enabled, and then reran the CGI and it printed the apache uid number.

----------

## simcop2387

part of your confusion is coming from me, as i am not too sure what's going on there right now.

----------

