Package: apache Version: 1.3.29.0.1-1 Severity: normal Tags: sid suexec is broken.
/usr/lib/apache/suexec -V reports: -D DOC_ROOT="/usr/local/apache/htdocs" -D GID_MIN=100 -D HTTPD_USER="www" -D LOG_EXEC="/var/log/apache/cgi.log" -D SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D UID_MIN=1000 -D USERDIR_SUFFIX="public_html" The HTTPD_USER option should be www-data. This prevents the su mechanism from properly working, making all relevant cgi scripts fail with an internal server error. /var/log/apache/cgi.log shows for each: crit: calling user mismatch (www-data instead of www) -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux eastbits 2.4.23-rc3-djc3-6um #2 Fri Nov 21 22:48:44 EST 2003 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages apache depends on: ii apache-common 1.3.29.0.1-1 Support files for all Apache webse ii debconf 1.3.22 Debian configuration management sy ii dpkg 1.10.18 Package maintenance system for Deb ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an ii libdb4.1 4.1.25-10 Berkeley v4.1 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libmagic1 4.06-1 File type determination library us ii libpam0g 0.76-14 Pluggable Authentication Modules l ii logrotate 3.6.5-2 Log rotation utility ii mime-support 3.23-1 MIME files 'mime.types' & 'mailcap ii perl [perl5] 5.8.2-2 Larry Wall's Practical Extraction -- debconf information: * apache/server-name: www.skittlebrau.org * apache/document-root: /var/www * apache/server-port: 80 * apache/enable-suexec: true * apache/init: true * apache/server-admin: [EMAIL PROTECTED]