Dan Harnett wrote:
On Mon, May 05, 2008 at 11:39:03AM -0500, Chris Bennett wrote:
Actually I didn't, checked that right after I posted, BUT it was
already set as setuid!! A mistake in release??
No. There is no mistake.
$ sudo chmod u+s /usr/sbin/suexec
$ ls -l /usr/sbin/suexec
-r-sr-xr-x 1 root bin 12068 Mar 12 12:41 /usr/sbin/suexec
$ ftp -V -o - $MIRROR/pub/OpenBSD/4.3/i386/base43.tgz \
| sudo tar zxphf - -C /
$ ls -l /usr/sbin/suexec
-r-xr-xr-x 1 root bin 12068 Mar 12 12:41 /usr/sbin/suexec
Are you running in a chroot?
Ha!
I understand setuid and UID/Gid root/bin for suexec,
but shouldn't the executables be made www/www with authorized users
members of www group?
Default suexec -V
shows no access for UID/GID < 1000, so www would not work either.
Also, suexec -V shows public_html enabled, just need to edit the
httpd.cong to allow it also.
Again a problem as / and .. are disallowed, so, no Perl.
The manual page on the local Apache server have been written by
linguists, not eager to learn
computer users.
Redaing the thread, I understand I am not the only unfortunate. Sadly said.
