knox Posted November 22, 2015 Share Posted November 22, 2015 Hi, i am using froxlor 0.9.34-1 on debian jessie with apache 2.4 and suexec and i came across a little issue regarding the "Perl/CGI SuExec-Workaround": AH00037: Symbolic link not allowed or link target not accessible: /var/customers/webs/web1/cgi-bin after having a closer look arround i found the cause: lrwxrwxrwx 1 root root 55 Nov 22 11:27 /var/customers/webs/web1/cgi-bin -> /var/www/cgi-bin/web1/7c80caaaa75a9aaaaf043edaaaacfaaa/ the symlink owner is root:root, but that is not allowed by the apache config which sets +SymLinksIfOwnerMatch: <Directory "/var/customers/webs/web1/"> Options -Indexes +ExecCGI -MultiViews +SymLinksIfOwnerMatch +FollowSymLinks AllowOverride None AddHandler cgi-script .cgi .pl Require all granted </Directory> as a temporary workarround i have changed the owner of the symlink to match the owner of the target so apache has nothing more to complain: chown -h web1:web1 /var/customers/webs/web1/cgi-bin i am not sure what is the better approach for a permanent fix, whether to add the chown to the suexec-workaround or to get rid of +SymLinksIfOwnerMatch. probably the latter is the worse. Link to comment Share on other sites More sharing options...
knox Posted November 29, 2015 Author Share Posted November 29, 2015 The cron task does not chown the created symlink correctly. I have created a pull request which fixes the issue. Link to comment Share on other sites More sharing options...
d00p Posted November 23, 2015 Share Posted November 23, 2015 the cgi-bin folder should be owned by the user, else he would not be able to put stuff in there using FTP or similar...need to check the cron if it does correctly chown Link to comment Share on other sites More sharing options...
knox Posted November 23, 2015 Author Share Posted November 23, 2015 in case of the "Perl/CGI SuExec-Workaround" the cgi-bin is a symlink. and indeed it has wrong permissions. do you have a hint for me where i should look for the piece of script that actually creates it? once i find the root cause for the wrong ownership i'm going to fix it and create a pull request. Link to comment Share on other sites More sharing options...
Question
knox
Hi,
i am using froxlor 0.9.34-1 on debian jessie with apache 2.4 and suexec and i came across a little issue regarding the "Perl/CGI SuExec-Workaround":
after having a closer look arround i found the cause:
the symlink owner is root:root, but that is not allowed by the apache config which sets +SymLinksIfOwnerMatch:
as a temporary workarround i have changed the owner of the symlink to match the owner of the target so apache has nothing more to complain:
i am not sure what is the better approach for a permanent fix, whether to add the chown to the suexec-workaround or to get rid of +SymLinksIfOwnerMatch. probably the latter is the worse.
Link to comment
Share on other sites
3 answers to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.