FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-18-2008, 05:36 PM
"Aaron Bliss"
 
Default trouble with suexec

Hi all,

I have a redhat 5 ES box that I'm having trouble with. Out of the box,
redhat 5 will not allow users with a uid < 500 to login. I modified the
/etc/pam.d/system-auth file to work around this:

Original : auth requisite pam_succeed_if.so uid >= 500 quiet

Modified: auth requisite pam_succeed_if.so uid >= 100 quiet

I had to make this change, as the box is authenticating against our ldap
environment, and there are a few users that have uid's less than 500. So,
for things such as ssh interactive logins, all is okay. I'm now running
into a problem in which httpd is not letting seemingly the same group of
users execute cgi's from their home directories. I've modified cat
/etc/httpd/conf/httpd.conf to allow for the execution of cgi's from users
home directories. For users with a uid greater than 500, cgi's execute as
expected. For users with a uid less than 500, the cgi doesn't execute and
the following is logged in /var/log/httpd/suexec.log:

cannot run as forbidden uid (402/hello.cgi)



Any ideas how I can modify the behavior to allow uid's < 500 to run cgi's?
If not, how do I disable suexec from loading? I would rather not re-compile
this, as I prefer to use yum to keep the box patched and from what I've
read, suexec does add some extended security to httpd. Thanks.



Aaron

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 01:52 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org