[ic] suexec? target uid/gid mismatch with program

Doug Alcorn doug@lathi.net
26 Nov 2000 16:55:09 -0500


Mike Heins <mikeh@minivend.com> writes:

> Quoting Doug Alcorn (doug@lathi.net):
> > What suexec complains about is "target uid/gid (508/508) mismatch with
> > directory (508/508) or program (510/510)".  What I get out of this is
> > that apache sets the target uid/gid based on the User and Group
> > settings in the VirtualHost block.  However, the catalog has to run
> > as a different user and group.  Apache's User and Group match the
> > uid/gid of the cgi-bin directory, but not the catalog's vlink.
> 
> Sorry, not much except set SocketPerms to 0666 or 0660, whichever
> will work. This is an Apache configuration issue -- if the permissions
> are OK, Interchange will work.

Yes, if I change the permissions on the socket to 0666 interchange
will work.  I have a problem and a question about this.  First,
everytime I restart interchange the permissions on this socket get
reset to the default (of course).  I guess I will just put the chmod
in a wrapper around the restart of interchange.

Now, what was the design decision for the default permissions?  What
are you trying to accomplish by limiting access to the socket?  Is it
a security risk for me to run it as 0600?
-- 
 (__)  Doug Alcorn (mailto:doug@lathi.net http://www.lathi.net)
 oo /  Unix Hacker
 |_/   "It's too late for paradise" (at least in this life)