Apache 2.0.52 symlinks from public_html/ to sibling directory not working

Hi,

So, users can access files in their ~/public_html directory on an
internal apache server at my work. Some people have public_html as a
directory, others (like me) have it as a symlink pointing to ~/. For
reasons I won't get into here, I need users to be able to create a
symlink called 'cgi-bin' in their ~/public_html directory and have it
point to ~/some/other/directory/. Here's the configuration for user
directories:

<Directory /u/*/public_html/>
Options All
AddHandler cgi-script .cgi
Order allow,deny
Allow from all
</Directory>

It works fine if ~/public_html is a symlink to ~/ and cgi-bin is
another symlink in ~/ that points to ~/some/other/directory. I get a
500 error, though, if ~/public_html is a directory and cgi-bin is a
symlink from ~/public_html to ~/some/other/directory. It makes sense
to me that that would happen, since apache wouldn't know what to do
with the non-public-html directory, but if public_html is a symlink
to your home directory then everything under your home directory is in
public_html.

What I can't figure out is that another apache web server with the
same configuration will follow the cgi-bin symlink to a sibling
directory of ~/public_html. This server is running 2.0.40, which is a
little bit older. Did the way apache handles this situation change
between those releases?

More importantly, how do I allow people with a public_html directory
have a symlink in there that links to a sibling directory? SUexec is
disabled, by the way. I've tried adding the following:

<Directory /u/*/>
Options All Indexes ExecCGI FollowSymLinks
AddHandler cgi-script .cgi
Order allow,deny
Allow from all
</Directory>

but still get the 500 error.

Anybody know what I'm doing wrong? Yes, I know the whole thing is a
little silly and we're really lax on permissions. I just work here.

Thanks,
Byron

I figured it out. I discovered that I could browse directories
outside of a user's public_html if there was a symlink from
public_html, but that I couldn't run any CGI scripts from them.

That made me suspicious of suexec. I looked in /var/log/httpd/
suexec.log and sure enough found a bunch of 'command not in docroot'
messages. I had though I had disabled suexec, but there it was in /
usr/sbin/suexec. I renamed it and restarted apache and now everything
works fine.

-byron

<titus.byronicus@gmail.com> schreef in bericht
news:1172531621.984951.124960@s48g2000cws.googlegr oups.com...
>I figured it out. I discovered that I could browse directories
> outside of a user's public_html if there was a symlink from
> public_html, but that I couldn't run any CGI scripts from them.
>
> That made me suspicious of suexec. I looked in /var/log/httpd/
> suexec.log and sure enough found a bunch of 'command not in docroot'
> messages. I had though I had disabled suexec, but there it was in /
> usr/sbin/suexec. I renamed it and restarted apache and now everything
> works fine.
But for some report during deamon start in default error.log

Rather you had removed all instances of
'suexecusergroup'
from your config, as well as the line
'LoadModule suexec_module ... mod_suexec...'
http://httpd.apache.org/docs/2.2/mod...uexecusergroup

HansH