Bug 63908 - Alternate Group setting prevents access to CGI pipe
Summary: Alternate Group setting prevents access to CGI pipe
Status: RESOLVED INVALID
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_cgi (show other bugs)
Version: 2.4.37
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-07 17:14 UTC by Todd Merriman
Modified: 2020-01-24 15:16 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Todd Merriman 2019-11-07 17:14:15 UTC 
CentOS Linux release 8.0.1905 (Core)

Pipe directory created with ownership in /var/run:
drwx--x---  3 root           apache          100 Nov  7 11:24 httpd

httpd.conf contains:

# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group webmaster

Error log when attempting to execute cgi:

[Thu Nov 07 11:27:55.191570 2019] [cgid:error] [pid 1342:tid 140405416908544] (13)Permission denied: [client 192.168.0.12:40352] AH01257: unable to connect to cgi daemon after multiple tries: /usr2/www/toolz/orion/cgi-bin/finance.cgi

Solution is to change ownership of /var/run/httpd:

drwx--x---  3 root           webmaster       100 Nov  7 11:49 httpd
Comment 1 Joe Orton 2020-01-24 15:16:33 UTC 
I think this is simply a config error.  If you change the the Group setting in httpd.conf then you will also have to change the group of directories which httpd expects to be group-writable; similarly if you changed the User.