Bug #1118
closedCannot run CGI/SuEXEC scripts for which lighty has no read permissions.
Description
If a CGI script can't be read by lightty, then it can't be run, even via a SuEXEC wrapper. You get a 403 error. The SuEXEC wrapper never gets run - lightty just returns a 403.
If you're running under FastCGI, then this is solved with the "broken-scriptfilename" => "enable" option which makes lightty skip its check. However, for normal CGI, there is no such option.
I have websites with only one or 2 PHP scripts (e.g. a contact form). I don't have resources to allocate permanent FastCGI processes to these, but I do want them suexec'd under their own username. I just want them to fork a CGI process. However, it doesn't seem to be possible... :-(
Updated by stbuehler about 16 years ago
- Status changed from New to Fixed
- Resolution set to wontfix
mod_cgi needs a physical file, and we won't change that; but it is enough to have the "entry" script readable by lighttpd, just put passwords in another file.
Or use a cgi-fastcgi wrapper.
Updated by gstrauss about 8 years ago
- Description updated (diff)
- Status changed from Wontfix to Fixed
- Target version set to 1.4.42
Fixed in b9f245f2, which removes the requirement that target file be readable. lighttpd still needs to be able to stat() the file.
[mod_cgi] permit CGI exec of unreadable files (fixes #2374)
CGI target might be executable (+x), but not readable (-r)
x-ref:
"lighttpd-1.4.29 cannot execute unreadable CGIs"
https://redmine.lighttpd.net/issues/2374
Also available in: Atom