Bug #1118

Cannot run CGI/SuEXEC scripts for which lighty has no read permissions.

Added by scroffer52 almost 13 years ago. Updated over 3 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


If a CGI script can't be read by lightty, then it can't be run, even via a SuEXEC wrapper. You get a 403 error. The SuEXEC wrapper never gets run - lightty just returns a 403.

If you're running under FastCGI, then this is solved with the "broken-scriptfilename" => "enable" option which makes lightty skip its check. However, for normal CGI, there is no such option.

I have websites with only one or 2 PHP scripts (e.g. a contact form). I don't have resources to allocate permanent FastCGI processes to these, but I do want them suexec'd under their own username. I just want them to fork a CGI process. However, it doesn't seem to be possible... :-(


Updated by stbuehler over 11 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix

mod_cgi needs a physical file, and we won't change that; but it is enough to have the "entry" script readable by lighttpd, just put passwords in another file.

Or use a cgi-fastcgi wrapper.


Updated by stbuehler over 11 years ago

  • Status changed from Fixed to Wontfix

Updated by gstrauss over 3 years ago

  • Description updated (diff)
  • Status changed from Wontfix to Fixed
  • Target version set to 1.4.42

Fixed in b9f245f2, which removes the requirement that target file be readable. lighttpd still needs to be able to stat() the file.

[mod_cgi] permit CGI exec of unreadable files (fixes #2374)

CGI target might be executable (+x), but not readable (-r)

"lighttpd-1.4.29 cannot execute unreadable CGIs"

Also available in: Atom