RT 3.1.17 / Call for comments [Rt-devel] FastCGI, SetGIDness and Taint mode

Guillaume Perréal perreal at lyon.cemagref.fr
Mon Jun 21 05:43:47 EDT 2004

Jesse Vincent a écrit :

>Draft updated instructions for FastCGI configuration options are on the
>Wiki at http://wiki.bestpractical.com/index.cgi?FastCGIConfiguration.
>I would _greatly_ appreciate commentary either on this list or on the
>Wiki as soon as folks can get to it.  To my knowledge, getting this
>solved will allow an immediate release candidate of RT 3.2.
>	Best,
>	Jesse

I'm running RT 3.0.10 in a Apache2 / Suexec / FastCGI config on a Fedora 
Core 1 box. RT is installed in /home/rt3.

The "SuexecUserGroup" directive is required along with "-user" and 
"-group" options of  "FastCgiServer" for Apache 2. Here's my setup 
pertaining to FastCGI :

SuexecUserGroup rt rt
FastCgiServer /var/www/rt3-bin/mason_handler.fcgi -user rt -group rt
ScriptAlias /rt/ /var/www/rt3-bin/mason_handler.fcgi/
<Directory /var/www/rt3-bin/mason_handler.fcgi/>
    SetHandler fastcgi-script
    order deny,allow
    allow from all

- the handler should be in a directory owned by the specified user and 
group -- in fact, I could not manage to get it runnning with doing it,
- the handler should NOT be setuid/setgid.

So I set up files this way :

mkdir /var/www/rt3-bin
ln /home/rt3/bin/mason_handler.fcgi /var/www/rt3-bin/
chown rt:rt /var/www/rt3-bin /home/rt3/bin/mason_handler.fcgi
chmod 0555 /var/www/rt3-bin /home/rt3/bin/mason_handler.fcgi

Best regards,

Guillaume Perréal.

Responsable informatique,
Cemagref, groupement de Lyon,

Tél: (+33)
Fax: (+33)
Site: http://www.lyon.cemagref.fr/

More information about the Rt-devel mailing list