From: Tom Hughes <tom@compton.nu>
Date: Thu, 29 Sep 2016 19:33:09 +0000 (+0100)
Subject: Use suexec to run user CGi scripts
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/b3c7c0d36288566eecbabd2570a57b66116d7407?ds=sidebyside

Use suexec to run user CGi scripts
---

diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 2e5e0058f..528bc17d8 100644
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -29,7 +29,6 @@ include_recipe "postgresql"
 
 package "php"
 package "php-cgi"
-# package "php-cgiwrap"
 package "php-cli"
 package "php-curl"
 package "php-db"
@@ -59,11 +58,15 @@ easy_install_package "geojson"
 
 apache_module "env"
 apache_module "expires"
+apache_module "headers"
 apache_module "proxy"
 apache_module "proxy_fcgi"
 apache_module "rewrite"
+apache_module "suexec"
+apache_module "userdir"
 apache_module "wsgi"
-apache_module "headers"
+
+package "apache2-suexec-pristine"
 
 gem_package "sqlite3"
 
diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index a63829afb..39f1cd60f 100644
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -22,13 +22,10 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
 	CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined
 	ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log
 
-#	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#	RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L]
+	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+	RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
 
-#	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
-#	RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L]
-
-        RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
+	RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f
 	RewriteRule ^/(.*\.ph(p|ps|p3|tml)(/.*)?)$ fcgi://127.0.0.1:<%= @port %><%= @directory %>/$1 [P]
 </VirtualHost>
 
@@ -38,6 +35,12 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivit
 	Require all granted
 </Directory>
 
+<Directory <%= @directory %>/cgi-bin>
+	SetHandler cgi-script
+	Options ExecCGI SymLinksIfOwnerMatch
+	Require all granted
+</Directory>
+
 <Directory <%= @directory %>/wsgi-bin>
 	SetHandler wsgi-script
 	Options ExecCGI SymLinksIfOwnerMatch