Hello. This is not a bug but merely a suggestion. I am trying to install some software and I realise that it would be beautiful to be able to define the SuexecUserGroup from the mod_suexec module not only in the VirtualHosts, but also in the <Directory> sections. However, this should most probably be a feature for the httpd.conf ONLY, and not in the .htaccess, to avoid having people getting rights that they are not allowed to have. Maybe there is another better way to do this, but my goal would be to be able to run CGIs with another user or group ID than apache. I don't like the <VirtualHost> mean to do that, because we cannot do an SSL connection if we have only one IP address. Therefore putting SuexecUserGroup in the <Directory> tag would be a great solution to overcome those problems, if there is not too many security concerns about it (I don't know). We can see that problem typically when installing the 'sympa' mailing list software. Thanks for listening. Regards, Daniel
I updated the enhancement request in bugzilla, because 2.4.10 still doesn't have the feature. It has been asked in development mailing lists also: http://mail-archives.apache.org/mod_mbox/httpd-dev/201205.mbox/%3CCA+-XxSFMS0YRmZZitL0X-sgVGZBvxfZvrt57hH163DabrZ_N2g@mail.gmail.com%3E
I found a patch already created for that: https://www.mail-archive.com/dev@httpd.apache.org/msg17561.html. It was for apache 2.0, but probably mod_suexec code hasn't changed a lot.
Created attachment 32000 [details] Patch to allow SuexecUserGroup in Directory context Patch to fix the problem. SuexecUserGroup is allowed to be in Directory context with the patch.