Configure User Directories with cgi Scripting in Apache

Author: Sven Knispel
Updated: 2004-12-10

This article describes how to configure Apache to support ~user directories. In a second step each ~user directory is set up to allow cgi-scripts to be run from ~user/cgi-bin.
User specific web-directories are managed by the module mod_userdir.c. Each user gets a web-directory called /~ mapped to /home//public_html.

1. Configure user directories

1.1. Set the right permissions at directory-level

Following permissions must be granted:

/home/<username> must have 711 permissions
/home/<username>/public_html must have 755 permissions
and all files in public_html must be word-readable

1.2. Activate the `~user` directories

Search for in httpd.conf and make sure that:

UserDir disable is commented out
I recommend disabling the UserDir for user root: UserDir disabled root
UserDir is defined as public_html

Copy some html files to ~user/public_html and open them using a browser. If you encounter problems with permissions make sure the above-mentioned rights are granted (remember, Apache access files using the user apache as a default.

2. Activate cgi-scripting in `~user` directories

There are two ways to activate cgi (e.g. perl) in a specific user subdirectory:

define a ScriptAlias
add the Option ExecCGI

For both there must ba a handler for the scripting language defined in httpd.conf(e.g. for perl).


            AddHandler cgi-script .pl

2.1. Define a `ScriptAlias`

ScriptAlias defines a directory where cgi-scripts can be executed:


            ScriptAlias /~sven/cgi-bin "/home/sven/public_html/cgi-bin/"

Once this is defined and Apache restarted Perl-scripts can be executed in /~sven/cgi-bin (don't forget set the x-permission to the script).
Drawback of this solution is that every script-directory must be defined separately.

2.2. Add the Option ExecCGI

The option ExecCGI can be defined at a <Diretory> level in httpd.conf. It is generally not a good idea to set this at the uppermost level /.
Following definition gives each user to run cgi-scripts from his ~<user>/cgi-bin directory:


            <Directory /home/*/public_html/cgi-bin>

              AllowOverride None

              Options +ExecCGI +Includes +Indexes

              Order allow,deny

              Allow from all

            </Directory>

Restart Apache after making the changes to httpd.conf.
I had some problems because with this definition my scripts were not running, but ended with following error in /var/log/httpd/error_log:


            Premature end of script headers

After a long search I found the explanations here.
There is a programme called suexec, that is used by Apache to run scripts (at least on my Fedora Core 2).

You can check if suexec is active by running apachectl -V, and see if there is a suexec located in the path given by SUEXEC_BIN.
If yes there is more about the cause of the error to be found in /var/log/httpd/suexec.log.

suexec seems to be quite sensitive about uid/gid and, if you don't understand what it is doing I recomment deactivating it by renaming /usr/sbin/suexec and restart Apache.