httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@hyperreal.com>
Subject cvs commit: apache/htdocs/manual suexec.html
Date Mon, 02 Dec 1996 00:50:12 GMT
randy       96/12/01 16:50:12

  Modified:    htdocs/manual  suexec.html
  Log:
  Asthetics
  
  Revision  Changes    Path
  1.3       +14 -6     apache/htdocs/manual/suexec.html
  
  Index: suexec.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/suexec.html,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -C3 -r1.2 -r1.3
  *** suexec.html	1996/12/01 20:04:00	1.2
  --- suexec.html	1996/12/02 00:50:10	1.3
  ***************
  *** 3,13 ****
    </head><body>
    
    <!--#include virtual="header.html" -->
  ! <h1>Apache SetUserID Support</h1>
    
    <hr>
    
  ! <h2>What is suEXEC?</h2>
    The <b>suEXEC</b> feature, introduced in Apache 1.2 provides the ability to
    run <b>CGI</b> programs under user ids different from the user id of the
    calling webserver. Used properly, this feature can reduce considerably the
  --- 3,13 ----
    </head><body>
    
    <!--#include virtual="header.html" -->
  ! <h1>Apache suEXEC Support</h1>
    
    <hr>
    
  ! <h3>What is suEXEC?</h3>
    The <b>suEXEC</b> feature, introduced in Apache 1.2 provides the ability to
    run <b>CGI</b> programs under user ids different from the user id of the
    calling webserver. Used properly, this feature can reduce considerably the
  ***************
  *** 17,23 ****
    familar with managing setuid root programs and the security issues they
    present, we highly recommend that you not consider using this feature.<p>
    
  ! <h2>Enabling suEXEC Support</h2>
    Having said all that, enabling this feature is purposefully difficult with
    the intent that it will only be installed by users determined to use it and
    is not part of the normal install/compile process.<p>
  --- 17,25 ----
    familar with managing setuid root programs and the security issues they
    present, we highly recommend that you not consider using this feature.<p>
    
  ! <hr>
  ! 
  ! <h3>Enabling suEXEC Support</h3>
    Having said all that, enabling this feature is purposefully difficult with
    the intent that it will only be installed by users determined to use it and
    is not part of the normal install/compile process.<p>
  ***************
  *** 101,108 ****
    <i>Change the path to the suEXEC wrapper to match your system installation.</i>
    </ul>
    
    <a name="model"></a>
  ! <h2>Security Model of suEXEC</h2>
    The <b>suEXEC</b> wrapper supplied with Apache performs the following security
    checks before it will execute any program passed to it for execution.
    <ol>
  --- 103,112 ----
    <i>Change the path to the suEXEC wrapper to match your system installation.</i>
    </ul>
    
  + <hr>
  + 
    <a name="model"></a>
  ! <h3>Security Model of suEXEC</h3>
    The <b>suEXEC</b> wrapper supplied with Apache performs the following security
    checks before it will execute any program passed to it for execution.
    <ol>
  ***************
  *** 124,130 ****
    welcome to install your own version of the wrapper. We've given you the rope, now go
    have fun with it. <b>:-)</b>
    
  ! <h2>Using suEXEC</h2>
    After properly installing the <b>suexec</b> wrapper executable, you must kill
and restart
    the Apache server. A simple <code><b>kill -1 `cat httpd.pid`</b></code>
will not be enough.
    Upon startup of the webserver, if Apache finds a properly configured <b>suexec</b>
wrapper,
  --- 128,136 ----
    welcome to install your own version of the wrapper. We've given you the rope, now go
    have fun with it. <b>:-)</b>
    
  ! <hr>
  ! 
  ! <h3>Using suEXEC</h3>
    After properly installing the <b>suexec</b> wrapper executable, you must kill
and restart
    the Apache server. A simple <code><b>kill -1 `cat httpd.pid`</b></code>
will not be enough.
    Upon startup of the webserver, if Apache finds a properly configured <b>suexec</b>
wrapper,
  ***************
  *** 146,152 ****
    user id for whom execution is desired. The only requirement needed for this feature to
work
    is for CGI execution to be enabled for the user and that the script must meet the scrutiny
of the <a href="#model">security checks</a> above.
    
  ! <h2>Debugging suEXEC</h2>
    The suEXEC wrapper will write log information to the location defined in the <code>suexec.h</code>
as indicated above. If you feel you have configured and installed the wrapper properly,
    have a look at this log and the error_log for the server to see where you may have gone
astray.
    <!--#include virtual="footer.html" -->
  --- 152,160 ----
    user id for whom execution is desired. The only requirement needed for this feature to
work
    is for CGI execution to be enabled for the user and that the script must meet the scrutiny
of the <a href="#model">security checks</a> above.
    
  ! <hr>
  ! 
  ! <h3>Debugging suEXEC</h3>
    The suEXEC wrapper will write log information to the location defined in the <code>suexec.h</code>
as indicated above. If you feel you have configured and installed the wrapper properly,
    have a look at this log and the error_log for the server to see where you may have gone
astray.
    <!--#include virtual="footer.html" -->
  
  
  

Mime
View raw message