httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject svn commit: r702508 [6/6] - in /httpd/httpd/branches/2.2.x/docs/manual: ./ mod/
Date Tue, 07 Oct 2008 15:07:58 GMT
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/quickreference.html.tr.utf8
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/quickreference.html.tr.utf8?rev=702508&r1=702507&r2=702508&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/quickreference.html.tr.utf8 [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/quickreference.html.tr.utf8 [utf-8] Tue Oct
 7 08:07:57 2008
@@ -721,7 +721,7 @@
 <tr class="odd"><td><a href="mpm_common.html#startthreads">StartThreads
<var>sayı</var></a></td><td></td><td>s</td><td>M</td></tr><tr
class="odd"><td class="descr" colspan="4">Sunucunun başlatılması sırasında oluşturulan
evrelerin sayısını
   belirler.</td></tr>
 <tr><td><a href="mod_substitute.html#substitute">Substitute <var>s/pattern/substitution/[infq]</var></a></td><td></td><td>dh</td><td>E</td></tr><tr><td
class="descr" colspan="4">Pattern to filter the response content</td></tr>
-<tr class="odd"><td><a href="mod_suexec.html#suexecusergroup">SuexecUserGroup
<em>User Group</em></a></td><td></td><td>sk</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">User and group permissions for CGI programs</td></tr>
+<tr class="odd"><td><a href="mod_suexec.html#suexecusergroup">SuexecUserGroup
<em>User Group</em></a></td><td></td><td>sk</td><td>E</td></tr><tr
class="odd"><td class="descr" colspan="4">User and group for CGI programs to run
as</td></tr>
 <tr><td><a href="mpm_common.html#threadlimit" id="T" name="T">ThreadLimit
<var>sayı</var></a></td><td></td><td>s</td><td>M</td></tr><tr><td
class="descr" colspan="4">Çocuk süreç başına ayarlanabilir evre sayısının üst
sınırını
   belirler.</td></tr>
 <tr class="odd"><td><a href="mpm_common.html#threadsperchild">ThreadsPerChild
<var>sayı</var></a></td><td></td><td>s</td><td>M</td></tr><tr
class="odd"><td class="descr" colspan="4">Her çocuk süreç tarafından oluşturulan
evrelerin sayısını

Modified: httpd/httpd/branches/2.2.x/docs/manual/suexec.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/suexec.html.en?rev=702508&r1=702507&r2=702508&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/suexec.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/suexec.html.en Tue Oct  7 08:07:57 2008
@@ -125,7 +125,7 @@
     <ol>
       <li>
         <strong>Is the user executing this wrapper a valid user of
-        this system?</strong> 
+        this system?</strong>
 
         <p class="indent">
           This is to ensure that the user executing the wrapper is
@@ -135,7 +135,7 @@
 
      <li>
         <strong>Was the wrapper called with the proper number of
-        arguments?</strong> 
+        arguments?</strong>
 
         <p class="indent">
           The wrapper will only execute if it is given the proper
@@ -149,7 +149,7 @@
 
       <li>
         <strong>Is this valid user allowed to run the
-        wrapper?</strong> 
+        wrapper?</strong>
 
         <p class="indent">
           Is this user the user allowed to run this wrapper? Only
@@ -160,7 +160,7 @@
 
       <li>
         <strong>Does the target CGI or SSI program have an unsafe
-        hierarchical reference?</strong> 
+        hierarchical reference?</strong>
 
         <p class="indent">
           Does the target CGI or SSI program's path contain a leading
@@ -172,7 +172,7 @@
       </li>
 
       <li>
-        <strong>Is the target user name valid?</strong> 
+        <strong>Is the target user name valid?</strong>
 
         <p class="indent">
           Does the target user exist?
@@ -180,7 +180,7 @@
       </li>
 
       <li>
-        <strong>Is the target group name valid?</strong> 
+        <strong>Is the target group name valid?</strong>
 
         <p class="indent">
           Does the target group exist?
@@ -199,7 +199,7 @@
 
       <li>
         <strong>Is the target userid <em>ABOVE</em> the minimum ID
-        number?</strong> 
+        number?</strong>
 
         <p class="indent">
           The minimum user ID number is specified during
@@ -211,7 +211,7 @@
 
       <li>
         <strong>Is the target group <em>NOT</em> the superuser
-        group?</strong> 
+        group?</strong>
 
         <p class="indent">
           Presently, suEXEC does not allow the <code><em>root</em></code>
@@ -221,7 +221,7 @@
 
       <li>
         <strong>Is the target groupid <em>ABOVE</em> the minimum ID
-        number?</strong> 
+        number?</strong>
 
         <p class="indent">
           The minimum group ID number is specified during
@@ -233,7 +233,7 @@
 
       <li>
         <strong>Can the wrapper successfully become the target user
-        and group?</strong> 
+        and group?</strong>
 
         <p class="indent">
           Here is where the program becomes the target user and
@@ -255,12 +255,12 @@
 
       <li>
         <strong>Is the directory within the Apache
-        webspace?</strong> 
+        webspace?</strong>
 
         <p class="indent">
           If the request is for a regular portion of the server, is
           the requested directory within suEXEC's document root? If
-          the request is for a UserDir, is the requested directory
+          the request is for a <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>,
is the requested directory
           within the directory configured as suEXEC's userdir (see
           <a href="#install">suEXEC's configuration options</a>)?
         </p>
@@ -268,7 +268,7 @@
 
       <li>
         <strong>Is the directory <em>NOT</em> writable by anyone
-        else?</strong> 
+        else?</strong>
 
         <p class="indent">
           We don't want to open up the directory to others; only
@@ -278,7 +278,7 @@
       </li>
 
       <li>
-        <strong>Does the target CGI/SSI program exist?</strong> 
+        <strong>Does the target CGI/SSI program exist?</strong>
 
         <p class="indent">
           If it doesn't exists, it can't very well be executed.
@@ -287,7 +287,7 @@
 
       <li>
         <strong>Is the target CGI/SSI program <em>NOT</em> writable
-        by anyone else?</strong> 
+        by anyone else?</strong>
 
         <p class="indent">
           We don't want to give anyone other than the owner the
@@ -297,7 +297,7 @@
 
       <li>
         <strong>Is the target CGI/SSI program <em>NOT</em> setuid or
-        setgid?</strong> 
+        setgid?</strong>
 
         <p class="indent">
           We do not want to execute programs that will then change
@@ -307,7 +307,7 @@
 
       <li>
         <strong>Is the target user/group the same as the program's
-        user/group?</strong> 
+        user/group?</strong>
 
         <p class="indent">
           Is the user the owner of the file?
@@ -316,7 +316,7 @@
 
       <li>
         <strong>Can we successfully clean the process environment
-        to ensure safe operations?</strong> 
+        to ensure safe operations?</strong>
 
         <p class="indent">
           suEXEC cleans the process' environment by establishing a
@@ -329,7 +329,7 @@
 
       <li>
         <strong>Can we successfully become the target CGI/SSI program
-        and execute?</strong> 
+        and execute?</strong>
 
         <p class="indent">
           Here is where suEXEC ends and the target CGI/SSI program begins.
@@ -387,13 +387,13 @@
       directories where suEXEC access should be allowed. All
       executables under this directory will be executable by suEXEC
       as the user so they should be "safe" programs. If you are
-      using a "simple" UserDir directive (ie. one without a "*" in
-      it) this should be set to the same value. suEXEC will not
-      work properly in cases where the UserDir directive points to
+      using a "simple" <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>
+      directive (ie. one without a "*" in it) this should be set to the same
+      value. suEXEC will not work properly in cases where the <code class="directive"><a
href="./mod/mod_userdir.html#userdir">UserDir</a></code> directive points to
       a location that is not the same as the user's home directory
-      as referenced in the passwd file. Default value is
-      "public_html".<br />
-       If you have virtual hosts with a different UserDir for each,
+      as referenced in the <code>passwd</code> file. Default value is
+      "<code>public_html</code>".<br />
+      If you have virtual hosts with a different <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>
for each,
       you will need to define them to all reside in one parent
       directory; then name that parent directory here. <strong>If
       this is not defined properly, "~userdir" cgi requests will
@@ -402,12 +402,12 @@
       <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
 
       <dd>Define as the DocumentRoot set for Apache. This will be
-      the only hierarchy (aside from UserDirs) that can be used for
-      suEXEC behavior. The default directory is the <code>--datadir</code>
-      value with the suffix "/htdocs", <em>e.g.</em> if you configure
-      with "<code>--datadir=/home/apache</code>" the directory
-      "/home/apache/htdocs" is used as document root for the suEXEC
-      wrapper.</dd>
+      the only hierarchy (aside from <code class="directive"><a href="./mod/mod_userdir.html#userdir">UserDir</a></code>s)
that can be used for suEXEC behavior. The
+      default directory is the <code>--datadir</code> value with the suffix
+      "<code>/htdocs</code>", <em>e.g.</em> if you configure with
+      "<code>--datadir=/home/apache</code>" the directory
+      "<code>/home/apache/htdocs</code>" is used as document root for the
+      suEXEC wrapper.</dd>
 
       <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
 
@@ -426,61 +426,68 @@
       <dd>This defines the filename to which all suEXEC
       transactions and errors are logged (useful for auditing and
       debugging purposes). By default the logfile is named
-      "suexec_log" and located in your standard logfile directory
-      (<code>--logfiledir</code>).</dd>
+      "<code>suexec_log</code>" and located in your standard logfile
+      directory (<code>--logfiledir</code>).</dd>
 
       <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
 
       <dd>Define a safe PATH environment to pass to CGI
       executables. Default value is
-      "/usr/local/bin:/usr/bin:/bin".</dd>
+      "<code>/usr/local/bin:/usr/bin:/bin</code>".</dd>
     </dl>
 
-    <p><strong>Compiling and installing the suEXEC
-    wrapper</strong><br />
-     If you have enabled the suEXEC feature with the
-    <code>--enable-suexec</code> option the <code>suexec</code> binary
-    (together with Apache itself) is automatically built if you execute
-    the <code>make</code> command.<br />
-     After all components have been built you can execute the
-    command <code>make install</code> to install them. The binary image
-    <code>suexec</code> is installed in the directory defined by the
-    <code>--sbindir</code> option. The default location is
-    "/usr/local/apache2/bin/suexec".<br />
-     Please note that you need <strong><em>root
-    privileges</em></strong> for the installation step. In order
-    for the wrapper to set the user ID, it must be installed as
-    owner <code><em>root</em></code> and must have the setuserid
-    execution bit set for file modes.</p>
-
-    <p><strong>Setting paranoid permissions</strong><br />
-    Although the suEXEC wrapper will check to ensure that its
-    caller is the correct user as specified with the
-    <code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
-    option, there is
-    always the possibility that a system or library call suEXEC uses
-    before this check may be exploitable on your system. To counter
-    this, and because it is best-practise in general, you should use 
-    filesystem permissions to ensure that only the group Apache 
-    runs as may execute suEXEC.</p>
+    <h3>Compiling and installing the suEXEC wrapper</h3>
+      
 
-    <p>If for example, your web server is configured to run as:</p>
-
-<div class="example"><p><code>
-    User www<br />
-    Group webgroup<br />
-</code></p></div>
-
-    <p>and <code class="program"><a href="./programs/suexec.html">suexec</a></code>
is installed at
-    "/usr/local/apache2/bin/suexec", you should run:</p>
-
-<div class="example"><p><code>
-    chgrp webgroup /usr/local/apache2/bin/suexec<br />
-    chmod 4750 /usr/local/apache2/bin/suexec<br />
-</code></p></div>
-
-    <p>This will ensure that only the group Apache runs as can even
-    execute the suEXEC wrapper.</p>
+      <p>If you have enabled the suEXEC feature with the
+      <code>--enable-suexec</code> option the <code>suexec</code>
binary
+      (together with Apache itself) is automatically built if you execute
+      the <code>make</code> command.</p>
+
+      <p>After all components have been built you can execute the
+      command <code>make install</code> to install them. The binary image
+      <code>suexec</code> is installed in the directory defined by the
+      <code>--sbindir</code> option. The default location is
+      "/usr/local/apache2/bin/suexec".</p>
+
+      <p>Please note that you need <strong><em>root
+      privileges</em></strong> for the installation step. In order
+      for the wrapper to set the user ID, it must be installed as
+      owner <code><em>root</em></code> and must have the setuserid
+      execution bit set for file modes.</p>
+    
+
+    <h3>Setting paranoid permissions</h3>
+      
+
+      <p>Although the suEXEC wrapper will check to ensure that its
+      caller is the correct user as specified with the
+      <code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
+      option, there is
+      always the possibility that a system or library call suEXEC uses
+      before this check may be exploitable on your system. To counter
+      this, and because it is best-practise in general, you should use
+      filesystem permissions to ensure that only the group Apache
+      runs as may execute suEXEC.</p>
+
+      <p>If for example, your web server is configured to run as:</p>
+
+      <div class="example"><p><code>
+          User www<br />
+          Group webgroup<br />
+      </code></p></div>
+
+      <p>and <code class="program"><a href="./programs/suexec.html">suexec</a></code>
is installed at
+      "/usr/local/apache2/bin/suexec", you should run:</p>
+
+      <div class="example"><p><code>
+          chgrp webgroup /usr/local/apache2/bin/suexec<br />
+          chmod 4750 /usr/local/apache2/bin/suexec<br />
+      </code></p></div>
+
+      <p>This will ensure that only the group Apache runs as can even
+      execute the suEXEC wrapper.</p>
+    
 </div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif"
/></a></div>
 <div class="section">
 <h2><a name="enable" id="enable">Enabling &amp; Disabling
@@ -560,7 +567,7 @@
       <li><strong>suEXEC Points Of Interest</strong></li>
 
       <li>
-        Hierarchy limitations 
+        Hierarchy limitations
 
         <p class="indent">
           For security and efficiency reasons, all suEXEC requests
@@ -575,7 +582,7 @@
       </li>
 
       <li>
-        suEXEC's PATH environment variable 
+        suEXEC's PATH environment variable
 
         <p class="indent">
           This can be a dangerous thing to change. Make certain
@@ -587,7 +594,7 @@
       </li>
 
       <li>
-        Altering the suEXEC code 
+        Altering the suEXEC code
 
         <p class="indent">
           Again, this can cause <strong>Big Trouble</strong> if you

Modified: httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ja
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ja?rev=702508&r1=702507&r2=702508&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ja [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ja [utf-8] Tue Oct  7 08:07:57 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?>
-<!-- English Revision: 421100:655872 (outdated) -->
+<!-- English Revision: 421100:698390 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ko
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ko?rev=702508&r1=702507&r2=702508&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ko [euc-kr] (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/suexec.xml.ko [euc-kr] Tue Oct  7 08:07:57 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="EUC-KR" ?>
 <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
-<!-- English Revision: 105989:655872 (outdated) -->
+<!-- English Revision: 105989:698390 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more



Mime
View raw message