httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1070639 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS docs/manual/mod/core.xml docs/manual/mod/mod_suexec.xml os/unix/unixd.c os/unix/unixd.h server/core.c
Date Mon, 14 Feb 2011 20:18:20 GMT
Author: trawick
Date: Mon Feb 14 20:18:20 2011
New Revision: 1070639

URL: http://svn.apache.org/viewvc?rev=1070639&view=rev
Log:
backport from trunk r1033519:

*) suEXEC: Add Suexec directive to disable suEXEC without renaming the
   binary (Suexec Off), or force startup failure if suEXEC is required
   but not supported (Suexec On).

Submitted by: trawick
Reviewed by: covener, wrowe

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_suexec.xml
    httpd/httpd/branches/2.2.x/os/unix/unixd.c
    httpd/httpd/branches/2.2.x/os/unix/unixd.h
    httpd/httpd/branches/2.2.x/server/core.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Feb 14 20:18:20 2011
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.18
 
+  *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
+     binary (Suexec Off), or force startup failure if suEXEC is required
+     but not supported (Suexec On).  [Jeff Trawick]
+ 
   *) mod_proxy: Put the worker in error state if the SSL handshake with the
      backend fails. PR 50332.
      [Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Mon Feb 14 20:18:20 2011
@@ -90,18 +90,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * suEXEC: Add Suexec directive to disable suEXEC without renaming the
-     binary (Suexec Off), or force startup failure if suEXEC is required
-     but not supported (Suexec On).
-     Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1033519
-     Simpler 2.2.x patch: http://people.apache.org/~trawick/suexec-2.2.txt
-       (unlike trunk, a) doesn't cause startup to fail if SuexecUserGroup
-       coded but suEXEC disabled, and b) doesn't add field to unixd structure
-       with reason string for why suEXEC is disabled)
-     Plz consider where doc for directive should go.  Patch has it in core, as
-     enabling/disabling the basic capability is not split out into mod_unixd 2.2.x.
-     +1: trawick, covener, wrowe
-
   * mod_authn_file: Log friendly error message if AuthUserFile is not set.
       Trunk version of patch:
          http://svn.apache.org/viewcvs.cgi?rev=1070096&view=rev

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml Mon Feb 14 20:18:20 2011
@@ -3257,6 +3257,23 @@ server</description>
 </directivesynopsis>
 
 <directivesynopsis>
+<name>Suexec</name>
+<description>Enable or disable the suEXEC feature</description>
+<syntax>Suexec On|Off</syntax>
+<default>On if suexec binary exists with proper owner and mode,
+Off otherwise</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>Available in Apache httpd 2.2.18 and later</compatibility>
+
+<usage>
+    <p>When On, startup will fail if the suexec binary doesn't exist
+    or has an invalid owner or file mode.</p>
+    <p>When Off, suEXEC will be disabled even if the suexec binary exists
+    and has a valid owner and file mode.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
 <name>TimeOut</name>
 <description>Amount of time the server will wait for
 certain events before failing a request</description>

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_suexec.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_suexec.xml?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_suexec.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_suexec.xml Mon Feb 14 20:18:20 2011
@@ -63,7 +63,7 @@ later.</compatibility>
     </example>
 
 </usage>
-
+<seealso><directive module="core">Suexec</directive></seealso>
 </directivesynopsis>
 </modulesynopsis>
 

Modified: httpd/httpd/branches/2.2.x/os/unix/unixd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/os/unix/unixd.c?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/os/unix/unixd.c (original)
+++ httpd/httpd/branches/2.2.x/os/unix/unixd.c Mon Feb 14 20:18:20 2011
@@ -237,6 +237,23 @@ AP_DECLARE(const char *) unixd_set_chroo
     return NULL;
 }
 
+AP_DECLARE(const char *) unixd_set_suexec(cmd_parms *cmd, void *dummy,
+                                          int arg)
+{
+    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    if (err != NULL) {
+        return err;
+    }
+
+    if (!unixd_config.suexec_enabled && arg) {
+        return "suEXEC isn't supported; check existence, owner, and "
+               "file mode of " SUEXEC_BIN;
+    }
+
+    unixd_config.suexec_enabled = arg;
+    return NULL;
+}
+
 AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
 {
     apr_finfo_t wrapper;

Modified: httpd/httpd/branches/2.2.x/os/unix/unixd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/os/unix/unixd.h?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/os/unix/unixd.h (original)
+++ httpd/httpd/branches/2.2.x/os/unix/unixd.h Mon Feb 14 20:18:20 2011
@@ -90,6 +90,9 @@ AP_DECLARE(void) unixd_set_rlimit(cmd_pa
                            const char *arg, const char * arg2, int type);
 #endif
 
+AP_DECLARE(const char *) unixd_set_suexec(cmd_parms *cmd, void *dummy, 
+                                          int arg);
+
 /**
  * One of the functions to set mutex permissions should be called in
  * the parent process on platforms that switch identity when the 

Modified: httpd/httpd/branches/2.2.x/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core.c?rev=1070639&r1=1070638&r2=1070639&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/core.c (original)
+++ httpd/httpd/branches/2.2.x/server/core.c Mon Feb 14 20:18:20 2011
@@ -3483,6 +3483,10 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_
 #endif
 AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
               "'on' (default), 'off' or 'extended' to trace request body content"),
+#ifdef SUEXEC_BIN
+AP_INIT_FLAG("Suexec", unixd_set_suexec, NULL, RSRC_CONF,
+             "Enable or disable suEXEC support"),
+#endif
 { NULL }
 };
 



Mime
View raw message