httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject svn commit: r1342078 - in /httpd/httpd/trunk/docs/manual: suexec.html.en suexec.xml
Date Wed, 23 May 2012 22:29:03 GMT
Author: jorton
Date: Wed May 23 22:29:03 2012
New Revision: 1342078

URL: http://svn.apache.org/viewvc?rev=1342078&view=rev
Log:
* docs/manual/: Commit XML for suexec changes + re-transform; thanks to nd@.

Modified:
    httpd/httpd/trunk/docs/manual/suexec.html.en
    httpd/httpd/trunk/docs/manual/suexec.xml

Modified: httpd/httpd/trunk/docs/manual/suexec.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/suexec.html.en?rev=1342078&r1=1342077&r2=1342078&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/suexec.html.en (original)
+++ httpd/httpd/trunk/docs/manual/suexec.html.en Wed May 23 22:29:03 2012
@@ -665,4 +665,4 @@ if (typeof(prettyPrint) !== 'undefined')
     prettyPrint();
 }
 //--><!]]></script>
-</body></html>
+</body></html>
\ No newline at end of file

Modified: httpd/httpd/trunk/docs/manual/suexec.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/suexec.xml?rev=1342078&r1=1342077&r2=1342078&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/suexec.xml (original)
+++ httpd/httpd/trunk/docs/manual/suexec.xml Wed May 23 22:29:03 2012
@@ -359,6 +359,21 @@
       together with the <code>--enable-suexec</code> option to let
       APACI accept your request for using the suEXEC feature.</dd>
 
+      <dt><code>--enable-suexec-capabilities</code></dt>
+
+      <dd><strong>Linux specific:</strong> Normally,
+      the <code>suexec</code> binary is installed "setuid/setgid
+      root", which allows it to run with the full privileges of the
+      root user.  If this option is used, the <code>suexec</code>
+      binary will instead be installed with only the setuid/setgid
+      "capability" bits set, which is the subset of full root
+      priviliges required for suexec operation.  Note that
+      the <code>suexec</code> binary may not be able to write to a log
+      file in this mode; it is recommended that the
+      <code>--with-suexec-syslog --without-suexec-logfile</code>
+      options are used in conjunction with this mode, so that syslog
+      logging is used instead.</dd>
+
       <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
 
       <dd>The path to the <code>suexec</code> binary must be hard-coded
@@ -423,6 +438,12 @@
       "<code>suexec_log</code>" and located in your standard logfile
       directory (<code>--logfiledir</code>).</dd>
 
+      <dt><code>--with-suexec-syslog</code></dt>
+
+      <dd>If defined, suexec will log notices and errors to syslog
+      instead of a logfile.  This option must be combined
+      with <code>--without-suexec-logfile</code>.</dd>
+
       <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
 
       <dd>Define a safe PATH environment to pass to CGI
@@ -544,9 +565,12 @@ Group webgroup
 
     <p>The suEXEC wrapper will write log information
     to the file defined with the <code>--with-suexec-logfile</code>
-    option as indicated above. If you feel you have configured and
-    installed the wrapper properly, have a look at this log and the
-    error_log for the server to see where you may have gone astray.</p>
+    option as indicated above, or to syslog if <code>--with-suexec-syslog</code>
+    is used. If you feel you have configured and
+    installed the wrapper properly, have a look at the log and the
+    error_log for the server to see where you may have gone astray. 
+    The output of <code>"suexec -V"</code> will show the options
+    used to compile suexec, if using a binary distribution.</p>
 
 </section>
 



Mime
View raw message