httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Kaechelin ...@wa-p.de>
Subject SUExec running correct
Date Mon, 24 Jun 2002 13:04:44 GMT
I just compiled 1.3.26 with 

./configure --prefix=/usr/local/apache \
--activate-module=src/modules/php4/libphp4.a \
--activate-module=src/modules/fastcgi/mod_fastcgi.a \
--activate-module=src/modules/python/libpython.a \
--activate-module=src/modules/perl/libperl.a \
--enable-suexec \
--suexec-docroot=/www \
--suexec-caller=nobody

and everything is working fine.

/usr/local/apache/bin/httpd -l show the following:

  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_access.c
  mod_auth.c
  mod_setenvif.c
  mod_php4.c
  mod_fastcgi.c
  mod_python.c
  mod_perl.c

suexec: enabled; valid wrapper /usr/local/apache/bin/suexec

How can I check if suexec is installed, so that there are no 
security holes remaining? Some Scripts?

Apache runs as nobody.nobody!
When I start a php-Script apache executes the script with it's 
username und group, correct?

When I set a <VirtualHost> container:

<VirtualHost>
	...
	User jochen
	Group jochen
	....
</VirtualHost>

the php-script should run with user jochen and group jochen, 
correct?

In the error_log I find something like:

[Mon Jun 24 12:57:17 2002] [notice] Apache/1.3.26 (Unix) 
mod_perl/1.27 mod_python/2.7.8 Python/2.1 mod_fastcgi/2.2.12 
PHP/4.2.1
 configured -- resuming normal operations
[Mon Jun 24 12:57:17 2002] [notice] suEXEC mechanism enabled 
(wrapper: /usr/local/apache/bin/suexec)
[Mon Jun 24 12:57:17 2002] [notice] Accept mutex: sysvsem (Default: 
sysvsem)

Is everything ok, or are there still some security-holes?

-- 
Jochen K├Ąchelin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message