httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Lamb <sl...@slamb.org>
Subject Re: [users@httpd] i'am to stupid to configure suexec
Date Sun, 29 Sep 2002 18:49:50 GMT
Jochen K├Ąchelin wrote:
> --enable-suexec \
> --with-suexec-caller=99 \

Looking again at the documentation, I think this line should be 
"--with-suexec-caller=#99" (mind shell escaping when typing it; maybe \# 
actually) or "--with-suexec-caller=nobody". It wants a username, unlike 
the other two below.

> --with-suexec-docroot=/www \
> --with-suexec-uidmin=500 \
> --with-suexec-gidmin=500

Weird that suexec is just running with the original permissions. Have 
you looked in suexec_log?

Also, I believe this security model works best if you give Apache its 
own user and don't let anything else run for it. So its a little 
bothersome that you said "nobody", not "apache". You might consider 
changing that, though it's not what's causing your immediate problem.

Scott


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message