httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Removing General Host Config From httpd.conf
Date Thu, 22 May 2003 17:02:18 GMT

On Thu, 22 May 2003, Joseph A Nagy Jr wrote:

> suexec: enabled; valid wrapper /usr/sbin/suexec; extra mod's installed

> BTW, any way to disable suexec? I'd rather not have it enabled (and
> can't believe it's enabled by default!) without having to just compile
> from source?

Sure, just remove the execute and/or setuid bits on /usr/sbin/suexec and
then restart apache.

As far as your original question goes, there is no way to answer it
completely, but it is not something I recommend.  The "server-wide" config
(the stuff outside any <virtualhost> block) serves as the default config
that can then be overriden inside the the virtual host.  The best
technique is to set the server-wide config to something as restrictive as
possible, then unrestrict it where needed for the virtual hosts.  Just
removing everything in the server-wide config is not a good idea, because
then apache will fall back on its defaults.  These defaults are there for
backward compatibility, and are not always the most secure settings.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message