httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: [users@httpd] newbie suexec quandary
Date Sun, 07 Dec 2003 09:54:29 GMT
* Marty Landman <MLandman@face2interface.com> wrote:

> I've got Apache 2.0.48 running on FreeBSD 4.8 RELEASE and have been porting 
> over a web application of mine. The most recent problem is that the app 
> which is written in Perl 5 running as a CGI doesn't always have permission 
> to write files to directories.
> 
> My understanding is this is a known problem because cgi's run as the id 
> that owns httpd which in my case is www; and that suexec is designed to let 
> a cgi run as the id that owns the script so that it has the appropriate 
> access for what it's doing.
> 
> Assuming I'm right so far,

Yep. (Hope you've read <http://httpd.apache.org/docs-2.0/suexec.html>)

> here's what I just went through:

You're encoutering two problems:

> #httpd -l

1st: you're looking for httpd in path. The default install (from vanilla) goes
into /usr/local/apache2. You might use either the --prefix option to
configure or --enable-layout=FreeBSD if it matches for you. (It's defined in
the config.layout file, you can "grep" for a particular layout, e.g. with:

$ perl -ne '/FreeBSD/../<\// and print' config.layout

See
http://httpd.apache.org/docs-2.0/programs/configure.html#installationdirectories
for further details.

> Compiled in modules:
>    core.c
>    prefork.c
>    http_core.c
>    mod_so.c
> 
> #cd /tmp/httpd-2.0.48
> #./configure --enable-suexec --with-suexec-bin=/usr/local/sbin 
> --with-suexec-docroot=/mnt/web/guide
> #make
> #make install

After that there should be suexec compiled in (please check out the other
suexec options as well during the next try :-). See
<http://httpd.apache.org/docs-2.0/programs/configure.html#suexec>.

After startup the right httpd, it should be written into the errorlog at
startup that suexec is enabled. To actually use it, you need to specify for
each virtualhost which is supposed to run CGIs as a different user the
particular user and group with the following directive:
<http://httpd.apache.org/docs-2.0/mod/mod_suexec.html#suexecusergroup>

nd

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message