httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Heller" <>
Subject Re: [users@httpd] "--enable-mods-shared=all" configure question...
Date Wed, 10 Dec 2003 16:42:29 GMT

In message <>, Joshua Slive wr
>On Wed, 10 Dec 2003, Robert Heller wrote:
>> There does seem to be a weirdness with the
>> suexec_module.  It appears that when it is compiled as a module and you
>> want to enable suexec for userdir CGI scripts.  Even if you load the
>> suexec *before* all other modules, suexec is NOT enabled for userdir CGI
>> scripts.
>Although I haven't tested it myself, I'd guess that's not the problem.
>More likely you are missing other pieces in the suexec setup.  Suexec
>requires not only mod_suexec, but also the suexec binary, which has its
>own ./configure options.  Check the suexec docs.

ALL of this is set up:

         --enable-suexec --with-suexec \
         --with-suexec-caller=%{suexec_caller} \
         --with-suexec-docroot=%{contentdir} \
         --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
         --with-suexec-bin=%{_sbindir}/suexec \
         --with-suexec-uidmin=500 --with-suexec-gidmin=100 \

There is a properly built and installed suexec binary and
SuexecUserGroup does in fact enable suexec, but (as has been pointed
out elsewhere!) a SuexecUserGroup configuation option, is NOT the right
thing for *userdir* CGI scripts -- SuexecUserGroup is only for
VirtualHosts.  It *definitely* appears that although suexec is enabled
(and with a LoadModule for the suexec module httpd is seeing the suexec
binary, as seen in the error_log), that userdir CGI scripts are NOT
being run with suexec -- they are being forked *directly* from httpd,
and have the UID httpd is running as.  I am not a total idiot!

What does NOT help is the problem with "--enable-mods-shared=all", which
makes it hard to test.  It looks like I might have to not use shared
modules at all, which would be both dumb and a serious bummer.

Robert Heller                        ||InterNet:  ||                /\FidoNet:    1:321/153

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message