Hello, As one of the mereged suexec bug reports sugests a set of alternative suexec's with diferent doc_roots might be the ultimate solution...
In fact I've just had a thought as I write this. The apache2-common continues to contain the standard suexec but another package lets call it "apache2-alt-suexec" could contain an alternative suexec (which is put into place using dpkg-divert) and is modified to read the docroot and other compile time settings from a config file under /etc/. Anyway the pragmatic way to proceed at the moment would seem to be use: dpkg-divert --divert /usr/lib/apache2/suexec.debian --rename /usr/lib/apache2/suexec to move apache2-common's suexec out of the way and then replace it with my own suexec compiled from the debian source. The "patch" is a suggestion and request to add a few lines to the debian/rules to make it simple for me and other admin to rebuild suexec to our own tastes without having to rebuild all the apache packages. For the time being I have implemented this as a makefile which includes debian/rules but ultimatly it could be added(merged into) to the debian rules file. Anyway the file surules is atached. It can be used as follows: apt-get source apache2 cd apache2-* #copy attached file to debian/surules #build my suexec ./debian/surules suexec SUEXEC_USERDIR=/my/prefered/doc/root #divert installed suexec sudo dpkg-divert --divert /usr/lib/apache2/suexec.debian --rename /usr/lib/apache2/suexec sudo cp debian/build-tree/suexec/support/suexec /usr/lib/apache2/suexec sudo chown root: /usr/lib/apache2/suexec sudo chmod 4755 /usr/lib/apache2/suexec Remember the divert will mean that the custom suexec will not be clobbered on package upgrades... however you may want/need to repeat the procedure (minus the call to dpkg-divert) to rebuild and reinstall the custom suexec to keep suexec in step with the rest of the apache software. Regards... And hope that surules or something like it one day makes it into the debian source package?!? Alex Owen
surules
Description: Binary data