On Thu, Nov 4, 2010 at 6:16 AM, Paul Howarth <[email protected]> wrote: > On 22/10/10 13:35, Jeff Trawick wrote: >> >> On Fri, Oct 22, 2010 at 5:32 AM, Erik Wasser<[email protected]> >> wrote: >>> >>> I've added an extra option to mod_fcgid to turn off the suexec stuff. >>> It's >>> useful if you want to run the apache as non-root user and you need the >>> speed >>> of mod_fcgid. >>> >>> The default value is - of course - 0. The configuration line is very >>> simple: >>> >>> [...Other Fcgid options...] >>> FcgidDisableSuexecCheck 1 >>> [...] >> >> This should just work out of the box. We need to check if mod_fcgid >> is behaving differently than other modules (e.g., mod_cgid), or if >> general behavior is just busted. I'll try to look into this "soon" >> unless someone else reports back. > > Not being able to turn off suexec in mod_fcgid has been a long-standing > issue in Fdora: > > https://bugzilla.redhat.com/show_bug.cgi?id=523903 > > Is there any chance of Erik's patch or something similar being in the > upcoming release?
The one rolled today? No. (But we should have more frequent releases anyway.) IMO this goes in mod_unixd (trunk) or os/unix/unixd.c (older releases) to override the usual suexec enablement. Something like Suexec On # startup fails if suexec isn't usable Suexec Off # suexec disabled even if usable (I suspect some small trick is needed with this since, at least in trunk, the determination is made in a pre-config hook. Is that what EXEC_ON_READ is for? Maybe there are other surprises.)
