cvs commit: apache-1.3/htdocs/manual suexec.html

[lars]

lars98/11/12 12:10:52

  Modified:htdocs/manual suexec.html
  Log:
  Finalize my suEXEC/APACI patch...
  
  This is a temporary version. I'll update the paths later based
  on what we decide regarding the APACI default paths.
  
  (Any native english speaker is welcome to proofread the text. :-))
  
  Revision  ChangesPath
  1.22  +133 -161  apache-1.3/htdocs/manual/suexec.html
  
  Index: suexec.html
  ===
  RCS file: /export/home/cvs/apache-1.3/htdocs/manual/suexec.html,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- suexec.html   1998/09/17 14:52:01 1.21
  +++ suexec.html   1998/11/12 20:10:52 1.22
  @@ -23,6 +23,7 @@
   suEXEC Security Model.
   Configuring & Installing suEXEC
   Enabling & Disabling suEXEC
  +Using suEXEC
   Debugging suEXEC
   Beware the Jabberwock: Warnings &
Examples
  @@ -281,7 +282,7 @@
   For more information as to how this security model can limit your 
possibilities
   in regards to server configuration, as well as what security risks can be
   avoided with a proper suEXEC setup, see the 
  -"Beware the Jabberwock"
  +"Beware the Jabberwock"
   section of this document.
   
   
  @@ -291,188 +292,159 @@
   
   Configuring & Installing suEXEC
   
  -Here's where we begin the fun.  The configuration and installation of suEXEC 
is
  -a four step process: edit the suEXEC header file, compile suEXEC, place the
  -suEXEC binary in its proper location, and configure Apache for use with 
suEXEC.
  -
  -
  -
  -EDITING THE SUEXEC HEADER FILE
  -- From the top-level of the Apache source tree, type:  
  -cd support [ENTER]
  -
  -
  -
  -Edit the suexec.h file and change the following macros to
  -match your local Apache installation.
  -
  -
  -
  -From support/suexec.h
  +Here's where we begin the fun. If you use Apache 1.2 or prefer to configure
  +Apache 1.3 with the "src/Configure" script you have to edit
  +the suEXEC header file and install the binary in its proper location
  +manually. This procedure is described in an
  +extra document.
  +The following sections describe the configuration and installation
  +for Apache 1.3 with the AutoConf-style interface (APACI).
  +
  +
  +
  +APACI's suEXEC configuration options
  +
  +--enable-suexec
  +This option enables the suEXEC feature which is never installed or
  +activated by default. At least one --suexec-x option has to be
  +provided together with the --enable-suexec option to let APACI
  +accept your request for using the suEXEC feature.
  +--suexec-caller=UID
  +The username under which
  +Apache normally runs.
  +This is the only user allowed to execute this program.
  +--suexec-docroot=DIR
  +Define as the DocumentRoot set for Apache.
  +This will be the only hierarchy (aside from UserDirs)
  +that can be used for suEXEC behavior.
  +The default directory is the --datadir value with 
  +the suffix "/htdocs", e.g. if you configure with
  +"--datadir=/home/apache" the directory
  +"/home/apache/htdocs" is used as document root for
  +the suEXEC wrapper.
  +--suexec-logfile=FILE
  +This defines the filename to which all suEXEC transactions and
  +errors are logged (useful for auditing and debugging purposes).
  +By default the logfile is named "suexec_log" and located in your
  +standard logfile directory (--logfiledir).
  +--suexec-userdir=DIR
  +Define to be the subdirectory under users'
  +home directories where suEXEC access should
  +be allowed.  All executables under this directory
  +will be executable by suEXEC as the user so
  +they should be "safe" programs.  If you are
  +using a "simple" UserDir directive (ie. one
  +without a "*" in it) this should be set to
  +the same value.  suEXEC will not work properly
  +in cases where the UserDir directive points to
  +a location that is not the same as the user's
  +home directory as referenced in the passwd file.
  +Default value is "public_html".
  +
  +If you have virtual hosts with a different
  +UserDir for each, you will need to define them to
  +all reside in one parent directory; then name that
  +parent directory here.  If this is not defined
  +properly, "~userdir" cgi requests will not work!
  +--suexec-uidmin=UID
  +Define this as the lowest UID allowed to be a target user
  +for suEXEC.  For most systems, 500 or 100 is common.
  +Default value is 100.
  +--suexec-gidmin=GID
  +Define this as the lowest GID allowed to be a target group
  +for suEXEC. For most systems, 100 is common and therefore
  +used as default value.
  +--suexec-safepath=PATH
  +Define a safe PATH environment to pass to CGI executables.
  +Default value is "/usr/local/bin:/usr/bin:/bin".
  +
  +
  +
  +
  +Checking your suEXEC setup
  +Before you c

cvs commit: apache-1.3/htdocs/manual suexec.html

[martin]

martin  98/07/30 09:42:48

  Modified:htdocs/manual suexec.html
  Log:
  Corrected the path to src/include/httpd.h, as suggested by
  Brian Reichert <[EMAIL PROTECTED]>
  
  PR: 2359
  Submitted by: Brian Reichert <[EMAIL PROTECTED]>
  
  Revision  ChangesPath
  1.20  +10 -6 apache-1.3/htdocs/manual/suexec.html
  
  Index: suexec.html
  ===
  RCS file: /home/cvs/apache-1.3/htdocs/manual/suexec.html,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -u -r1.19 -r1.20
  --- suexec.html   1998/07/18 21:43:13 1.19
  +++ suexec.html   1998/07/30 16:42:47 1.20
  @@ -389,18 +389,22 @@
   
   
   
  -From src/httpd.h
  +From src/include/httpd.h
   
  - /* The path to the suEXEC wrapper */
  - #define SUEXEC_BIN "/usr/local/apache/sbin/suexec"
  + /* The path to the suExec wrapper, can be overridden in Configuration */
  + #ifndef SUEXEC_BIN
  + #define SUEXEC_BIN  HTTPD_ROOT "/sbin/suexec"
  + #endif
   
   
   
   
   If your installation requires location of the wrapper program in a different
  -directory, edit src/httpd.h and recompile your Apache server.
  -See Compiling and Installing Apache for more
  -info on this process.
  +directory, either add 
-DSUEXEC_BIN=\"\"
  +to your CFLAGS (or edit src/include/httpd.h) and recompile your Apache 
server.
  +See Compiling and Installing Apache
  +(and the INSTALL file in the source distribution)
  +for more info on this process.
   
   
   
  
  
  

cvs commit: apache-1.3/htdocs/manual suexec.html

[marc]

marc98/07/18 14:43:13

  Modified:htdocs/manual suexec.html
  Log:
  No longer correct (and never really was) to tell them to type cc ...
  to compile suexec.
  
  PR: 2517
  
  Revision  ChangesPath
  1.19  +2 -1  apache-1.3/htdocs/manual/suexec.html
  
  Index: suexec.html
  ===
  RCS file: /export/home/cvs/apache-1.3/htdocs/manual/suexec.html,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- suexec.html   1998/05/20 14:22:33 1.18
  +++ suexec.html   1998/07/18 21:43:13 1.19
  @@ -377,7 +377,8 @@
   
   COMPILING THE SUEXEC WRAPPER
   You now need to compile the suEXEC wrapper.  At the shell command prompt,
  -type:  cc suexec.c -o suexec [ENTER].
  +after compiling Apache, 
  +type:  make suexec[ENTER].
   This should create the suexec wrapper executable.
   
   
  
  
  

cvs commit: apache-1.3/htdocs/manual suexec.html

[rse]

rse 98/05/15 01:24:24

  Modified:htdocs/manual suexec.html
  Log:
  Little enhancement of suEXEC docs to make sure the user knows that he can
  install suEXEC via APACI but only if he is carefully and does something
  explicitly (options).
  
  Submitted by: Jason A. Dour <[EMAIL PROTECTED]>
  
  Revision  ChangesPath
  1.17  +8 -4  apache-1.3/htdocs/manual/suexec.html
  
  Index: suexec.html
  ===
  RCS file: /export/home/cvs/apache-1.3/htdocs/manual/suexec.html,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- suexec.html   1998/02/05 22:33:52 1.16
  +++ suexec.html   1998/05/15 08:24:23 1.17
  @@ -85,10 +85,14 @@
   
   Fourth, and last, it has been the decision of the Apache Group to
   NOT make suEXEC part of the default installation of Apache.
  -To this end, suEXEC configuration is a manual process requiring of the
  -administrator careful attention to details.  It is through this process
  -that the Apache Group hopes to limit suEXEC installation only to those
  -who are determined to use it.
  +To this end, suEXEC configuration requires of the administrator careful
  +attention to details.  After due consideration has been given to the various
  +settings for suEXEC, the administrator may install suEXEC through normal
  +installation methods. The values for these settings need to be carefully
  +determined and specified by the administrator to properly maintain system
  +security during the use of suEXEC functionality.  It is through this detailed
  +process that the Apache Group hopes to limit suEXEC installation only to 
those
  +who are careful and determined enough to use it.