You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2012/05/24 00:29:03 UTC
svn commit: r1342078 - in /httpd/httpd/trunk/docs/manual: suexec.html.en
suexec.xml
Author: jorton
Date: Wed May 23 22:29:03 2012
New Revision: 1342078
URL: http://svn.apache.org/viewvc?rev=1342078&view=rev
Log:
* docs/manual/: Commit XML for suexec changes + re-transform; thanks to nd@.
Modified:
httpd/httpd/trunk/docs/manual/suexec.html.en
httpd/httpd/trunk/docs/manual/suexec.xml
Modified: httpd/httpd/trunk/docs/manual/suexec.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/suexec.html.en?rev=1342078&r1=1342077&r2=1342078&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/suexec.html.en (original)
+++ httpd/httpd/trunk/docs/manual/suexec.html.en Wed May 23 22:29:03 2012
@@ -665,4 +665,4 @@ if (typeof(prettyPrint) !== 'undefined')
prettyPrint();
}
//--><!]]></script>
-</body></html>
+</body></html>
\ No newline at end of file
Modified: httpd/httpd/trunk/docs/manual/suexec.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/suexec.xml?rev=1342078&r1=1342077&r2=1342078&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/suexec.xml (original)
+++ httpd/httpd/trunk/docs/manual/suexec.xml Wed May 23 22:29:03 2012
@@ -359,6 +359,21 @@
together with the <code>--enable-suexec</code> option to let
APACI accept your request for using the suEXEC feature.</dd>
+ <dt><code>--enable-suexec-capabilities</code></dt>
+
+ <dd><strong>Linux specific:</strong> Normally,
+ the <code>suexec</code> binary is installed "setuid/setgid
+ root", which allows it to run with the full privileges of the
+ root user. If this option is used, the <code>suexec</code>
+ binary will instead be installed with only the setuid/setgid
+ "capability" bits set, which is the subset of full root
+ priviliges required for suexec operation. Note that
+ the <code>suexec</code> binary may not be able to write to a log
+ file in this mode; it is recommended that the
+ <code>--with-suexec-syslog --without-suexec-logfile</code>
+ options are used in conjunction with this mode, so that syslog
+ logging is used instead.</dd>
+
<dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
<dd>The path to the <code>suexec</code> binary must be hard-coded
@@ -423,6 +438,12 @@
"<code>suexec_log</code>" and located in your standard logfile
directory (<code>--logfiledir</code>).</dd>
+ <dt><code>--with-suexec-syslog</code></dt>
+
+ <dd>If defined, suexec will log notices and errors to syslog
+ instead of a logfile. This option must be combined
+ with <code>--without-suexec-logfile</code>.</dd>
+
<dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
<dd>Define a safe PATH environment to pass to CGI
@@ -544,9 +565,12 @@ Group webgroup
<p>The suEXEC wrapper will write log information
to the file defined with the <code>--with-suexec-logfile</code>
- option as indicated above. If you feel you have configured and
- installed the wrapper properly, have a look at this log and the
- error_log for the server to see where you may have gone astray.</p>
+ option as indicated above, or to syslog if <code>--with-suexec-syslog</code>
+ is used. If you feel you have configured and
+ installed the wrapper properly, have a look at the log and the
+ error_log for the server to see where you may have gone astray.
+ The output of <code>"suexec -V"</code> will show the options
+ used to compile suexec, if using a binary distribution.</p>
</section>