You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Robert Heller <he...@deepsoft.com> on 2003/12/10 17:42:29 UTC
Re: [users@httpd] "--enable-mods-shared=all" configure question...
In message <Pi...@Poste3947.hec.ca>, Joshua Slive wr
ites:
>
>On Wed, 10 Dec 2003, Robert Heller wrote:
>> There does seem to be a weirdness with the
>> suexec_module. It appears that when it is compiled as a module and you
>> want to enable suexec for userdir CGI scripts. Even if you load the
>> suexec *before* all other modules, suexec is NOT enabled for userdir CGI
>> scripts.
>
>Although I haven't tested it myself, I'd guess that's not the problem.
>
>More likely you are missing other pieces in the suexec setup. Suexec
>requires not only mod_suexec, but also the suexec binary, which has its
>own ./configure options. Check the suexec docs.
ALL of this is set up:
--enable-suexec --with-suexec \
--with-suexec-caller=%{suexec_caller} \
--with-suexec-docroot=%{contentdir} \
--with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \
--with-suexec-bin=%{_sbindir}/suexec \
--with-suexec-uidmin=500 --with-suexec-gidmin=100 \
There is a properly built and installed suexec binary and
SuexecUserGroup does in fact enable suexec, but (as has been pointed
out elsewhere!) a SuexecUserGroup configuation option, is NOT the right
thing for *userdir* CGI scripts -- SuexecUserGroup is only for
VirtualHosts. It *definitely* appears that although suexec is enabled
(and with a LoadModule for the suexec module httpd is seeing the suexec
binary, as seen in the error_log), that userdir CGI scripts are NOT
being run with suexec -- they are being forked *directly* from httpd,
and have the UID httpd is running as. I am not a total idiot!
What does NOT help is the problem with "--enable-mods-shared=all", which
makes it hard to test. It looks like I might have to not use shared
modules at all, which would be both dumb and a serious bummer.
>
>Joshua.
>
\/
Robert Heller ||InterNet: heller@cs.umass.edu
http://vis-www.cs.umass.edu/~heller || heller@deepsoft.com
http://www.deepsoft.com /\FidoNet: 1:321/153
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] "--enable-mods-shared=all" configure question...
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, 10 Dec 2003, Robert Heller wrote:
> In message <Pi...@Poste3947.hec.ca>, Joshua Slive wr
> ites:
> >
> >On Wed, 10 Dec 2003, Robert Heller wrote:
> >> There does seem to be a weirdness with the
> >> suexec_module. It appears that when it is compiled as a module and you
> >> want to enable suexec for userdir CGI scripts. Even if you load the
> >> suexec *before* all other modules, suexec is NOT enabled for userdir CGI
> >> scripts.
> >
> >Although I haven't tested it myself, I'd guess that's not the problem.
> >
> >More likely you are missing other pieces in the suexec setup. Suexec
> >requires not only mod_suexec, but also the suexec binary, which has its
> >own ./configure options. Check the suexec docs.
>
>
> ALL of this is set up:
If you can compile apache with a static mod_suexec and have everything
working, then recompile and change nothing except load mod_suexec as a DSO
and have it fail, then it appears you have found a bug. Please report it
to the bug database.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org