LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 04-19-2009, 11:07 AM   #1
Thom_Redhat
Member
 
Registered: May 2003
Location: England
Distribution: Redhat9 Windows XP
Posts: 41

Rep: Reputation: 15
Apache suEXEC recompile for new config options


Hi,

Im using Centos 5.3 with Apache 2.2.3 & by default suEXEC is enabled but the default options don't meet what i'm trying todo so I want to change them. After research it seems for security reasons the config options are compiled in. So to change them I have to recompile Apache.

How do I go about this? I tried downloading the SRPM & extracting the contents then adjusting spec file with different suEXEC command line options. But I was unable to put the SRPM back together succesfully using the extracted contents but just with an adjusted spec file.

Could someone please clarify the steps involved in what I want todo.
 
Old 04-19-2009, 12:46 PM   #2
knudfl
LQ 5k Club
 
Registered: Jan 2008
Location: Copenhagen, DK
Distribution: pclos2014.08, Slack14.1 DebWheezy, +50+ other Linux OS, for test only.
Posts: 13,941

Rep: Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602
You can just install the 'src.rpm' with # rpm -Uvh <src.rpm>

And it will be "installed", packed out to /usr/src/...

Keep the new spec file in your /home and point to it with

# rpmbuild -bb httpd.spec , then that is the one, being used.
.....

Last edited by knudfl; 04-19-2009 at 01:34 PM.
 
Old 04-19-2009, 03:46 PM   #3
Thom_Redhat
Member
 
Registered: May 2003
Location: England
Distribution: Redhat9 Windows XP
Posts: 41

Original Poster
Rep: Reputation: 15
Hi,

Thanks for your help.

I'm struggling what to change my "with-suexec-userdir" directive to. It seems this directive needs tobe set to a universal folder name where the public html files need to reside but my setup doesn't have this. Can I set this to an all alias? My apache vhost system is setup as follows:

/websites/client1000/
"I then have a subfolder for each vhost domain this client has."
joebloggs.org/<website files here>
joebloggs.com/<website files here>

/websites/client1001/
"I then have a subfolder for each vhost domain this client has."
fred.org/<website files here>
fred.com/<website files here>

What do you recommend?
 
Old 04-21-2009, 08:55 AM   #4
damanseb
LQ Newbie
 
Registered: Apr 2009
Posts: 2

Rep: Reputation: 0
"with-suexec-userdir" makes apache check the /home/directories for a folder called "public_html".
So users on the system can have their html pages served under their own username from http://localhost/~user/
This setup is more of a convenience to local users but is not as flexible as vhosts.

If you are running from vhosts the above mentioned parameters are not so relevant.

Example output:
# suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=500
-D AP_USERDIR_SUFFIX="public_html"

For vhosts set AP_DOC_ROOT to "/websites/"

suexec checks if the vhost directory is underneith "AP_DOC_ROOT".
suexec checks if the vhost user/group matches ownership of the files in directory.
suexec checks if vhost user/group is not root or < 500/100

Last edited by damanseb; 04-21-2009 at 09:05 AM.
 
Old 04-27-2009, 10:35 AM   #5
Thom_Redhat
Member
 
Registered: May 2003
Location: England
Distribution: Redhat9 Windows XP
Posts: 41

Original Poster
Rep: Reputation: 15
Hi,

I'm only using this for VHOSTs and so userdirs are not required. So i've kept that as the default "public_html". Leaving it as the default does this cause any security issues or would it cause any issues for my customers in the future?

-D AP_DOC_ROOT="/websites"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

All my VHOST clients will be configured with doc roots of:

/websties/$username/$domain_name etc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apache + php suexec gimmereeson Linux - Server 0 09-18-2007 11:24 AM
Apache Suexec not working vikasumit Linux - Software 2 07-21-2006 05:49 AM
apache suexec hassan2 Linux - Software 0 08-03-2005 07:01 PM
Apache Suexec Maze the Kid Linux - Software 0 04-05-2005 04:05 PM
Apache suexec Rachel Carter Linux - Software 0 01-31-2003 03:27 PM


All times are GMT -5. The time now is 09:39 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration