Apache suEXEC recompile for new config options
Hi,
Im using Centos 5.3 with Apache 2.2.3 & by default suEXEC is enabled but the default options don't meet what i'm trying todo so I want to change them. After research it seems for security reasons the config options are compiled in. So to change them I have to recompile Apache. How do I go about this? I tried downloading the SRPM & extracting the contents then adjusting spec file with different suEXEC command line options. But I was unable to put the SRPM back together succesfully using the extracted contents but just with an adjusted spec file. Could someone please clarify the steps involved in what I want todo. |
You can just install the 'src.rpm' with # rpm -Uvh <src.rpm>
And it will be "installed", packed out to /usr/src/... Keep the new spec file in your /home and point to it with # rpmbuild -bb httpd.spec , then that is the one, being used. ..... |
Hi,
Thanks for your help. :) I'm struggling what to change my "with-suexec-userdir" directive to. It seems this directive needs tobe set to a universal folder name where the public html files need to reside but my setup doesn't have this. Can I set this to an all alias? My apache vhost system is setup as follows: /websites/client1000/ "I then have a subfolder for each vhost domain this client has." joebloggs.org/<website files here> joebloggs.com/<website files here> /websites/client1001/ "I then have a subfolder for each vhost domain this client has." fred.org/<website files here> fred.com/<website files here> What do you recommend? |
"with-suexec-userdir" makes apache check the /home/directories for a folder called "public_html".
So users on the system can have their html pages served under their own username from http://localhost/~user/ This setup is more of a convenience to local users but is not as flexible as vhosts. If you are running from vhosts the above mentioned parameters are not so relevant. Example output: # suexec -V -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=100 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/httpd/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=500 -D AP_USERDIR_SUFFIX="public_html" For vhosts set AP_DOC_ROOT to "/websites/" suexec checks if the vhost directory is underneith "AP_DOC_ROOT". suexec checks if the vhost user/group matches ownership of the files in directory. suexec checks if vhost user/group is not root or < 500/100 |
Hi,
I'm only using this for VHOSTs and so userdirs are not required. So i've kept that as the default "public_html". Leaving it as the default does this cause any security issues or would it cause any issues for my customers in the future? -D AP_DOC_ROOT="/websites" -D AP_GID_MIN=100 -D AP_HTTPD_USER="apache" -D AP_LOG_EXEC="/var/log/httpd/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="public_html" All my VHOST clients will be configured with doc roots of: /websties/$username/$domain_name etc. |
All times are GMT -5. The time now is 07:45 PM. |