-   Red Hat (
-   -   Apache suEXEC recompile for new config options (

Thom_Redhat 04-19-2009 11:07 AM

Apache suEXEC recompile for new config options

Im using Centos 5.3 with Apache 2.2.3 & by default suEXEC is enabled but the default options don't meet what i'm trying todo so I want to change them. After research it seems for security reasons the config options are compiled in. So to change them I have to recompile Apache.

How do I go about this? I tried downloading the SRPM & extracting the contents then adjusting spec file with different suEXEC command line options. But I was unable to put the SRPM back together succesfully using the extracted contents but just with an adjusted spec file.

Could someone please clarify the steps involved in what I want todo.

knudfl 04-19-2009 12:46 PM

You can just install the 'src.rpm' with # rpm -Uvh <src.rpm>

And it will be "installed", packed out to /usr/src/...

Keep the new spec file in your /home and point to it with

# rpmbuild -bb httpd.spec , then that is the one, being used.

Thom_Redhat 04-19-2009 03:46 PM


Thanks for your help. :)

I'm struggling what to change my "with-suexec-userdir" directive to. It seems this directive needs tobe set to a universal folder name where the public html files need to reside but my setup doesn't have this. Can I set this to an all alias? My apache vhost system is setup as follows:

"I then have a subfolder for each vhost domain this client has."<website files here><website files here>

"I then have a subfolder for each vhost domain this client has."<website files here><website files here>

What do you recommend?

damanseb 04-21-2009 08:55 AM

"with-suexec-userdir" makes apache check the /home/directories for a folder called "public_html".
So users on the system can have their html pages served under their own username from http://localhost/~user/
This setup is more of a convenience to local users but is not as flexible as vhosts.

If you are running from vhosts the above mentioned parameters are not so relevant.

Example output:
# suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_USERDIR_SUFFIX="public_html"

For vhosts set AP_DOC_ROOT to "/websites/"

suexec checks if the vhost directory is underneith "AP_DOC_ROOT".
suexec checks if the vhost user/group matches ownership of the files in directory.
suexec checks if vhost user/group is not root or < 500/100

Thom_Redhat 04-27-2009 10:35 AM


I'm only using this for VHOSTs and so userdirs are not required. So i've kept that as the default "public_html". Leaving it as the default does this cause any security issues or would it cause any issues for my customers in the future?

-D AP_DOC_ROOT="/websites"
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/httpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_USERDIR_SUFFIX="public_html"

All my VHOST clients will be configured with doc roots of:

/websties/$username/$domain_name etc.

All times are GMT -5. The time now is 02:01 PM.