apache + suexec

ewdafa ewdafa at ewdafa.b0rk.co.uk
Tue Nov 27 22:36:14 GMT 2001


I've noticed that the apache port has the following lines in the Makefile:

CONFIGURE_ARGS+= ...
                                        --suexec-docroot=${PREFIX}/www/data
                                        ...

The Makefile doesn't contain a make option to include --enable-suexec
though.
Does this mean in order to compile in suexec from the port I have to edit
the Makefile to support this, OR does he want us to "make
CONFIGURE_ARGS=--enable-suexec".. OR just not use suexec at all.

What I'd really like to do is set up a website hosting machine, but could
really do without other users sniffing around the whole filesystem and other
users home directories with things like PHP and Perl. Has anyone got another
method of doing this without suEXEC support in apache?

I figured that since apache runs as user/group: nobody/nogroup, you need to
make the users home directory and html files readable to everyone, which
they may not like, especially if they have their MySQL password in a PHP
file somewhere. But using suEXEC it force apache to use the users UID/GID,
so therefore removing the need to make users home directories etc etc
readable to everyone.

Does this sound reasonable or am I pulling it out my behind? :)
 Thanks in advance,
  Ed






More information about the Ukfreebsd mailing list