October 25, 2014
 
 
RSSRSS feed

Using Apache with Suexec on Linux - page 8

Executing CGI Scripts as Other Users

  • January 21, 2000
  • By Ken Coar

If you need to build Apache from source in order to add or change the suexec parameters, you can use the following commands as a quick-start. You should download the latest released version of the Apache tarball and unpack it into a working directory. The top-level directory will then be ./apache-1.3, which matches assumption #1 described earlier.

    % cd ./apache-1.3
    % env CC=gcc CFLAGS="-O2 -Wall" \
    > ./configure --enable-shared=max --enable-module=most \
    >   --with-layout=Apache --prefix=/usr/local/web/apache \
    >   --with-port=80 \
    >   --enable-suexec \
    >   --suexec-caller=nobody \
    >   --suexec-docroot=/usr/local/web \
    >   --suexec-umask=022
    Configuring for Apache, Version 1.3.12-dev
     + using installation path layout: Apache (config.layout)
     + Warning: You have enabled the suEXEC feature. Be aware that you need
     + root privileges to complete the final installation step.
    Creating Makefile
    Creating Configuration.apaci in src
        [more configuration output]
    % make
        [lots of compilation output]
    % make install
        [lots more output describing file placement]
    % /usr/local/web/apache/bin/apachectl start
     

If you didn't encounter any errors, you should now have a working Apache installation in the location that matches assumption #2 described earlier. It's been built to include suexec, and you should verify that this is the case:

    % /usr/local/web/apache/bin/httpd -l
    Compiled-in modules:
      http_core.c
      mod_so.c
    suexec: enabled; valid wrapper /usr/local/web/apache/bin/suexec
     

It's far beyond the scope of this article to give any more information about building Apache. If you'd like to see an article in this column about the details of building Apache, let me know.

Sitemap | Contact Us