Google Git
Sign in
apache / httpd / 19d98a5802beedc00415c8ef0ab512fee0ec98b3 / . / docs / manual / suexec.xml.ko
blob: 15815ce428614ba21853da21a7981c5bf795af25 [file] [log] [blame]
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
<!-- English Revision: 105989:1673945 (outdated) -->
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<manualpage metafile="suexec.xml.meta">
<title>suEXEC Áö¿ø</title>
<summary>
<p><strong>suEXEC</strong> ±â´ÉÀº ¾ÆÆÄÄ¡°¡ <strong>CGI</strong>¿Í
<strong>SSI</strong> ÇÁ·Î±×·¥À» À¥¼­¹ö¸¦ ½ÇÇàÇÑ »ç¿ëÀÚ ID°¡
¾Æ´Ñ ´Ù¸¥ »ç¿ëÀÚ ID·Î ½ÇÇàÇϵµ·Ï ÇÑ´Ù. º¸Åë CGI³ª SSI ÇÁ·Î±×·¥À»
½ÇÇàÇϸé À¥¼­¹ö¸¦ ½ÇÇàÇÑ »ç¿ëÀÚ¿Í °°Àº »ç¿ëÀÚ·Î ½ÇÇàÇÑ´Ù.</p>
<p>ÀÌ ±â´ÉÀ» ÀûÀýÈ÷ »ç¿ëÇÏ¸é »ç¿ëÀÚ°¡ Á÷Á¢ CGI³ª SSI ÇÁ·Î±×·¥À»
°³¹ßÇÏ°í ½ÇÇàÇÒ¶§ ¹ß»ýÇÒ ¼ö ÀÖ´Â º¸¾ÈÀ§ÇèÀ» »ó´çÈ÷ ÁÙÀÏ
¼ö ÀÖ´Ù. ±×·¯³ª suEXEC°¡ ºÎÀûÀýÇÏ°Ô ¼³Á¤µÇ¸é ¸¹Àº ¹®Á¦¿Í
ÄÄÇ»ÅÍ¿¡ »õ·Î¿î º¸¾È ÇãÁ¡À» ¸¸µé ¼ö ÀÖ´Ù. ¸¸¾à <em>setuid root</em>
ÇÁ·Î±×·¥°ú ÀÌ·± ÇÁ·Î±×·¥ÀÇ º¸¾È ¹®Á¦¿¡ »ý¼ÒÇÏ´Ù¸é suEXEC¸¦
»ç¿ëÇÏÁö¾Ê±æ Áø½ÉÀ¸·Î ¹Ù¶õ´Ù.</p>
</summary>
<section id="before"><title>½ÃÀÛÇϱâ Àü¿¡</title>
<p>½ÃÀÛÇϱâ Àü¿¡ ¿ì¼± ¾ÆÆÄÄ¡±×·ì°ú ÀÌ ¹®¼­ÀÇ °¡Á¤À» ¹àÈù´Ù.</p>
<p>¸ÕÀú <strong>setuid</strong>¿Í <strong>setgid</strong>
±â´ÉÀÌ °¡´ÉÇÑ À¯´Ð½º·ù ¿î¿µÃ¼Á¦¸¦ »ç¿ëÇÑ´Ù°í °¡Á¤ÇÑ´Ù. ¸ðµç
¸í·É¾î ¿¹µéµµ °°Àº °¡Á¤À» ÇÑ´Ù. suEXEC¸¦ Áö¿øÇÏ´Â ´Ù¸¥ Ç÷¡ÆûÀ»
»ç¿ëÇÏ´Ù¸é ¼³Á¤ÀÌ ´Ù¸¦ ¼ö ÀÖ´Ù.</p>
<p>µÎ¹ø°, ´ç½ÅÀÌ ÄÄÇ»ÅÍ º¸¾ÈÀÇ ±âº» °³³ä°ú °ü¸®¿¡ Àͼ÷ÇÏ´Ù°í
°¡Á¤ÇÑ´Ù. ¿©±â¿¡´Â <strong>setuid/setgid</strong> ±â´É°ú
À̵éÀÌ ½Ã½ºÅÛ°ú º¸¾È¿¡ ¹ÌÄ¡´Â ¿©·¯ ¿µÇâ¿¡ ´ëÇÑ ÀÌÇØ°¡ Æ÷ÇԵȴÙ.</p>
<p>¼¼¹ø°, suEXEC ÄÚµåÀÇ <strong>¼öÁ¤ÇÏÁö¾ÊÀº</strong>
¹öÀüÀ» »ç¿ëÇÑ´Ù°í °¡Á¤ÇÑ´Ù. °³¹ßÀÚ¿Í ¿©·¯ º£Å¸Å×½ºÅ͵éÀº
suEXEC¿Í °ü·ÃµÈ ¸ðµç Äڵ带 Á¶½É½º·´°Ô Á¶»çÇÏ°í °Ë»çÇß´Ù.
Äڵ带 °£´ÜÇÏ°Ô ÇÏ°í È®½ÇÇÑ ¾ÈÀüÀ» º¸ÀåÇϱâÀ§ÇØ ¸ðµç ÁÖÀǸ¦
±â¿ï¿´´Ù. ÀÌ Äڵ带 ¼öÁ¤ÇÏ¸é ¿¹»óÄ¡¸øÇÑ ¹®Á¦¿Í »õ·Î¿î º¸¾È
À§ÇèÀÌ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. º¸¾È ÇÁ·Î±×·¡¹Ö¿¡ ´ëÇØ ¸Å¿ì Àß ¾Ë°í
Äڵ带 »ìÆ캸±âÀ§ÇØ ¾ÆÆÄÄ¡±×·ì°ú ÀÛ¾÷À» °øÀ¯ÇÒ Àǻ簡 ¾ø´Ù¸é
suEXEC Äڵ带 ¼öÁ¤ÇÏÁö¾Ê±æ <strong>°­·ÂÈ÷</strong> ±ÇÇÑ´Ù.</p>
<p>³×¹ø°ÀÌÀÚ ¸¶Áö¸·À¸·Î, ¾ÆÆÄÄ¡±×·ìÀº suEXEC¸¦ ¾ÆÆÄÄ¡
±âº»¼³Ä¡¿¡ Æ÷ÇÔÇÏÁö <strong>¾Ê±â·Î</strong> °áÁ¤Çß´Ù. °á±¹
°ü¸®ÀÚ°¡ ÁÖÀǸ¦ ±â¿ï¿©¼­ suEXEC¸¦ ¼³Á¤ÇØ¾ß ÇÑ´Ù. suEXECÀÇ
¿©·¯ ¼³Á¤À» Àß °í·ÁÇÑÈÄ °ü¸®ÀÚ´Â ÀϹÝÀûÀÎ ¼³Ä¡¹æ¹ýÀ» suEXEC¸¦
¼³Ä¡ÇÒ ¼ö ÀÖ´Ù. suEXEC ±â´ÉÀ» »ç¿ëÇÏ´Â ½Ã½ºÅÛÀÇ º¸¾ÈÀ» Ã¥ÀÓÁö´Â
°ü¸®ÀÚ´Â ÀÌ ¼³Á¤°ªµéÀ» ÁÖÀÇÀÖ°Ô »ìÆ캸°í ÁöÁ¤ÇØ¾ß ÇÑ´Ù.
ÀÌ·± »ó¼¼ÇÑ °úÁ¤Àº suEXEC¸¦ »ç¿ëÇÒ¸¸Å­ ÁÖÀÇÀÖ°í ´ÜÈ£ÇÑ
»ç¶÷¸¸ÀÌ suEXEC¸¦ »ç¿ëÇϵµ·Ï ¾ÆÆÄÄ¡±×·ìÀÌ ¿øÇϱ⠶§¹®ÀÌ´Ù.</p>
<p>¾ÆÁ÷µµ »ç¿ëÇÏ±æ ¿øÇϴ°¡? ±×·±°¡? ÁÁ´Ù. ÀÌÁ¦ ½ÃÀÛÇÏÀÚ!</p>
</section>
<section id="model"><title>suEXEC º¸¾È¸ðµ¨</title>
<p>suEXEC¸¦ ±¸¼ºÇÏ°í ¼³Ä¡Çϱâ Àü¿¡ ¿ì¸®´Â º¸¾È¸ðµ¨À» ¸ÕÀú
¼³¸íÇÑ´Ù. À̸¦ ÅëÇØ Á¤È®È÷ suEXEC ¾È¿¡¼­´Â ¹«½¼ ÀÏÀÌ ÀϾ¸ç
½Ã½ºÅÛÀÇ º¸¾ÈÀ» À§ÇØ ¹«¾ùÀ» Á¶½ÉÇØ¾ß ÇÒÁö ´õ Àß ÀÌÇØÇÒ ¼ö
ÀÖ´Ù.</p>
<p><strong>suEXEC</strong>´Â ¾ÆÆÄÄ¡ À¥¼­¹ö°¡ ºÎ¸£´Â setuid
"wrapper" ÇÁ·Î±×·¥À» ±â¹ÝÀ¸·Î ÇÑ´Ù. ÀÌ wrapper´Â °ü¸®ÀÚ°¡
ÁÖ¼­¹ö¿Í ´Ù¸¥ userid·Î ½ÇÇàÇϵµ·Ï ¼³Á¤ÇÑ CGI³ª SSI ÇÁ·Î±×·¥¿¡
HTTP ¿äûÀÌ ¿À¸é ºÒ¸°´Ù. ÀÌ·± ¿äûÀÌ ¿À¸é ¾ÆÆÄÄ¡´Â suEXEC
wrapper¿¡°Ô ÇÁ·Î±×·¥¸í°ú ÇÁ·Î±×·¥À» ½ÇÇàÇÒ »ç¿ëÀÚ¿Í ±×·ì
ID¸¦ Á¦°øÇÑ´Ù.</p>
<p>±×·¯¸é wrapper´Â ´ÙÀ½ °úÁ¤À» ÅëÇØ ¼º°ø°ú ½ÇÆи¦ °áÁ¤ÇÑ´Ù.
ÀÌ Á¶°ÇÁß Çϳª¶óµµ ½ÇÆÐÇϸé ÇÁ·Î±×·¥Àº ½ÇÆзΠ±â·ÏµÇ°í ¿À·ù¸¦
³»¸ç Á¾·áÇÑ´Ù. ½ÇÆÐÇÏÁö ¾ÊÀ¸¸é °úÁ¤À» °è¼ÓÇÑ´Ù:</p>
<ol>
<li>
<strong>wrapper¸¦ ½ÇÇàÇÏ´Â »ç¿ëÀÚ°¡ ½Ã½ºÅÛÀÇ Á¤»óÀûÀÎ
»ç¿ëÀÚÀΰ¡?</strong>
<p class="indent">
wrapper¸¦ ½ÇÇàÇÏ´Â »ç¿ëÀÚ°¡ ½ÇÁ¦·Î ½Ã½ºÅÛÀÇ »ç¿ëÀÚÀÎÁö
È®ÀÎÇÑ´Ù.
</p>
</li>
<li>
<strong>ÀûÀýÇÑ ¼öÀÇ ¾Æ±Ô¸ÕÆ®·Î wrapper¸¦ ½ÇÇàÇϴ°¡?</strong>
<p class="indent">
wrapper´Â ÀûÀýÇÑ ¼öÀÇ ¾Æ±Ô¸ÕÆ®°¡ ÀÖ¾î¾ß¸¸ ½ÇÇàµÈ´Ù.
¾ÆÆÄÄ¡ À¥¼­¹ö°¡ ÀÌ °³¼ö¸¦ ¾È´Ù. wrapper°¡ ÀûÀýÇÑ ¼öÀÇ
¾Æ±Ô¸ÕÆ®¸¦ ¹ÞÁö¸øÇϸé ÇØÅ·µÇ¾ú°Å³ª ¾ÆÆÄÄ¡ÀÇ suEXEC¿¡
¹º°¡ ¹®Á¦°¡ ÀÖ´Â °ÍÀÌ´Ù.
</p>
</li>
<li>
<strong>ÀÌ »ç¿ëÀÚ°¡ wrapper¸¦ ½ÇÇàÇϵµ·Ï Çã¿ëµÇ¾ú³ª?</strong>
<p class="indent">
ÀÌ »ç¿ëÀÚ°¡ wrapper¸¦ ½ÇÇàÇϵµ·Ï Çã¿ëµÇ¾ú³ª? ¿ÀÁ÷
ÇÑ »ç¿ëÀÚ(¾ÆÆÄÄ¡ »ç¿ëÀÚ)¸¸ÀÌ ÀÌ ÇÁ·Î±×·¥À» ½ÇÇàÇÒ
¼ö ÀÖ´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ CGI³ª SSI ÇÁ·Î±×·¥ÀÌ ¾ÈÀüÇÏÁö¾ÊÀº °èÃþÂüÁ¶¸¦
°¡Áö´Â°¡?</strong>
<p class="indent">
ÁöÁ¤ÇÑ CGI³ª SSI ÇÁ·Î±×·¥ÀÌ '/'·Î ½ÃÀÛÇϰųª µÞÂüÁ¶
'..'À» °¡Áö´Â°¡? À̵éÀ» »ç¿ëÇÒ ¼ö ¾ø´Ù. ÁöÁ¤ÇÑ CGI/SSI
ÇÁ·Î±×·¥Àº suEXEC ¹®¼­ root (¾Æ·¡
<code>--with-suexec-docroot=<em>DIR</em></code> Âü°í)
³»¿¡ ÀÖ¾î¾ß ÇÑ´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ »ç¿ëÀÚ¸íÀÌ À¯È¿ÇÑ°¡?</strong>
<p class="indent">
ÁöÁ¤ÇÑ »ç¿ëÀÚ°¡ Á¸ÀçÇϴ°¡?
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ ±×·ì¸íÀÌ À¯È¿ÇÑ°¡?</strong>
<p class="indent">
ÁöÁ¤ÇÑ ±×·ìÀÌ Á¸ÀçÇϴ°¡?
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ »ç¿ëÀÚ°¡ superuser°¡ <em>¾Æ´Ñ°¡</em>?</strong>
<p class="indent">
ÇöÀç suEXEC´Â <code><em>root</em></code>°¡ CGI/SSI
ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ¾øµµ·Ï ÇÑ´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ userid°¡ ÃÖ¼Ò ID ¼ýÀÚº¸´Ù <em>Å«°¡</em>?</strong>
<p class="indent">
¼³Á¤¿¡¼­ ÃÖ¼Ò »ç¿ëÀÚ ID ¼ýÀÚ¸¦ ÁöÁ¤ÇÑ´Ù. ±×·¡¼­ CGI/SSI
ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ÀÖ´Â useridÀÇ ÃÖ¼ÒÄ¡¸¦ ÁöÁ¤ÇÒ
¼ö ÀÖ´Ù. "½Ã½ºÅÛ¿ë" °èÁ¤À» Á¦¿ÜÇÒ¶§ À¯¿ëÇÏ´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ ±×·ìÀÌ superuser ±×·ìÀÌ <em>¾Æ´Ñ°¡</em>?</strong>
<p class="indent">
ÇöÀç suEXEC´Â <code><em>root</em></code> ±×·ìÀÌ CGI/SSI
ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ¾øµµ·Ï ÇÑ´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ groupid°¡ ÃÖ¼Ò ID ¼ýÀÚº¸´Ù <em>Å«°¡</em>?</strong>
<p class="indent">
¼³Á¤¿¡¼­ ÃÖ¼Ò ±×·ì ID ¼ýÀÚ¸¦ ÁöÁ¤ÇÑ´Ù. ±×·¡¼­ CGI/SSI
ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ÀÖ´Â groupidÀÇ ÃÖ¼ÒÄ¡¸¦ ÁöÁ¤ÇÒ
¼ö ÀÖ´Ù. "½Ã½ºÅÛ¿ë" ±×·ìÀ» Á¦¿ÜÇÒ¶§ À¯¿ëÇÏ´Ù.
</p>
</li>
<li>
<strong>wrapper°¡ ¼º°øÀûÀ¸·Î ÁöÁ¤ÇÑ »ç¿ëÀÚ¿Í ±×·ìÀÌ
µÉ ¼ö Àִ°¡?</strong>
<p class="indent">
ÀÌ ´Ü°è¿¡¼­ ÇÁ·Î±×·¥Àº setuid¿Í setgid È£ÃâÀ» ÇÏ¿©
ÁöÁ¤ÇÑ »ç¿ëÀÚ¿Í ±×·ìÀÌ µÈ´Ù. ¶Ç, ±×·ì Á¢±Ù¸ñ·ÏÀº
»ç¿ëÀÚ°¡ ÇØ´çµÈ ¸ðµç ±×·ìÀ¸·Î ÃʱâÈ­µÈ´Ù.
</p>
</li>
<li>
<strong>CGI/SSI ÇÁ·Î±×·¥ÀÌ ÀÖ´Â µð·ºÅ丮·Î µð·ºÅ丮¸¦
º¯°æÇÒ ¼ö Àִ°¡?</strong>
<p class="indent">
µð·ºÅ丮°¡ Á¸ÀçÇÏÁö ¾Ê´Ù¸é ÆÄÀÏÀÌ ÀÖÀ» ¼ö ¾ø´Ù. ÀÌ°÷À¸·Î
µð·ºÅ丮¸¦ º¯°æÇÒ ¼ö ¾ø´Ù¸é µð·ºÅ丮´Â Á¸ÀçÇÏÁö ¾ÊÀ»
°ÍÀÌ´Ù.
</p>
</li>
<li>
<strong>µð·ºÅ丮°¡ ¾ÆÆÄÄ¡ À¥°ø°£ ¾È¿¡ Àִ°¡?</strong>
<p class="indent">
¼­¹öÀÇ ÀϹÝÀûÀÎ ºÎºÐÀ» ¿äûÇÒ °æ¿ì ¿äûÇÏ´Â µð·ºÅ丮°¡
suEXEC ¹®¼­ root ¾Æ·¡ Àִ°¡? UserDirÀ» ¿äûÇÒ °æ¿ì
¿äûÇÏ´Â µð·ºÅ丮°¡ suEXEC userdir·Î ¼³Á¤ÇÑ (<a
href="#install">suEXEC ¼³Á¤ ¿É¼Ç</a> Âü°í) µð·ºÅ丮
¾Æ·¡¿¡ Àִ°¡?
</p>
</li>
<li>
<strong>´Ù¸¥ ´©±¸µµ µð·ºÅ丮¿¡ ¾²±â±ÇÇÑÀÌ <em>¾ø´Â°¡</em>?</strong>
<p class="indent">
µð·ºÅ丮¸¦ ´Ù¸¥ »ç¶÷¿¡°Ô ¿­¾îµÎ±æ ¿øÇÏÁö¾Ê´Â´Ù. ¿ÀÁ÷
¼ÒÀ¯ÀÚ¸¸ÀÌ µð·ºÅ丮 ³»¿ëÀ» º¯°æÇÒ ¼ö ÀÖ´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ CGI/SSI ÇÁ·Î±×·¥ÀÌ Á¸ÀçÇϴ°¡?</strong>
<p class="indent">
Á¸ÀçÇÏÁö¾Ê´Ù¸é ½ÇÇàÇÒ ¼öµµ ¾ø´Ù.
</p>
</li>
<li>
<strong>´Ù¸¥ ´©±¸µµ ÁöÁ¤ÇÑ CGI/SSI ÇÁ·Î±×·¥¿¡ ¾²±â±ÇÇÑÀÌ
<em>¾ø´Â°¡</em>?</strong>
<p class="indent">
¼ÒÀ¯ÀÚ¿Ü ´©±¸µµ CGI/SSI ÇÁ·Î±×·¥À» º¯°æÇÏ±æ ¿øÇÏÁö¾Ê´Â´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ CGI/SSI ÇÁ·Î±×·¥ÀÌ setuid³ª setgid°¡
<em>¾Æ´Ñ°¡</em>?</strong>
<p class="indent">
¿ì¸®´Â ÇÁ·Î±×·¥ÀÌ ´Ù½Ã UID/GID¸¦ º¯°æÇÏ±æ ¿øÇÏÁö¾Ê´Â´Ù.
</p>
</li>
<li>
<strong>ÁöÁ¤ÇÑ »ç¿ëÀÚ/±×·ìÀÌ ÇÁ·Î±×·¥ÀÇ »ç¿ëÀÚ/±×·ì°ú °°Àº°¡?</strong>
<p class="indent">
»ç¿ëÀÚ°¡ ÆÄÀÏÀÇ ¼ÒÀ¯ÀÚÀΰ¡?
</p>
</li>
<li>
<strong>¾ÈÀüÇÑ µ¿ÀÛÀ» À§ÇØ ÇÁ·Î¼¼½ºÀÇ È¯°æº¯¼ö¸¦ û¼ÒÇÒ
¼ö Àִ°¡?</strong>
<p class="indent">
suEXEC´Â (¼³Á¤¿¡¼­ Á¤ÀÇÇÑ) ¾ÈÀüÇÑ ½ÇÇà PATH¸¦ Àâ°í,
(À̰͵µ ¼³Á¤¿¡¼­ Á¤ÀÇ) ¾ÈÀüÇÑ È¯°æº¯¼ö ¸ñ·Ï¿¡ ¿­°ÅµÈ
º¯¼ö¸¸ ³²±â°í ÇÁ·Î¼¼½ºÀÇ È¯°æº¯¼ö¸¦ Áö¿î´Ù.
</p>
</li>
<li>
<strong>¼º°øÀûÀ¸·Î ÁöÁ¤ÇÑ CGI/SSI ÇÁ·Î±×·¥À» ½ÇÇàÇÒ
¼ö Àִ°¡?</strong>
<p class="indent">
¿©±â¼­ suEXEC°¡ ³¡³ª°í ÁöÁ¤ÇÑ CGI/SSI ÇÁ·Î±×·¥ÀÌ ½ÃÀÛÇÑ´Ù.
</p>
</li>
</ol>
<p>ÀÌ°ÍÀÌ suEXEC wrapper º¸¾È¸ðµ¨ÀÇ Ç¥ÁØ µ¿ÀÛÀÌ´Ù. ´Ù¼Ò
¾ö°ÝÇÏ°í CGI/SSI ¼³°è¿¡ »õ·Î¿î Á¦ÇÑÀÌ µÇÁö¸¸, º¸¾ÈÀ» ¿°µÎ¿¡
µÎ°í ÇѴܰ辿 Á¶½É½º·´°Ô ¸¸µé¾îÁ³´Ù.</p>
<p>ÀÌ º¸¾È ¸ðµ¨ÀÌ ¼­¹ö ¼³Á¤¿¡ ¾î¶² Á¦ÇÑÀ» ÁÖ´ÂÁö¿Í ÀûÀýÇÑ
suEXEC ¼³Á¤À¸·Î ¾î¶² º¸¾È À§ÇèÀ» ÇÇÇÒ ¼ö ÀÖ´ÂÁö¿¡ ´ëÇØ ÀÌ
¹®¼­ÀÇ <a href="#jabberwock">"´Ù½Ã Çѹø Á¶½ÉÇ϶ó"</a> ÀýÀ»
Âü°íÇ϶ó.</p>
</section>
<section id="install"><title>suEXEC ±¸¼º°ú ¼³Ä¡</title>
<p>ÀÌÁ¦ Àç¹ÌÀÖ´Â ³»¿ëÀÌ ½ÃÀÛÇÑ´Ù.</p>
<p><strong>suEXEC ±¸¼º ¿É¼Ç</strong><br />
</p>
<dl>
<dt><code>--enable-suexec</code></dt>
<dd>ÀÌ ¿É¼ÇÀº ±âº»ÀûÀ¸·Î ¼³Ä¡µÇ°Å³ª È°¼ºÈ­µÇÁö¾Ê´Â suEXEC
±â´ÉÀ» È°¼ºÈ­ÇÑ´Ù. APACI°¡ suEXEC¸¦ ¹Þ¾ÆµéÀÌ·Á¸é
<code>--enable-suexec</code> ¿É¼Ç¿Ü¿¡
<code>--with-suexec-xxxxx</code> ¿É¼ÇÀÌ ÃÖ¼ÒÇÑ ÇÑ°³
ÇÊ¿äÇÏ´Ù.</dd>
<dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
<dd><code>suexec</code> ¹ÙÀ̳ʸ® °æ·Î´Â º¸¾È»ó ÀÌÀ¯·Î
¼­¹ö¿¡ ±â·ÏµÇ¾ß ÇÑ´Ù. °æ·Î ±âº»°ªÀ» ¹«½ÃÇÏ·Á¸é ÀÌ ¿É¼ÇÀ»
»ç¿ëÇÑ´Ù. <em>¿¹¸¦ µé¾î</em>
<code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
<dt><code>--with-suexec-caller=<em>UID</em></code></dt>
<dd>º¸Åë ¾ÆÆÄÄ¡¸¦ ½ÇÇàÇÏ´Â <a
href="mod/mpm_common.html#user">»ç¿ëÀÚ¸í</a>. ÇÁ·Î±×·¥À»
½ÇÇàÇÒ ¼ö ÀÖ´Â À¯ÀÏÇÑ »ç¿ëÀÚ´Ù.</dd>
<dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
<dd>suEXEC Á¢±ÙÀÌ Çã¿ëµÇ´Â »ç¿ëÀÚ È¨µð·ºÅ丮ÀÇ ÇÏÀ§µð·ºÅ丮¸¦
ÁöÁ¤ÇÑ´Ù. ÀÌ µð·ºÅ丮¿¡ ÀÖ´Â ¸ðµç ½ÇÇàÆÄÀÏÀ» »ç¿ëÀÚÀÇ
suEXEC·Î ½ÇÇà¹Ç·Î, ¸ðµç ÇÁ·Î±×·¥ÀÌ "¾ÈÀüÇؾß" ÇÑ´Ù. (¿¹¸¦
µé¾î, °ª¿¡ "*"ÀÌ ¾ø´Â) "°£´ÜÇÑ" UserDir Áö½Ã¾î¸¦ »ç¿ëÇÑ´Ù¸é
°°Àº °ªÀ» ¼³Á¤ÇØ¾ß ÇÑ´Ù. UserDir Áö½Ã¾î°¡ passwd ÆÄÀÏ¿¡
³ª¿Â »ç¿ëÀÚ È¨µð·ºÅ丮¿Í ´Ù¸£¸é suEXEC´Â Á¤»óÀûÀ¸·Î
ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù. ±âº»°ªÀº "public_html"ÀÌ´Ù.<br />
°¡»óÈ£½ºÆ®µéÀÌ °¢°¢ ´Ù¸¥ UserDirÀ» »ç¿ëÇÑ´Ù¸é ¸ðµÎ ÇÑ
ºÎ¸ð µð·ºÅ丮 ¾È¿¡ ÀÖµµ·Ï Á¤ÀÇÇØ¾ß ÇÏ°í, ±× ºÎ¸ð µð·ºÅ丮¸íÀ»
¿©±â Àû´Â´Ù. <strong>ÀÌ·¸°Ô Á¤ÀÇÇÏÁö ¾ÊÀ¸¸é, "~userdir"
cgi ¿äûÀÌ ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù!</strong></dd>
<dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
<dd>¾ÆÆÄÄ¡ÀÇ DocumentRoot¸¦ Á¤ÀÇÇÑ´Ù. ÀÌ´Â suEXEC°¡ »ç¿ëÇÒ
¼ö ÀÖ´Â (UserDirsÀ» Á¦¿ÜÇÑ) À¯ÀÏÇÑ °ø°£ÀÌ´Ù. ±âº» µð·ºÅ丮´Â
<code>--datadir</code> °ª¿¡ "/htdocs"À» ºÙÀÎ °ÍÀÌ´Ù.
<em>¿¹¸¦ µé¾î</em> "<code>--datadir=/home/apache</code>"·Î
±¸¼ºÇß´Ù¸é suEXEC wrapper´Â document root·Î
"/home/apache/htdocs" µð·ºÅ丮¸¦ »ç¿ëÇÑ´Ù.</dd>
<dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
<dd>suEXEC¿¡¼­ ÁöÁ¤°¡´ÉÇÑ »ç¿ëÀÚÀÇ ÃÖ¼Ò UID¸¦ Á¤ÀÇÇÑ´Ù.
´ëºÎºÐÀÇ ½Ã½ºÅÛ¿¡¼­ 500À̳ª 100ÀÌ ÀûÀýÇÏ´Ù. ±âº»°ªÀº
100ÀÌ´Ù.</dd>
<dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
<dd>suEXEC¿¡¼­ ÁöÁ¤°¡´ÉÇÑ ±×·ìÀÇ ÃÖ¼Ò GID¸¦ Á¤ÀÇÇÑ´Ù.
´ëºÎºÐÀÇ ½Ã½ºÅÛ¿¡¼­ 100ÀÌ ÀûÀýÇϹǷΠÀÌ °ªÀÌ ±âº»°ªÀÌ´Ù.</dd>
<dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
<dd>¸ðµç suEXEC ÀÛµ¿°ú ¿À·ù¸¦ (°¨½Ã³ª µð¹ö±ë ¸ñÀû¿¡ À¯¿ëÇÑ)
±â·ÏÇÒ ·Î±×ÆÄÀϸíÀ» ÁöÁ¤ÇÑ´Ù. ±âº»ÀûÀ¸·Î ·Î±×ÆÄÀÏÀÇ À̸§Àº
"suexec_log"ÀÌ°í Ç¥ÁØ ·Î±×ÆÄÀÏ µð·ºÅ丮¿¡
(<code>--logfiledir</code>) À§Ä¡ÇÑ´Ù.</dd>
<dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
<dd>CGI ½ÇÇàÆÄÀÏ¿¡ ³Ñ°ÜÁú ¾ÈÀüÇÑ PATH ȯ°æº¯¼ö¸¦ Á¤ÀÇÇÑ´Ù.
±âº»°ªÀº "/usr/local/bin:/usr/bin:/bin"ÀÌ´Ù.</dd>
</dl>
<p><strong>suEXEC wrapper¸¦ ÄÄÆÄÀÏÇÏ°í ¼³Ä¡Çϱâ</strong><br />
<code>--enable-suexec</code> ¿É¼ÇÀ¸·Î suEXEC ±â´ÉÀ» °¡´ÉÇÏ°ÔÇÑ
°æ¿ì <code>make</code> ¸í·É¾î¸¦ ½ÇÇàÇϸé <code>suexec</code>
½ÇÇàÆÄÀÏÀÌ (¾ÆÆÄÄ¡¿Í ÇÔ²²) ÀÚµ¿À¸·Î ¸¸µé¾îÁø´Ù.<br />
¸ðµç°ÍÀ» ÄÄÆÄÀÏÇÑ ÈÄ <code>make install</code> ¸í·É¾î¸¦
½ÇÇàÇÏ¿© ¼³Ä¡ÇÒ ¼ö ÀÖ´Ù. ¹ÙÀ̳ʸ®ÆÄÀÏ <code>suexec</code>´Â
<code>--sbindir</code> ¿É¼ÇÀ¸·Î ÁöÁ¤ÇÑ µð·ºÅ丮¿¡ ¼³Ä¡µÈ´Ù.
±âº» À§Ä¡´Â "/usr/local/apache2/sbin/suexec"ÀÌ´Ù.<br />
¼³Ä¡ °úÁ¤¿¡ <strong><em>root ±ÇÇÑ</em></strong>ÀÌ ÇÊ¿äÇÔÀ»
ÁÖÀÇÇ϶ó. wrapper°¡ »ç¿ëÀÚ ID¸¦ ¼³Á¤ÇϱâÀ§Çؼ­´Â ¼ÒÀ¯ÀÚ°¡
<code><em>root</em></code>ÀÌ°í ÆÄÀϸðµå·Î setuserid ½ÇÇàºñÆ®°¡
¼³Á¤µÇ¾ß ÇÑ´Ù.</p>
<p><strong>ÆíÁýÁõÀûÀÎ ±ÇÇѼ³Á¤</strong><br />
suEXEC wrapper´Â ÀÚ½ÅÀ» ½ÇÇàÇÑ »ç¿ëÀÚ°¡ ±¸¼º ¿É¼Ç
<code>--with-suexec-caller</code>·Î ÁöÁ¤ÇÑ ¿Ã¹Ù¸¥ »ç¿ëÀÚÀÎÁö
È®ÀÎÀ» ÇÏÁö¸¸, ÀÌ °Ë»ç ÀÌÀü¿¡ suEXEC°¡ »ç¿ëÇÏ´Â ½Ã½ºÅÛÈ£Ãâ
ȤÀº ¶óÀ̺귯¸® ÇÔ¼ö°¡ Á¶À۵ǾúÀ» ¼ö ÀÖ´Ù. À̸¦ ´ëºñÇϸç
ÀϹÝÀûÀ¸·Î ÁÁÀº ½À°üÀ̹ǷΠ¿ÀÁ÷ ¾ÆÆÄÄ¡¸¦ ½ÇÇàÇÏ´Â ±×·ì¸¸ÀÌ
suEXEC¸¦ ½ÇÇàÇÒ ¼ö ÀÖµµ·Ï ÆÄÀϽýºÅÛ ±ÇÇÑÀ» ÁöÁ¤ÇØ¾ß ÇÑ´Ù.</p>
<p>¿¹¸¦ µé¾î, À¥¼­¹ö¸¦ ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇÏ°í:</p>
<example>
User www<br />
Group webgroup<br />
</example>
<p><code>suexec</code>¸¦ "/usr/local/apache2/sbin/suexec"¿¡
¼³Ä¡ÇÏ¿´´Ù¸é, ´ÙÀ½À» ½ÇÇàÇØ¾ß ÇÑ´Ù:</p>
<example>
chgrp webgroup /usr/local/apache2/bin/suexec<br />
chmod 4750 /usr/local/apache2/bin/suexec<br />
</example>
<p>±×·¯¸é ¿ÀÁ÷ ¾ÆÆÄÄ¡¸¦ ½ÇÇàÇÏ´Â ±×·ì¸¸ÀÌ suEXEC wrapper¸¦
½ÇÇàÇÒ ¼ö ÀÖ´Ù.</p>
</section>
<section id="enable"><title>suEXEC Å°°í ²ô±â</title>
<p>¾ÆÆÄÄ¡´Â ½ÃÀÛÇÒ¶§ <code>--sbindir</code> ¿É¼ÇÀ¸·Î ÁöÁ¤ÇÑ
µð·ºÅ丮¿¡¼­ <code>suexec</code> ÆÄÀÏÀ» (±âº»°ª
"/usr/local/apache2/sbin/suexec") ã´Â´Ù. ¾ÆÆÄÄ¡°¡
Á¤»óÀûÀ¸·Î ±¸¼ºµÈ suEXEC wrapper¸¦ ¹ß°ßÇÏ¸é ¿À·ù ·Î±×(error
log)¿¡ ´ÙÀ½°ú °°ÀÌ Ãâ·ÂÇÑ´Ù:</p>
<example>
[notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
</example>
<p>¼­¹ö ½ÃÀÛÁß¿¡ ÀÌ·± ¹®±¸¸¦ ¾ø´Ù¸é ¼­¹ö´Â ±â´ëÇÑ Àå¼Ò¿¡¼­
wrapper ÇÁ·Î±×·¥À» ãÁö ¸øÇ߰ųª, ½ÇÇàÆÄÀÏÀÌ <em>setuid
root</em>·Î ¼³Ä¡µÇÁö¾Ê¾Ò±â ¶§¹®ÀÏ °ÍÀÌ´Ù.</p>
<p>óÀ½À¸·Î suEXEC ±â´ÉÀ» »ç¿ëÇÏ°í ½Í°í ÀÌ¹Ì ¾ÆÆÄÄ¡ ¼­¹ö°¡
½ÇÇàÁßÀ̶ó¸é, ¾ÆÆÄÄ¡¸¦ Á×ÀÌ°í ´Ù½Ã ½ÃÀÛÇØ¾ß ÇÑ´Ù. °£´ÜÈ÷
HUPÀ̳ª USR1 ½Ã±×³Î·Î Àç½ÃÀÛÇÏ´Â °ÍÀ¸·Î´Â ÃæºÐÇÏÁö ¾Ê´Ù. </p>
<p>suEXEC¸¦ ¾È»ç¿ëÇÏ·Á¸é <code>suexec</code> ÆÄÀÏÀ» Áö¿îÈÄ
¾ÆÆÄÄ¡¸¦ Á×ÀÌ°í Àç½ÃÀÛÇØ¾ß ÇÑ´Ù. </p>
</section>
<section id="usage"><title>suEXEC »ç¿ëÇϱâ</title>
<p>CGI ÇÁ·Î±×·¥ ¿äûÀÇ °æ¿ì <directive
module="mod_suexec">SuexecUserGroup</directive> Áö½Ã¾î¸¦
»ç¿ëÇÑ °¡»óÈ£½ºÆ®¿¡ ¿äûÀ» ÇÏ¿´°Å³ª <module>mod_userdir</module>ÀÌ
¿äûÀ» ó¸®ÇÏ´Â °æ¿ì¿¡¸¸ suEXEC wrapper¸¦ È£ÃâÇÑ´Ù.</p>
<p><strong>°¡»óÈ£½ºÆ®:</strong><br /> suEXEC wrapper¸¦
»ç¿ëÇÏ´Â ÇÑ°¡Áö ¹æ¹ýÀº <directive
module="core">VirtualHost</directive> Á¤ÀÇ¿¡ <directive
module="mod_suexec">SuexecUserGroup</directive> Áö½Ã¾î¸¦
»ç¿ëÇÏ´Â °ÍÀÌ´Ù. ÀÌ Áö½Ã¾î¸¦ ÁÖ¼­¹ö »ç¿ëÀÚ ID¿Í ´Ù¸£°Ô
¼³Á¤Çϸé CGI ÀÚ¿øÀÇ ¸ðµç ¿äûÀÌ <directive
module="core" type="section">VirtualHost</directive>¿¡¼­
ÁöÁ¤ÇÑ <em>User</em>¿Í <em>Group</em>À¸·Î ½ÇÇàµÈ´Ù. ÀÌ
Áö½Ã¾îµéÀÌ <directive module="core"
type="section">VirtualHost</directive>¿¡ ¾øÀ¸¸é ÁÖ¼­¹ö
userid¸¦ »ç¿ëÇÑ´Ù.</p>
<p><strong>»ç¿ëÀÚ µð·ºÅ丮:</strong><br />
<module>mod_userdir</module>ÀÌ ¿äûÀ» ó¸®ÇÑ´Ù¸é suEXEC
wrapper¸¦ È£ÃâÇÏ¿©, ¿äûÇÑ »ç¿ëÀÚ µð·ºÅ丮¿¡ ÇØ´çÇÏ´Â »ç¿ëÀÚ
ID·Î CGI ÇÁ·Î±×·¥À» ½ÇÇàÇÑ´Ù. ÀÌ ±â´ÉÀÌ µ¿ÀÛÇÏ·Á¸é »ç¿ëÀÚ
ID·Î CGI¸¦ ½ÇÇàÇÒ ¼ö ÀÖ°í ½ºÅ©¸³Æ®°¡ À§ÀÇ <a href="#model">º¸¾È
°Ë»ç</a> Ç׸ñÀ» ¸¸Á·ÇØ¾ß ÇÑ´Ù. <a href="#install">±¸¼º
¿É¼Ç</a> <code>--with-suexec-userdir</code>À» Âü°íÇ϶ó.</p> </section>
<section id="debug"><title>suEXEC µð¹ö±ëÇϱâ</title>
<p>suEXEC wrapper´Â ·Î±× Á¤º¸¸¦ À§¿¡¼­ ´Ù·é
<code>--with-suexec-logfile</code> ¿É¼ÇÀ¸·Î ÁöÁ¤ÇÑ ÆÄÀÏ¿¡
¾´´Ù. wrapper¸¦ ¿Ã¹Ù·Î ±¸¼ºÇÏ°í ¼³Ä¡Çß´Ù¸é ¾îµð¼­ À߸øµÇ¾ú´ÂÁö
ÀÌ ·Î±×ÆÄÀÏ¿Í ¼­¹öÀÇ error_log¸¦ »ìÆìºÁ¶ó.</p>
</section>
<section id="jabberwock"><title>´Ù½Ã Çѹø Á¶½ÉÇ϶ó: °æ°í¿Í ¿¹Á¦</title>
<p><strong>ÁÖÀÇ!</strong> ÀÌ ¼½¼ÇÀº ¿ÏÀüÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù.
¾ÆÆÄÄ¡±×·ìÀÇ <a
href="http://httpd.apache.org/docs/&httpd.docs;/suexec.html">¿Â¶óÀÎ
¹®¼­</a>¿¡¼­ ÀÌ ¹®¼­ÀÇ ÃÖ½ÅÆÇÀ» Âü°íÇ϶ó.</p>
<p>wrapper°¡ ¼­¹ö ¼³Á¤À» Á¦¾àÇÏ´Â ¸î°¡Áö Èï¹Ì·Î¿î Á¡ÀÌ ÀÖ´Ù.
suEXEC¿Í °ü·ÃµÈ "¹ö±×"¸¦ º¸°íÇϱâ Àü¿¡ À̵éÀ» »ìÆ캸±æ ¹Ù¶õ´Ù.</p>
<ul>
<li><strong>suEXEC Á¦¾à »çÇ×</strong></li>
<li>
µð·ºÅ丮 ±¸Á¶ Á¦ÇÑ
<p class="indent">
º¸¾È°ú È¿À²¼ºÀ» À§ÇØ ¸ðµç suEXEC ¿äûÀº °¡»óÈ£½ºÆ®ÀÇ
°æ¿ì ÃÖ»óÀ§ document root ȤÀº userdir ¿äûÀÇ °æ¿ì
ÃÖ»óÀ§ °³ÀÎ document root ¾È¿¡¼­ ¹ß»ýÇØ¾ß ÇÑ´Ù. ¿¹¸¦
µé¾î, °¡»óÈ£½ºÆ® ³×°³¸¦ ¼³Á¤Çß´Ù¸é °¡»óÈ£½ºÆ®¿¡¼­
suEXEC¸¦ ÀÌ¿ëÇϱâÀ§ÇØ °¡»óÈ£½ºÆ®ÀÇ document root¸¦
ÁÖ ¾ÆÆÄÄ¡ ¹®¼­ °èÃþ±¸Á¶ ¹Û¿¡ ¼³Á¤ÇÒ ÇÊ¿ä°¡ ÀÖ´Ù.
(¿¹Á¦´Â ´ÙÀ½¿¡.)
</p>
</li>
<li>
suEXECÀÇ PATH ȯ°æº¯¼ö
<p class="indent">
º¯°æÇϸé À§ÇèÇÒ ¼ö ÀÖ´Ù. ¿©±â¿¡ Æ÷ÇÔÇÏ´Â ¸ðµç °æ·Î°¡
<strong>¹ÏÀ» ¼ö ÀÖ´Â</strong> µð·ºÅ丮ÀÎÁö È®ÀÎÇ϶ó.
ÀÌ Áö±¸»óÀÇ ´©±º°¡°¡ ±×°÷¿¡ ÀÖ´Â Æ®·ÎÀ̸ñ¸¶¸¦ ½ÇÇàÇϱæ
¿øÇÏÁö ¾ÊÀ» °ÍÀÌ´Ù.
</p>
</li>
<li>
suEXEC ÄÚµå ¼öÁ¤Çϱâ
<p class="indent">
¹Ýº¹Çؼ­ ¸»ÇÏÁö¸¸, ´ç½ÅÀÌ ¹«¾ùÀ» ÇÏ´ÂÁö ¸ð¸£°í ½ÃµµÇÑ´Ù¸é
<strong>Å« ¹®Á¦</strong>°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. ¾î¶² °æ¿ì¿¡µµ
¼öÁ¤ÇÏÁö¸¶¶ó.
</p>
</li>
</ul>
</section>
</manualpage>