Merge in all of the docs from HEAD, I'll clean it up a bit later.
Reviewed by:
Submitted by:
Obtained from:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/unlabeled-1.11.2@78392 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en
index 7806bc8..0157cd0 100644
--- a/docs/manual/suexec.html.en
+++ b/docs/manual/suexec.html.en
@@ -17,14 +17,15 @@
<P ALIGN="LEFT">
<OL>
- <LH><BIG><STRONG>CONTENTS</STRONG></BIG></LH>
- <LI><A HREF="#what">What is suEXEC?</A></LI>
- <LI><A HREF="#before">Before we begin.</A></LI>
- <LI><A HREF="#model">suEXEC Security Model.</A></LI>
- <LI><A HREF="#install">Configuring & Installing suEXEC</A></LI>
- <LI><A HREF="#enable">Enabling & Disabling suEXEC</A></LI>
- <LI><A HREF="#debug">Debugging suEXEC</A></LI>
- <LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings & Examples</A></LI>
+ <LH><BIG><STRONG>CONTENTS</STRONG></BIG></LH>
+ <LI><A HREF="#what">What is suEXEC?</A></LI>
+ <LI><A HREF="#before">Before we begin.</A></LI>
+ <LI><A HREF="#model">suEXEC Security Model.</A></LI>
+ <LI><A HREF="#install">Configuring & Installing suEXEC</A></LI>
+ <LI><A HREF="#enable">Enabling & Disabling suEXEC</A></LI>
+ <LI><A HREF="#debug">Debugging suEXEC</A></LI>
+ <LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings &
+ Examples</A></LI>
</OL>
</P>
@@ -119,124 +120,124 @@
The wrapper then employs the following process to determine success or
failure -- if any one of these conditions fail, the program logs the failure
and exits with an error, otherwise it will continue:
- <OL>
- <LI><STRONG>Was the wrapper called with the proper number of arguments?</STRONG>
- <BLOCKQUOTE>
- The wrapper will only execute if it is given the proper number of arguments.
- The proper argument format is known to the Apache web server. If the wrapper
- is not receiving the proper number of arguments, it is either being hacked, or
- there is something wrong with the suEXEC portion of your Apache binary.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the user executing this wrapper a valid user of this system?</STRONG>
- <BLOCKQUOTE>
- This is to ensure that the user executing the wrapper is truly a user of the system.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is this valid user allowed to run the wrapper?</STRONG>
- <BLOCKQUOTE>
- Is this user the user allowed to run this wrapper? Only one user (the Apache
- user) is allowed to execute this program.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Does the target program have an unsafe hierarchical reference?</STRONG>
- <BLOCKQUOTE>
- Does the target program contain a leading '/' or have a '..' backreference? These
- are not allowed; the target program must reside within the Apache webspace.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target user name valid?</STRONG>
- <BLOCKQUOTE>
- Does the target user exist?
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target group name valid?</STRONG>
- <BLOCKQUOTE>
- Does the target group exist?
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target user <EM>NOT</EM> superuser?</STRONG>
- <BLOCKQUOTE>
- Presently, suEXEC does not allow 'root' to execute CGI/SSI programs.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target userid <EM>ABOVE</EM> the minimum ID number?</STRONG>
- <BLOCKQUOTE>
- The minimum user ID number is specified during configuration. This allows you
- to set the lowest possible userid that will be allowed to execute CGI/SSI programs.
- This is useful to block out "system" accounts.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target group <EM>NOT</EM> the superuser group?</STRONG>
- <BLOCKQUOTE>
- Presently, suEXEC does not allow the 'root' group to execute CGI/SSI programs.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target groupid <EM>ABOVE</EM> the minimum ID number?</STRONG>
- <BLOCKQUOTE>
- The minimum group ID number is specified during configuration. This allows you
- to set the lowest possible groupid that will be allowed to execute CGI/SSI programs.
- This is useful to block out "system" groups.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Can the wrapper successfully become the target user and group?</STRONG>
- <BLOCKQUOTE>
- Here is where the program becomes the target user and group via setuid and setgid
- calls. The group access list is also initialized with all of the groups of which
- the user is a member.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Does the directory in which the program resides exist?</STRONG>
- <BLOCKQUOTE>
- If it doesn't exist, it can't very well contain files.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the directory within the Apache webspace?</STRONG>
- <BLOCKQUOTE>
- If the request is for a regular portion of the server, is the requested directory
- within the server's document root? If the request is for a UserDir, is the requested
- directory within the user's document root?
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the directory <EM>NOT</EM> writable by anyone else?</STRONG>
- <BLOCKQUOTE>
- We don't want to open up the directory to others; only the owner user may be able
- to alter this directories contents.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Does the target program exist?</STRONG>
- <BLOCKQUOTE>
- If it doesn't exists, it can't very well be executed.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target program <EM>NOT</EM> writable by anyone else?</STRONG>
- <BLOCKQUOTE>
- We don't want to give anyone other than the owner the ability to change the program.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target program <EM>NOT</EM> setuid or setgid?</STRONG>
- <BLOCKQUOTE>
- We do not want to execute programs that will then change our UID/GID again.
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Is the target user/group the same as the program's user/group?</STRONG>
- <BLOCKQUOTE>
- Is the user the owner of the file?
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Can we successfully clean the process environment to ensure safe operations?</STRONG>
- <BLOCKQUOTE>
- suEXEC cleans the process' environment by establishing a safe execution PATH (defined
- during configuration), as well as only passing through those variables whose names
- are listed in the safe environment list (also created during configuration).
- </BLOCKQUOTE>
- </LI>
- <LI><STRONG>Can we successfully become the target program and execute?</STRONG>
- <BLOCKQUOTE>
- Here is where suEXEC ends and the target program begins.
- </BLOCKQUOTE>
- </LI>
- </OL>
+ <OL>
+ <LI><STRONG>Was the wrapper called with the proper number of arguments?</STRONG>
+ <BLOCKQUOTE>
+ The wrapper will only execute if it is given the proper number of arguments.
+ The proper argument format is known to the Apache web server. If the wrapper
+ is not receiving the proper number of arguments, it is either being hacked, or
+ there is something wrong with the suEXEC portion of your Apache binary.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the user executing this wrapper a valid user of this system?</STRONG>
+ <BLOCKQUOTE>
+ This is to ensure that the user executing the wrapper is truly a user of the system.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is this valid user allowed to run the wrapper?</STRONG>
+ <BLOCKQUOTE>
+ Is this user the user allowed to run this wrapper? Only one user (the Apache
+ user) is allowed to execute this program.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Does the target program have an unsafe hierarchical reference?</STRONG>
+ <BLOCKQUOTE>
+ Does the target program contain a leading '/' or have a '..' backreference? These
+ are not allowed; the target program must reside within the Apache webspace.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target user name valid?</STRONG>
+ <BLOCKQUOTE>
+ Does the target user exist?
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target group name valid?</STRONG>
+ <BLOCKQUOTE>
+ Does the target group exist?
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target user <EM>NOT</EM> superuser?</STRONG>
+ <BLOCKQUOTE>
+ Presently, suEXEC does not allow 'root' to execute CGI/SSI programs.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target userid <EM>ABOVE</EM> the minimum ID number?</STRONG>
+ <BLOCKQUOTE>
+ The minimum user ID number is specified during configuration. This allows you
+ to set the lowest possible userid that will be allowed to execute CGI/SSI programs.
+ This is useful to block out "system" accounts.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target group <EM>NOT</EM> the superuser group?</STRONG>
+ <BLOCKQUOTE>
+ Presently, suEXEC does not allow the 'root' group to execute CGI/SSI programs.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target groupid <EM>ABOVE</EM> the minimum ID number?</STRONG>
+ <BLOCKQUOTE>
+ The minimum group ID number is specified during configuration. This allows you
+ to set the lowest possible groupid that will be allowed to execute CGI/SSI programs.
+ This is useful to block out "system" groups.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Can the wrapper successfully become the target user and group?</STRONG>
+ <BLOCKQUOTE>
+ Here is where the program becomes the target user and group via setuid and setgid
+ calls. The group access list is also initialized with all of the groups of which
+ the user is a member.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Does the directory in which the program resides exist?</STRONG>
+ <BLOCKQUOTE>
+ If it doesn't exist, it can't very well contain files.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the directory within the Apache webspace?</STRONG>
+ <BLOCKQUOTE>
+ If the request is for a regular portion of the server, is the requested directory
+ within the server's document root? If the request is for a UserDir, is the requested
+ directory within the user's document root?
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the directory <EM>NOT</EM> writable by anyone else?</STRONG>
+ <BLOCKQUOTE>
+ We don't want to open up the directory to others; only the owner user may be able
+ to alter this directories contents.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Does the target program exist?</STRONG>
+ <BLOCKQUOTE>
+ If it doesn't exists, it can't very well be executed.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target program <EM>NOT</EM> writable by anyone else?</STRONG>
+ <BLOCKQUOTE>
+ We don't want to give anyone other than the owner the ability to change the program.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target program <EM>NOT</EM> setuid or setgid?</STRONG>
+ <BLOCKQUOTE>
+ We do not want to execute programs that will then change our UID/GID again.
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Is the target user/group the same as the program's user/group?</STRONG>
+ <BLOCKQUOTE>
+ Is the user the owner of the file?
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Can we successfully clean the process environment to ensure safe operations?</STRONG>
+ <BLOCKQUOTE>
+ suEXEC cleans the process' environment by establishing a safe execution PATH (defined
+ during configuration), as well as only passing through those variables whose names
+ are listed in the safe environment list (also created during configuration).
+ </BLOCKQUOTE>
+ </LI>
+ <LI><STRONG>Can we successfully become the target program and execute?</STRONG>
+ <BLOCKQUOTE>
+ Here is where suEXEC ends and the target program begins.
+ </BLOCKQUOTE>
+ </LI>
+ </OL>
</P>
<P ALIGN="LEFT">
@@ -257,7 +258,7 @@
<STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
</P>
-<H3><A NAME="install">Configuring & Installing suEXEC</A></H3>
+<H3><A NAME="install">Configuring & Installing suEXEC</A></H3>
<P ALIGN="LEFT">
Here's where we begin the fun. The configuration and installation of suEXEC is
a four step process: edit the suEXEC header file, compile suEXEC, place the
@@ -396,7 +397,7 @@
<STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
</P>
-<H3><A NAME="enable">Enabling & Disabling suEXEC</A></H3>
+<H3><A NAME="enable">Enabling & Disabling suEXEC</A></H3>
<P ALIGN="LEFT">
After properly installing the <STRONG>suexec</STRONG> wrapper
executable, you must kill and restart the Apache server. A simple
@@ -454,7 +455,7 @@
<STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
</P>
-<H3><A NAME="jabberwock">Beware the Jabberwock: Warnings & Examples</A></H3>
+<H3><A NAME="jabberwock">Beware the Jabberwock: Warnings & Examples</A></H3>
<P ALIGN="LEFT">
<STRONG>NOTE!</STRONG> This section may not be complete. For the latest
revision of this section of the documentation, see the Apache Group's
@@ -467,33 +468,33 @@
limitations on server setup. Please review these before submitting any
"bugs" regarding suEXEC.
<UL>
- <LH><STRONG>suEXEC Points Of Interest</STRONG></LH>
- <LI>Hierarchy limitations
- <BLOCKQUOTE>
- For security and efficiency reasons, all suexec requests must
- remain within either a top-level document root for virtual
- host requests, or one top-level personal document root for
- userdir requests. For example, if you have four VirtualHosts
- configured, you would need to structure all of your VHosts'
- document roots off of one main Apache document hierarchy to
- take advantage of suEXEC for VirtualHosts. (Example forthcoming.)
- </BLOCKQUOTE>
- </LI>
- <LI>suEXEC's PATH environment variable
- <BLOCKQUOTE>
- This can be a dangerous thing to change. Make certain every
- path you include in this define is a <STRONG>trusted</STRONG>
- directory. You don't want to open people up to having someone
- from across the world running a trojan horse on them.
- </BLOCKQUOTE>
- </LI>
- <LI>Altering the suEXEC code
- <BLOCKQUOTE>
- Again, this can cause <STRONG>Big Trouble</STRONG> if you try
- this without knowing what you are doing. Stay away from it
- if at all possible.
- </BLOCKQUOTE>
- </LI>
+ <LH><STRONG>suEXEC Points Of Interest</STRONG></LH>
+ <LI>Hierarchy limitations
+ <BLOCKQUOTE>
+ For security and efficiency reasons, all suexec requests must
+ remain within either a top-level document root for virtual
+ host requests, or one top-level personal document root for
+ userdir requests. For example, if you have four VirtualHosts
+ configured, you would need to structure all of your VHosts'
+ document roots off of one main Apache document hierarchy to
+ take advantage of suEXEC for VirtualHosts. (Example forthcoming.)
+ </BLOCKQUOTE>
+ </LI>
+ <LI>suEXEC's PATH environment variable
+ <BLOCKQUOTE>
+ This can be a dangerous thing to change. Make certain every
+ path you include in this define is a <STRONG>trusted</STRONG>
+ directory. You don't want to open people up to having someone
+ from across the world running a trojan horse on them.
+ </BLOCKQUOTE>
+ </LI>
+ <LI>Altering the suEXEC code
+ <BLOCKQUOTE>
+ Again, this can cause <STRONG>Big Trouble</STRONG> if you try
+ this without knowing what you are doing. Stay away from it
+ if at all possible.
+ </BLOCKQUOTE>
+ </LI>
</UL>
<P ALIGN="CENTER">
