How to use Suexec with Apache2 ?

Discussion in 'Apache' started by kernings, Jan 27, 2008.

0
  1. #1
    Hello guys

    I'm trying to use Suexec in my computer. I've installed apache with default settings (so Suexec is installed with my emerge Apache , Gentoo) .

    My settings on /etc/conf.d/apache2
    
# SUEXEC Enables running CGI scripts (in USERDIR) through suexec.
# USERDIR Enables /~username mapping to /home/username/public_html
#
APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D SSL -D SSL_DEFAULT_VHOST -D SUEXEC -D PHP5 -D USERDIR "
    Code (markup):
    When I'm restarting my apache, I've the correct line on my log who indicate Suexec is running well :
    
[Sat Jan 26 15:33:39 2008] [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7i PHP/5.2.5-pl0-gentoo configur$
[Sat Jan 26 15:41:44 2008] [notice] caught SIGTERM, shutting down
[Sat Jan 26 15:41:46 2008] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Jan 26 15:41:47 2008] [notice] Digest: generating secret for digest authentication ...
[Sat Jan 26 15:41:47 2008] [notice] Digest: done
    Code (markup):
    I create an user
    /usr/sbin/useradd evolv -m -s /bin/bash

    In /var/www/evolv/public_html folder, I create php file with :
    "<?php echo "user: ".exec('whoami');?>"

    My vhost below :
    <VirtualHost *:80>
ServerAdmin webmaster@evolv.com
DocumentRoot /var/www/evolv/public_html
ServerName www.evolv.com
ServerAlias evolv.com
SuexecUserGroup evolv evolv
CustomLog /var/log/apache2/evolv-web-access_log combined
ErrorLog /var/log/apache2/evolv-web-error_log
<Directory />
AllowOverride All
Options FollowSymLinks -Indexes Includes ExecCGI
</Directory>
</VirtualHost>
    Code (markup):
    # suexec -V
-D AP_DOC_ROOT="/var/www"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/apache2/suexec_log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_SUEXEC_UMASK=077
-D AP_UID_MIN=1000
-D AP_USERDIR_SUFFIX="public_html"
    Code (markup):
    SuexecUserGroup is well using because, if I changed anything in this line, I have an error when I'm restarting apache. So, no error on apache restart, but always : "user: apache"! What's wrong ?

    Sorry for my poor english :eek: , I'm french!

    Thanks all
    Bye
     
    kernings, Jan 27, 2008 IP
  2. Dolbz

    Dolbz Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Are you using mod_php or php as CGI. suexec only works for php as CGI.

    mod_php is loaded as part of apache and therefore is the apache user. It's a tradeoff between security and speed. If it's your own box there's not so much to be worried about so don't need suexec.
     
    Dolbz, Jan 30, 2008 IP