*) suEXEC: Add Suexec directive to disable suEXEC without renaming the
binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On).
Submitted by: trawick
Reviewed by: covener, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1070639 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) suEXEC: Add Suexec directive to disable suEXEC without renaming the
+ binary (Suexec Off), or force startup failure if suEXEC is required
+ but not supported (Suexec On). [Jeff Trawick]
+
*) mod_proxy: Put the worker in error state if the SSL handshake with the
backend fails. PR 50332.
[Daniel Ruggeri <DRuggeri primary.net>, Ruediger Pluem]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * suEXEC: Add Suexec directive to disable suEXEC without renaming the
- binary (Suexec Off), or force startup failure if suEXEC is required
- but not supported (Suexec On).
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1033519
- Simpler 2.2.x patch: http://people.apache.org/~trawick/suexec-2.2.txt
- (unlike trunk, a) doesn't cause startup to fail if SuexecUserGroup
- coded but suEXEC disabled, and b) doesn't add field to unixd structure
- with reason string for why suEXEC is disabled)
- Plz consider where doc for directive should go. Patch has it in core, as
- enabling/disabling the basic capability is not split out into mod_unixd 2.2.x.
- +1: trawick, covener, wrowe
-
* mod_authn_file: Log friendly error message if AuthUserFile is not set.
Trunk version of patch:
http://svn.apache.org/viewcvs.cgi?rev=1070096&view=rev
<seealso><a href="../filter.html">Filters</a> documentation</seealso>
</directivesynopsis>
+<directivesynopsis>
+<name>Suexec</name>
+<description>Enable or disable the suEXEC feature</description>
+<syntax>Suexec On|Off</syntax>
+<default>On if suexec binary exists with proper owner and mode,
+Off otherwise</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>Available in Apache httpd 2.2.18 and later</compatibility>
+
+<usage>
+ <p>When On, startup will fail if the suexec binary doesn't exist
+ or has an invalid owner or file mode.</p>
+ <p>When Off, suEXEC will be disabled even if the suexec binary exists
+ and has a valid owner and file mode.</p>
+</usage>
+</directivesynopsis>
+
<directivesynopsis>
<name>TimeOut</name>
<description>Amount of time the server will wait for
</example>
</usage>
-
+<seealso><directive module="core">Suexec</directive></seealso>
</directivesynopsis>
</modulesynopsis>
return NULL;
}
+AP_DECLARE(const char *) unixd_set_suexec(cmd_parms *cmd, void *dummy,
+ int arg)
+{
+ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+ if (err != NULL) {
+ return err;
+ }
+
+ if (!unixd_config.suexec_enabled && arg) {
+ return "suEXEC isn't supported; check existence, owner, and "
+ "file mode of " SUEXEC_BIN;
+ }
+
+ unixd_config.suexec_enabled = arg;
+ return NULL;
+}
+
AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp)
{
apr_finfo_t wrapper;
const char *arg, const char * arg2, int type);
#endif
+AP_DECLARE(const char *) unixd_set_suexec(cmd_parms *cmd, void *dummy,
+ int arg);
+
/**
* One of the functions to set mutex permissions should be called in
* the parent process on platforms that switch identity when the
#endif
AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
"'on' (default), 'off' or 'extended' to trace request body content"),
+#ifdef SUEXEC_BIN
+AP_INIT_FLAG("Suexec", unixd_set_suexec, NULL, RSRC_CONF,
+ "Enable or disable suEXEC support"),
+#endif
{ NULL }
};
projects / thirdparty / apache / httpd.git / commitdiff
