* docs/manual/: Commit XML for suexec changes + re-transform; thanks to nd@.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1342078 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en
index a34c13f04d0954dd87577735c5965308f5e20f55..4ca8f0946525859b550efade088da0d142158f94 100644 (file)
--- a/docs/manual/suexec.html.en
+++ b/docs/manual/suexec.html.en
@@ -665,4 +665,4 @@ if (typeof(prettyPrint) !== 'undefined') {
     prettyPrint();
 }
 //--><!]]></script>
-</body></html>
+</body></html>
\ No newline at end of file

diff --git a/docs/manual/suexec.xml b/docs/manual/suexec.xml
index f78f598f3c66eeeb2b2d604bb16b564962b98c2f..b089e3f1fa9b51d3881eed553da925620d00c7e8 100644 (file)
--- a/docs/manual/suexec.xml
+++ b/docs/manual/suexec.xml
@@ -359,6 +359,21 @@
       together with the <code>--enable-suexec</code> option to let
       APACI accept your request for using the suEXEC feature.</dd>
 
+      <dt><code>--enable-suexec-capabilities</code></dt>
+
+      <dd><strong>Linux specific:</strong> Normally,
+      the <code>suexec</code> binary is installed "setuid/setgid
+      root", which allows it to run with the full privileges of the
+      root user.  If this option is used, the <code>suexec</code>
+      binary will instead be installed with only the setuid/setgid
+      "capability" bits set, which is the subset of full root
+      priviliges required for suexec operation.  Note that
+      the <code>suexec</code> binary may not be able to write to a log
+      file in this mode; it is recommended that the
+      <code>--with-suexec-syslog --without-suexec-logfile</code>
+      options are used in conjunction with this mode, so that syslog
+      logging is used instead.</dd>
+
       <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
 
       <dd>The path to the <code>suexec</code> binary must be hard-coded
@@ -423,6 +438,12 @@
       "<code>suexec_log</code>" and located in your standard logfile
       directory (<code>--logfiledir</code>).</dd>
 
+      <dt><code>--with-suexec-syslog</code></dt>
+
+      <dd>If defined, suexec will log notices and errors to syslog
+      instead of a logfile.  This option must be combined
+      with <code>--without-suexec-logfile</code>.</dd>
+
       <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
 
       <dd>Define a safe PATH environment to pass to CGI
@@ -544,9 +565,12 @@ Group webgroup
 
     <p>The suEXEC wrapper will write log information
     to the file defined with the <code>--with-suexec-logfile</code>
-    option as indicated above. If you feel you have configured and
-    installed the wrapper properly, have a look at this log and the
-    error_log for the server to see where you may have gone astray.</p>
+    option as indicated above, or to syslog if <code>--with-suexec-syslog</code>
+    is used. If you feel you have configured and
+    installed the wrapper properly, have a look at the log and the
+    error_log for the server to see where you may have gone astray. 
+    The output of <code>"suexec -V"</code> will show the options
+    used to compile suexec, if using a binary distribution.</p>
 
 </section>