From 065a64b3d254fd634205f3472e96a6e18a97faf8 Mon Sep 17 00:00:00 2001 From: dgaudet Date: Fri, 27 Jun 1997 03:02:14 +0000 Subject: [PATCH] Merge in all of the docs from HEAD, I'll clean it up a bit later. Reviewed by: Submitted by: Obtained from: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/unlabeled-1.11.2@78392 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/suexec.html.en | 313 +++++++++++++++++++------------------ 1 file changed, 157 insertions(+), 156 deletions(-) diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en index 7806bc8f55c..0157cd0c1b5 100644 --- a/docs/manual/suexec.html.en +++ b/docs/manual/suexec.html.en @@ -17,14 +17,15 @@

    - CONTENTS -
  1. What is suEXEC?
    2. -
  2. Before we begin.
    3. -
  3. suEXEC Security Model.
    4. -
  4. Configuring & Installing suEXEC
    5. -
  5. Enabling & Disabling suEXEC
    6. -
  6. Debugging suEXEC
    7. -
  7. Beware the Jabberwock: Warnings & Examples
    8. + CONTENTS +
  8. What is suEXEC?
    9. +
  9. Before we begin.
    10. +
  10. suEXEC Security Model.
    11. +
  11. Configuring & Installing suEXEC
    12. +
  12. Enabling & Disabling suEXEC
    13. +
  13. Debugging suEXEC
    14. +
  14. Beware the Jabberwock: Warnings & + Examples

@@ -119,124 +120,124 @@ user and group IDs under which the program is to execute. The wrapper then employs the following process to determine success or failure -- if any one of these conditions fail, the program logs the failure and exits with an error, otherwise it will continue: -
    -
  1. Was the wrapper called with the proper number of arguments? -
    - The wrapper will only execute if it is given the proper number of arguments. - The proper argument format is known to the Apache web server. If the wrapper - is not receiving the proper number of arguments, it is either being hacked, or - there is something wrong with the suEXEC portion of your Apache binary. -
    -
    2. -
  2. Is the user executing this wrapper a valid user of this system? -
    - This is to ensure that the user executing the wrapper is truly a user of the system. -
    -
    3. -
  3. Is this valid user allowed to run the wrapper? -
    - Is this user the user allowed to run this wrapper? Only one user (the Apache - user) is allowed to execute this program. -
    -
    4. -
  4. Does the target program have an unsafe hierarchical reference? -
    - Does the target program contain a leading '/' or have a '..' backreference? These - are not allowed; the target program must reside within the Apache webspace. -
    -
    5. -
  5. Is the target user name valid? -
    - Does the target user exist? -
    -
    6. -
  6. Is the target group name valid? -
    - Does the target group exist? -
    -
    7. -
  7. Is the target user NOT superuser? -
    - Presently, suEXEC does not allow 'root' to execute CGI/SSI programs. -
    -
    8. -
  8. Is the target userid ABOVE the minimum ID number? -
    - The minimum user ID number is specified during configuration. This allows you - to set the lowest possible userid that will be allowed to execute CGI/SSI programs. - This is useful to block out "system" accounts. -
    -
    9. -
  9. Is the target group NOT the superuser group? -
    - Presently, suEXEC does not allow the 'root' group to execute CGI/SSI programs. -
    -
    10. -
  10. Is the target groupid ABOVE the minimum ID number? -
    - The minimum group ID number is specified during configuration. This allows you - to set the lowest possible groupid that will be allowed to execute CGI/SSI programs. - This is useful to block out "system" groups. -
    -
    11. -
  11. Can the wrapper successfully become the target user and group? -
    - Here is where the program becomes the target user and group via setuid and setgid - calls. The group access list is also initialized with all of the groups of which - the user is a member. -
    -
    12. -
  12. Does the directory in which the program resides exist? -
    - If it doesn't exist, it can't very well contain files. -
    -
    13. -
  13. Is the directory within the Apache webspace? -
    - If the request is for a regular portion of the server, is the requested directory - within the server's document root? If the request is for a UserDir, is the requested - directory within the user's document root? -
    -
    14. -
  14. Is the directory NOT writable by anyone else? -
    - We don't want to open up the directory to others; only the owner user may be able - to alter this directories contents. -
    -
    15. -
  15. Does the target program exist? -
    - If it doesn't exists, it can't very well be executed. -
    -
    16. -
  16. Is the target program NOT writable by anyone else? -
    - We don't want to give anyone other than the owner the ability to change the program. -
    -
    17. -
  17. Is the target program NOT setuid or setgid? -
    - We do not want to execute programs that will then change our UID/GID again. -
    -
    18. -
  18. Is the target user/group the same as the program's user/group? -
    - Is the user the owner of the file? -
    -
    19. -
  19. Can we successfully clean the process environment to ensure safe operations? -
    - suEXEC cleans the process' environment by establishing a safe execution PATH (defined - during configuration), as well as only passing through those variables whose names - are listed in the safe environment list (also created during configuration). -
    -
    20. -
  20. Can we successfully become the target program and execute? -
    - Here is where suEXEC ends and the target program begins. -
    -
    21. -
+
    +
  1. Was the wrapper called with the proper number of arguments? +
    + The wrapper will only execute if it is given the proper number of arguments. + The proper argument format is known to the Apache web server. If the wrapper + is not receiving the proper number of arguments, it is either being hacked, or + there is something wrong with the suEXEC portion of your Apache binary. +
    +
    2. +
  2. Is the user executing this wrapper a valid user of this system? +
    + This is to ensure that the user executing the wrapper is truly a user of the system. +
    +
    3. +
  3. Is this valid user allowed to run the wrapper? +
    + Is this user the user allowed to run this wrapper? Only one user (the Apache + user) is allowed to execute this program. +
    +
    4. +
  4. Does the target program have an unsafe hierarchical reference? +
    + Does the target program contain a leading '/' or have a '..' backreference? These + are not allowed; the target program must reside within the Apache webspace. +
    +
    5. +
  5. Is the target user name valid? +
    + Does the target user exist? +
    +
    6. +
  6. Is the target group name valid? +
    + Does the target group exist? +
    +
    7. +
  7. Is the target user NOT superuser? +
    + Presently, suEXEC does not allow 'root' to execute CGI/SSI programs. +
    +
    8. +
  8. Is the target userid ABOVE the minimum ID number? +
    + The minimum user ID number is specified during configuration. This allows you + to set the lowest possible userid that will be allowed to execute CGI/SSI programs. + This is useful to block out "system" accounts. +
    +
    9. +
  9. Is the target group NOT the superuser group? +
    + Presently, suEXEC does not allow the 'root' group to execute CGI/SSI programs. +
    +
    10. +
  10. Is the target groupid ABOVE the minimum ID number? +
    + The minimum group ID number is specified during configuration. This allows you + to set the lowest possible groupid that will be allowed to execute CGI/SSI programs. + This is useful to block out "system" groups. +
    +
    11. +
  11. Can the wrapper successfully become the target user and group? +
    + Here is where the program becomes the target user and group via setuid and setgid + calls. The group access list is also initialized with all of the groups of which + the user is a member. +
    +
    12. +
  12. Does the directory in which the program resides exist? +
    + If it doesn't exist, it can't very well contain files. +
    +
    13. +
  13. Is the directory within the Apache webspace? +
    + If the request is for a regular portion of the server, is the requested directory + within the server's document root? If the request is for a UserDir, is the requested + directory within the user's document root? +
    +
    14. +
  14. Is the directory NOT writable by anyone else? +
    + We don't want to open up the directory to others; only the owner user may be able + to alter this directories contents. +
    +
    15. +
  15. Does the target program exist? +
    + If it doesn't exists, it can't very well be executed. +
    +
    16. +
  16. Is the target program NOT writable by anyone else? +
    + We don't want to give anyone other than the owner the ability to change the program. +
    +
    17. +
  17. Is the target program NOT setuid or setgid? +
    + We do not want to execute programs that will then change our UID/GID again. +
    +
    18. +
  18. Is the target user/group the same as the program's user/group? +
    + Is the user the owner of the file? +
    +
    19. +
  19. Can we successfully clean the process environment to ensure safe operations? +
    + suEXEC cleans the process' environment by establishing a safe execution PATH (defined + during configuration), as well as only passing through those variables whose names + are listed in the safe environment list (also created during configuration). +
    +
    20. +
  20. Can we successfully become the target program and execute? +
    + Here is where suEXEC ends and the target program begins. +
    +
    21. +

@@ -257,7 +258,7 @@ section of this document. BACK TO CONTENTS

-

Configuring & Installing suEXEC

+

Configuring & Installing suEXEC

Here's where we begin the fun. The configuration and installation of suEXEC is a four step process: edit the suEXEC header file, compile suEXEC, place the @@ -396,7 +397,7 @@ user shell, do so now and execute the following commands. BACK TO CONTENTS

-

Enabling & Disabling suEXEC

+

Enabling & Disabling suEXEC

After properly installing the suexec wrapper executable, you must kill and restart the Apache server. A simple @@ -454,7 +455,7 @@ and the error_log for the server to see where you may have gone astray. BACK TO CONTENTS

-

Beware the Jabberwock: Warnings & Examples

+

Beware the Jabberwock: Warnings & Examples

NOTE! This section may not be complete. For the latest revision of this section of the documentation, see the Apache Group's @@ -467,33 +468,33 @@ There are a few points of interest regarding the wrapper that can cause limitations on server setup. Please review these before submitting any "bugs" regarding suEXEC.

-- 2.47.2