[OpenIndiana-discuss] recompile apache2 suexec how to?

Jim Klimov jimklimov at cos.ru
Sat Dec 1 11:48:38 UTC 2012 

On 2012-12-01 12:32, carl brunning wrote:
> Thank for the update
> All of apache is working but the modular suexec that is in /usr/apache2/2.2.bin is the only thing that wrong
> Seem apaches has hardcode the path in it and the instruction every were is to recompile that
> So don't need to do the whole apache.
>
> But if i can get to compile the latest version of apache then it be worth it
>
> But last time i compile that was on linux and am sure apache2.2 was done using sun compile not gcc.
> So not sure how much need to be change to get apache to compile using gcc

IIRC "suexec" is a standalone executable binary with the setuid bit set
(in POSIX FS attrs). So if you want a drop-in replacement, you can pick
the same version of Apache sources as are used in the package and just
compile (with whatever compiler) and copy over the suexec program.

I hope this would work =)

Also, don't the webserver settings (DocumentRoot, UserDir) provide
the behavior you need with the existing binary?

 From http://httpd.apache.org/docs/2.2/suexec.html :

--with-suexec-userdir=DIR
Define to be the subdirectory under users' home directories where suEXEC 
access should be allowed. All executables under this directory will be 
executable by suEXEC as the user so they should be "safe" programs. If 
you are using a "simple" UserDir directive (ie. one without a "*" in it) 
this should be set to the same value. suEXEC will not work properly in 
cases where the UserDir directive points to a location that is not the 
same as the user's home directory as referenced in the passwd file. 
Default value is "public_html".
If you have virtual hosts with a different UserDir for each, you will 
need to define them to all reside in one parent directory; then name 
that parent directory here. If this is not defined properly, "~userdir" 
cgi requests will not work!

--with-suexec-docroot=DIR
Define as the DocumentRoot set for Apache. This will be the only 
hierarchy (aside from UserDirs) that can be used for suEXEC behavior. 
The default directory is the --datadir value with the suffix "/htdocs", 
e.g. if you configure with "--datadir=/home/apache" the directory 
"/home/apache/htdocs" is used as document root for the suEXEC wrapper.

//Jim

More information about the OpenIndiana-discuss mailing list