| View previous topic :: View next topic |
| Author |
Message |
tokka
Tux's lil' helper
Joined: 11 Sep 2004
Posts: 99
|
 Posted: Mon Dec 06, 2004 8:25 pm Post subject: Rebuilding Apache for SuExec |
 |
|
Hi
I've been using Gentoo for a couple of months, first in as a test, and I now have 5 dual opteron servers running very happily.
A bog standard install of Gentoo is all that I have needed so far, but I now need to set up a new server to use Virtualmin.
So it has dawned on me that I haven't the faintest idea of what the right way to change compile time options using portage is:)
The way I have just been trying it is to make changes to the ebuild - is that right?
OK, the virtualmin docs tell me that I should add:
| Code: | | --with-suexec-docroot=/home \ |
Looking in the ebuild there is an obvious place where this should go:
| Code: | SSL_BASE="SYSTEM" \
WANT_AUTOCONF_2_5=1 WANT_AUTOCONF=2.5
./configure \
--with-suexec-safepath="/usr/local/bin:/usr/bin:/bin" \
--with-suexec-logfile=/var/log/apache2/suexec_log \
--with-suexec-bin=/usr/sbin/suexec2 \
--with-suexec-userdir=${USERDIR} \
--with-suexec-caller=apache \
--with-suexec-docroot=/home \
--with-suexec-uidmin=100 \
--with-suexec-gidmin=100 \
--with-suexec-umask=077 \
--enable-suexec=shared \ |
But this is slap bang in the middle of a chunk that seems to deal with SSL - I'm not using SLL, so will this even be included at compile time?
I've tried it, and just am getting a 403 Forbidden when calling a script in the cgi-bin folder, so not even an error I associate with suexec:)
So... what is the best way to add the suexec functionality I need to apache2 on Gentoo using portage?
Thanks |
|
| Back to top |
|
 |
rev138
l33t
Joined: 19 Jun 2003
Posts: 848
Location: Vermont, USA
|
| Posted: Mon Dec 22, 2008 3:27 am Post subject: |
|
|
Apologies for resurrecting an ancient thread, but I'm experiencing the exact same issue.
Any ideas in the intervening 4 years?
_________________
Vermont Free PC
http://www.vtfreepc.org |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5947
|
| Posted: Mon Dec 22, 2008 6:09 am Post subject: |
|
|
did you add the suexec use flag (for apache)?
cheers
_________________
| Neddyseagoon wrote: | | The problem with leaving is that you can only do it once and it reduces your influence. |
banned from #gentoo since sept 2017 |
|
| Back to top |
|
|
rev138
l33t
Joined: 19 Jun 2003
Posts: 848
Location: Vermont, USA
|
| Posted: Mon Dec 22, 2008 1:08 pm Post subject: |
|
|
Yes. That's not the issue.
_________________
Vermont Free PC
http://www.vtfreepc.org |
|
| Back to top |
|
|
rev138
l33t
Joined: 19 Jun 2003
Posts: 848
Location: Vermont, USA
|
| Posted: Mon Dec 22, 2008 2:07 pm Post subject: |
|
|
AHA!
| Code: |
>>> Emerging (1 of 1) www-servers/apache-2.2.9-r1 to /
* httpd-2.2.9.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ]
* gentoo-apache-2.2.9-r1-20080829.tar.bz2 RMD160 SHA1 SHA256 size ;-) ... [ ok ]
* checking ebuild checksums ;-) ... [ ok ]
* checking auxfile checksums ;-) ... [ ok ]
* checking miscfile checksums ;-) ... [ ok ]
* checking httpd-2.2.9.tar.bz2 ;-) ... [ ok ]
* checking gentoo-apache-2.2.9-r1-20080829.tar.bz2 ;-) ... [ ok ]
*
* Selected default MPM: prefork
*
* You can manipulate several configure options of suexec
* through the following environment variables:
*
* SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)
* SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)
* SUEXEC_CALLER: Name of the user Apache is running as (default: apache)
* SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)
* SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)
* SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)
* SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)
* SUEXEC_UMASK: Umask for the suexec process (default: 077)
|
_________________
Vermont Free PC
http://www.vtfreepc.org |
|
| Back to top |
|
|
Pol
Tux's lil' helper
Joined: 01 May 2003
Posts: 113
|
| Posted: Thu Apr 09, 2009 10:21 am Post subject: |
|
|
I tried to do:
| Code: |
export SUEXEC_DOCROOT=/home
emerge apache
|
and I still get it under /var/www
Any idea ? |
|
| Back to top |
|
|
Treovo
Tux's lil' helper
Joined: 30 Mar 2004
Posts: 88
|
| Posted: Sun Jul 12, 2009 11:14 am Post subject: |
|
|
I have encountered the same problem. If you want to change the default docroot for suexec (for example if you want to use webmin or virtualmain...) I think you should
| Code: | export SUEXEC_DOCROOT="your_docroot_dir"
emerge apache |
But I am not sure about the use of the above first command as I have also done the following:
| Code: | | EXTRA_ECONF="--with-suexec-docroot=my_favorite_docroot_dir" emerge apache |
You might try the first solution and check if it works by running suexec -V.
Anyway, whichever solution was the right one it worked for me and suexec -V reports:
| Code: | -D AP_DOC_ROOT="/home"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="apache"
-D AP_LOG_EXEC="/var/log/apache2/suexec_log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_SUEXEC_UMASK=077
-D AP_UID_MIN=1000
-D AP_USERDIR_SUFFIX="public_html"
|
Just added this in case someone is still stuck with this suexec docroot issue or trying to use virtualmin under gentoo.
_________________
.: Free your mind and your ass will follow :. |
|
| Back to top |
|
|
|
Networking & Security
