The default value for this option is
PREFIX/share/htdocs
, where ‘PREFIX’ comes from the value of the
--prefix
option, explicit or implied.
--suexec-gidmin=gid
suexec
‘s restrictions is that the user it’sbeing asked to execute the script as mustn’t be considered ‘privileged.’ On
Linux and other Unix-like systems this generally means that it mustn’t be the
root
user, but suexec
takes this a step further andwill refuse to execute as any user with a group ID less than the value of this
option.
The default value for this option, if not specified, is
100
.
--suexec-logfile=filename
errors and successful invocations. It is opened and accessed as
root
, but closed before control is passed to the script.
The
default for this option is PREFIX/var/log/suexec_log
, where
‘PREFIX’ is the value from the --prefix
option.
--suexec-safepath=path-list
the script is invoked, but the default
PATH
is set to a known listof directories as well. This list is hard-coded at compile-time, and is defined
by this option.
The default value for --suexec-safepath
is
/usr/local/bin:/usr/bin:/bin
.
--suexec-uidmin=uid
--suexec-gidmin
option described earlier, thisoption is used to inform
suexec
of forbidden UID values. If arequest is made that would result in the execution of a script by a user with a
UID equal to or less than this value, the wrapper will log the fact and not
process the request. This foils things like a request for
~root/script
.
The default value for this option is
100
.
--suexec-umask=octal-umask
created by the script (if it doesn’t explicitly set them itself). The umask is
specified as a three-digit octal number indicating which permission bits should
not be set; see the description of the
umask(1)
command formore details.
If this option isn’t defined at compile-time, at run-time the
suexec
wrapper will inherit the umask setting from the parent
Apache server process.
--suexec-userdir=path
that
suexec
will use to find scripts for~username
-style URLs. This needs to match the setting of theUserDir
directive in your server configuration files.
Note:
suexec
can only handle simple subdirectory expressions. The
more complex pattern-handling capabilities of the mod_userdir
module (which implements the UserDir
directive) cannot be used
with the suexec
wrapper.
The default --suexec-userdir
setting is
public_html
.
If you want to change the location of the suexec
binary, you
can do so by adding a new definition of SUEXEC_BIN
to the
compilation flags:
% env CFLAGS="-Wall -DSUEXEC_BIN="/usr/local/web/apache/suexec"" > ./configure --enable-suexec ...You should be extremely cautious about changing other definitions, such as
HTTPD_ROOT
, however, sincesuexec
isn't the only part
of Apache that uses them.User IDs Suexec Will Use