Merge in all of the docs from HEAD, I'll clean it up a bit later.unlabeled-1.11.2

Reviewed by:
Submitted by:
Obtained from:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/unlabeled-1.11.2@78392 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 157 insertions, 156 deletions

diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en
index 7806bc8f55..0157cd0c1b 100644
--- a/docs/manual/suexec.html.en
+++ b/docs/manual/suexec.html.en
@@ -17,14 +17,15 @@
 
 <P ALIGN="LEFT">
 <OL>
-	<LH><BIG><STRONG>CONTENTS</STRONG></BIG></LH>
-	<LI><A HREF="#what">What is suEXEC?</A></LI>
-	<LI><A HREF="#before">Before we begin.</A></LI>
-	<LI><A HREF="#model">suEXEC Security Model.</A></LI>
-	<LI><A HREF="#install">Configuring & Installing suEXEC</A></LI>
-	<LI><A HREF="#enable">Enabling & Disabling suEXEC</A></LI>
-	<LI><A HREF="#debug">Debugging suEXEC</A></LI>
-	<LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings & Examples</A></LI>
+        <LH><BIG><STRONG>CONTENTS</STRONG></BIG></LH>
+        <LI><A HREF="#what">What is suEXEC?</A></LI>
+        <LI><A HREF="#before">Before we begin.</A></LI>
+        <LI><A HREF="#model">suEXEC Security Model.</A></LI>
+        <LI><A HREF="#install">Configuring &amp; Installing suEXEC</A></LI>
+        <LI><A HREF="#enable">Enabling &amp; Disabling suEXEC</A></LI>
+        <LI><A HREF="#debug">Debugging suEXEC</A></LI>
+        <LI><A HREF="#jabberwock">Beware the Jabberwock: Warnings &amp;
+         Examples</A></LI> 
 </OL>
 </P>
 
@@ -119,124 +120,124 @@ user and group IDs under which the program is to execute.
 The wrapper then employs the following process to determine success or
 failure -- if any one of these conditions fail, the program logs the failure
 and exits with an error, otherwise it will continue:
-	<OL>
-	<LI><STRONG>Was the wrapper called with the proper number of arguments?</STRONG>
-	<BLOCKQUOTE>
-	The wrapper will only execute if it is given the proper number of arguments.
-	The proper argument format is known to the Apache web server.  If the wrapper
-	is not receiving the proper number of arguments, it is either being hacked, or
-	there is something wrong with the suEXEC portion of your Apache binary.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the user executing this wrapper a valid user of this system?</STRONG>
-	<BLOCKQUOTE>
-	This is to ensure that the user executing the wrapper is truly a user of the system.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is this valid user allowed to run the wrapper?</STRONG>
-	<BLOCKQUOTE>
-	Is this user the user allowed to run this wrapper?  Only one user (the Apache
-	user) is allowed to execute this program.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Does the target program have an unsafe hierarchical reference?</STRONG>
-	<BLOCKQUOTE>
-	Does the target program contain a leading '/' or have a '..' backreference?  These
-	are not allowed; the target program must reside within the Apache webspace.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target user name valid?</STRONG>
-	<BLOCKQUOTE>
-	Does the target user exist?
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target group name valid?</STRONG>
-	<BLOCKQUOTE>
-	Does the target group exist?
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target user <EM>NOT</EM> superuser?</STRONG>
-	<BLOCKQUOTE>
-	Presently, suEXEC does not allow 'root' to execute CGI/SSI programs.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target userid <EM>ABOVE</EM> the minimum ID number?</STRONG>
-	<BLOCKQUOTE>
-	The minimum user ID number is specified during configuration.  This allows you
-	to set the lowest possible userid that will be allowed to execute CGI/SSI programs.
-	This is useful to block out "system" accounts.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target group <EM>NOT</EM> the superuser group?</STRONG>
-	<BLOCKQUOTE>
-	Presently, suEXEC does not allow the 'root' group to execute CGI/SSI programs.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target groupid <EM>ABOVE</EM> the minimum ID number?</STRONG>
-	<BLOCKQUOTE>
-	The minimum group ID number is specified during configuration.  This allows you
-	to set the lowest possible groupid that will be allowed to execute CGI/SSI programs.
-	This is useful to block out "system" groups.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Can the wrapper successfully become the target user and group?</STRONG>
-	<BLOCKQUOTE>
-	Here is where the program becomes the target user and group via setuid and setgid
-	calls.  The group access list is also initialized with all of the groups of which
-	the user is a member.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Does the directory in which the program resides exist?</STRONG>
-	<BLOCKQUOTE>
-	If it doesn't exist, it can't very well contain files.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the directory within the Apache webspace?</STRONG>
-	<BLOCKQUOTE>
-	If the request is for a regular portion of the server, is the requested directory
-	within the server's document root?  If the request is for a UserDir, is the requested
-	directory within the user's document root?
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the directory <EM>NOT</EM> writable by anyone else?</STRONG>
-	<BLOCKQUOTE>
-	We don't want to open up the directory to others; only the owner user may be able
-	to alter this directories contents.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Does the target program exist?</STRONG>
-	<BLOCKQUOTE>
-	If it doesn't exists, it can't very well be executed.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target program <EM>NOT</EM> writable by anyone else?</STRONG>
-	<BLOCKQUOTE>
-	We don't want to give anyone other than the owner the ability to change the program.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target program <EM>NOT</EM> setuid or setgid?</STRONG>
-	<BLOCKQUOTE>
-	We do not want to execute programs that will then change our UID/GID again.
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Is the target user/group the same as the program's user/group?</STRONG>
-	<BLOCKQUOTE>
-	Is the user the owner of the file?
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Can we successfully clean the process environment to ensure safe operations?</STRONG>
-	<BLOCKQUOTE>
-	suEXEC cleans the process' environment by establishing a safe execution PATH (defined
-	during configuration), as well as only passing through those variables whose names
-	are listed in the safe environment list (also created during configuration).
-	</BLOCKQUOTE>
-	</LI>
-	<LI><STRONG>Can we successfully become the target program and execute?</STRONG>
-	<BLOCKQUOTE>
-	Here is where suEXEC ends and the target program begins.
-	</BLOCKQUOTE>
-	</LI>
-	</OL>
+        <OL>
+        <LI><STRONG>Was the wrapper called with the proper number of arguments?</STRONG>
+        <BLOCKQUOTE>
+        The wrapper will only execute if it is given the proper number of arguments.
+        The proper argument format is known to the Apache web server.  If the wrapper
+        is not receiving the proper number of arguments, it is either being hacked, or
+        there is something wrong with the suEXEC portion of your Apache binary.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the user executing this wrapper a valid user of this system?</STRONG>
+        <BLOCKQUOTE>
+        This is to ensure that the user executing the wrapper is truly a user of the system.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is this valid user allowed to run the wrapper?</STRONG>
+        <BLOCKQUOTE>
+        Is this user the user allowed to run this wrapper?  Only one user (the Apache
+        user) is allowed to execute this program.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Does the target program have an unsafe hierarchical reference?</STRONG>
+        <BLOCKQUOTE>
+        Does the target program contain a leading '/' or have a '..' backreference?  These
+        are not allowed; the target program must reside within the Apache webspace.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target user name valid?</STRONG>
+        <BLOCKQUOTE>
+        Does the target user exist?
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target group name valid?</STRONG>
+        <BLOCKQUOTE>
+        Does the target group exist?
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target user <EM>NOT</EM> superuser?</STRONG>
+        <BLOCKQUOTE>
+        Presently, suEXEC does not allow 'root' to execute CGI/SSI programs.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target userid <EM>ABOVE</EM> the minimum ID number?</STRONG>
+        <BLOCKQUOTE>
+        The minimum user ID number is specified during configuration.  This allows you
+        to set the lowest possible userid that will be allowed to execute CGI/SSI programs.
+        This is useful to block out "system" accounts.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target group <EM>NOT</EM> the superuser group?</STRONG>
+        <BLOCKQUOTE>
+        Presently, suEXEC does not allow the 'root' group to execute CGI/SSI programs.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target groupid <EM>ABOVE</EM> the minimum ID number?</STRONG>
+        <BLOCKQUOTE>
+        The minimum group ID number is specified during configuration.  This allows you
+        to set the lowest possible groupid that will be allowed to execute CGI/SSI programs.
+        This is useful to block out "system" groups.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Can the wrapper successfully become the target user and group?</STRONG>
+        <BLOCKQUOTE>
+        Here is where the program becomes the target user and group via setuid and setgid
+        calls.  The group access list is also initialized with all of the groups of which
+        the user is a member.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Does the directory in which the program resides exist?</STRONG>
+        <BLOCKQUOTE>
+        If it doesn't exist, it can't very well contain files.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the directory within the Apache webspace?</STRONG>
+        <BLOCKQUOTE>
+        If the request is for a regular portion of the server, is the requested directory
+        within the server's document root?  If the request is for a UserDir, is the requested
+        directory within the user's document root?
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the directory <EM>NOT</EM> writable by anyone else?</STRONG>
+        <BLOCKQUOTE>
+        We don't want to open up the directory to others; only the owner user may be able
+        to alter this directories contents.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Does the target program exist?</STRONG>
+        <BLOCKQUOTE>
+        If it doesn't exists, it can't very well be executed.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target program <EM>NOT</EM> writable by anyone else?</STRONG>
+        <BLOCKQUOTE>
+        We don't want to give anyone other than the owner the ability to change the program.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target program <EM>NOT</EM> setuid or setgid?</STRONG>
+        <BLOCKQUOTE>
+        We do not want to execute programs that will then change our UID/GID again.
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Is the target user/group the same as the program's user/group?</STRONG>
+        <BLOCKQUOTE>
+        Is the user the owner of the file?
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Can we successfully clean the process environment to ensure safe operations?</STRONG>
+        <BLOCKQUOTE>
+        suEXEC cleans the process' environment by establishing a safe execution PATH (defined
+        during configuration), as well as only passing through those variables whose names
+        are listed in the safe environment list (also created during configuration).
+        </BLOCKQUOTE>
+        </LI>
+        <LI><STRONG>Can we successfully become the target program and execute?</STRONG>
+        <BLOCKQUOTE>
+        Here is where suEXEC ends and the target program begins.
+        </BLOCKQUOTE>
+        </LI>
+        </OL>
 </P>
 
 <P ALIGN="LEFT">
@@ -257,7 +258,7 @@ section of this document.
 <STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
 </P>
 
-<H3><A NAME="install">Configuring & Installing suEXEC</A></H3>
+<H3><A NAME="install">Configuring &amp; Installing suEXEC</A></H3>
 <P ALIGN="LEFT">
 Here's where we begin the fun.  The configuration and installation of suEXEC is
 a four step process: edit the suEXEC header file, compile suEXEC, place the
@@ -396,7 +397,7 @@ user shell, do so now and execute the following commands.
 <STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
 </P>
 
-<H3><A NAME="enable">Enabling & Disabling suEXEC</A></H3>
+<H3><A NAME="enable">Enabling &amp; Disabling suEXEC</A></H3>
 <P ALIGN="LEFT">
 After properly installing the <STRONG>suexec</STRONG> wrapper
 executable, you must kill and restart the Apache server.  A simple
@@ -454,7 +455,7 @@ and the error_log for the server to see where you may have gone astray.
 <STRONG><A HREF="suexec.html">BACK TO CONTENTS</A></STRONG>
 </P>
 
-<H3><A NAME="jabberwock">Beware the Jabberwock: Warnings & Examples</A></H3>
+<H3><A NAME="jabberwock">Beware the Jabberwock: Warnings &amp; Examples</A></H3>
 <P ALIGN="LEFT">
 <STRONG>NOTE!</STRONG>  This section may not be complete.  For the latest
 revision of this section of the documentation, see the Apache Group's
@@ -467,33 +468,33 @@ There are a few points of interest regarding the wrapper that can cause
 limitations on server setup.  Please review these before submitting any
 "bugs" regarding suEXEC.
 <UL>
-	<LH><STRONG>suEXEC Points Of Interest</STRONG></LH>
-	<LI>Hierarchy limitations
-	<BLOCKQUOTE>
-	For security and efficiency reasons, all suexec requests must
-	remain within either a top-level document root for virtual
-	host requests, or one top-level personal document root for
-	userdir requests.  For example, if you have four VirtualHosts
-	configured, you would need to structure all of your VHosts'
-	document roots off of one main Apache document hierarchy to
-	take advantage of suEXEC for VirtualHosts. (Example forthcoming.)
-	</BLOCKQUOTE>
-	</LI>
-	<LI>suEXEC's PATH environment variable
-	<BLOCKQUOTE>
-	This can be a dangerous thing to change.  Make certain every
-	path you include in this define is a <STRONG>trusted</STRONG>
-	directory.  You don't want to open people up to having someone
-	from across the world running a trojan horse on them.
-	</BLOCKQUOTE>
-	</LI>
-	<LI>Altering the suEXEC code
-	<BLOCKQUOTE>
-	Again, this can cause <STRONG>Big Trouble</STRONG> if you try
-	this without knowing what you are doing.  Stay away from it
-	if at all possible.
-	</BLOCKQUOTE>
-	</LI>
+        <LH><STRONG>suEXEC Points Of Interest</STRONG></LH>
+        <LI>Hierarchy limitations
+        <BLOCKQUOTE>
+        For security and efficiency reasons, all suexec requests must
+        remain within either a top-level document root for virtual
+        host requests, or one top-level personal document root for
+        userdir requests.  For example, if you have four VirtualHosts
+        configured, you would need to structure all of your VHosts'
+        document roots off of one main Apache document hierarchy to
+        take advantage of suEXEC for VirtualHosts. (Example forthcoming.)
+        </BLOCKQUOTE>
+        </LI>
+        <LI>suEXEC's PATH environment variable
+        <BLOCKQUOTE>
+        This can be a dangerous thing to change.  Make certain every
+        path you include in this define is a <STRONG>trusted</STRONG>
+        directory.  You don't want to open people up to having someone
+        from across the world running a trojan horse on them.
+        </BLOCKQUOTE>
+        </LI>
+        <LI>Altering the suEXEC code
+        <BLOCKQUOTE>
+        Again, this can cause <STRONG>Big Trouble</STRONG> if you try
+        this without knowing what you are doing.  Stay away from it
+        if at all possible.
+        </BLOCKQUOTE>
+        </LI>
 </UL>
 
 <P ALIGN="CENTER">