diff options
author | Yoshiki Hayashi <yoshiki@apache.org> | 2002-05-22 10:22:40 +0000 |
---|---|---|
committer | Yoshiki Hayashi <yoshiki@apache.org> | 2002-05-22 10:22:40 +0000 |
commit | f897e63cf5a213bec32245558cf47aa8cd1b3a07 (patch) | |
tree | 056ba7cba9328c7135e9aea230cb379bc67e3220 /docs | |
parent | ee677e797ad2d35e0391160bd5ba1494ae40e2dc (diff) | |
download | httpd-f897e63cf5a213bec32245558cf47aa8cd1b3a07.tar.gz |
New Japanese translation. Forward port from 1.3.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95214 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
-rw-r--r-- | docs/manual/suexec.html | 620 | ||||
-rw-r--r-- | docs/manual/suexec.html.ja.jis | 613 |
2 files changed, 613 insertions, 620 deletions
diff --git a/docs/manual/suexec.html b/docs/manual/suexec.html deleted file mode 100644 index 0448c942ec..0000000000 --- a/docs/manual/suexec.html +++ /dev/null @@ -1,620 +0,0 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml"> - <head> - <meta name="generator" content="HTML Tidy, see www.w3.org" /> - - <title>Apache suEXEC Support</title> - </head> - <!-- Background white, links blue (unvisited), navy (visited), red (active) --> - - <body bgcolor="#FFFFFF" text="#000000" link="#0000FF" - vlink="#000080" alink="#FF0000"> - <!--#include virtual="header.html" --> - - <h1 align="CENTER">Apache suEXEC Support</h1> - - <ol> - <li><big><strong>CONTENTS</strong></big></li> - - <li><a href="#what">What is suEXEC?</a></li> - - <li><a href="#before">Before we begin.</a></li> - - <li><a href="#model">suEXEC Security Model.</a></li> - - <li><a href="#install">Configuring & Installing - suEXEC</a></li> - - <li><a href="#enable">Enabling & Disabling - suEXEC</a></li> - - <li><a href="#usage">Using suEXEC</a></li> - - <li><a href="#debug">Debugging suEXEC</a></li> - - <li><a href="#jabberwock">Beware the Jabberwock: Warnings - & Examples</a></li> - </ol> - <br /> - <br /> - - - <h3><a id="what" name="what">What is suEXEC?</a></h3> - - <p align="LEFT">The <strong>suEXEC</strong> feature -- - introduced in Apache 1.2 -- provides Apache users the ability - to run <strong>CGI</strong> and <strong>SSI</strong> programs - under user IDs different from the user ID of the calling - web-server. Normally, when a CGI or SSI program executes, it - runs as the same user who is running the web server.</p> - - <p align="LEFT">Used properly, this feature can reduce - considerably the security risks involved with allowing users to - develop and run private CGI or SSI programs. However, if suEXEC - is improperly configured, it can cause any number of problems - and possibly create new holes in your computer's security. If - you aren't familiar with managing setuid root programs and the - security issues they present, we highly recommend that you not - consider using suEXEC.</p> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="before" name="before">Before we begin.</a></h3> - - <p align="LEFT">Before jumping head-first into this document, - you should be aware of the assumptions made on the part of the - Apache Group and this document.</p> - - <p align="LEFT">First, it is assumed that you are using a UNIX - derivate operating system that is capable of - <strong>setuid</strong> and <strong>setgid</strong> operations. - All command examples are given in this regard. Other platforms, - if they are capable of supporting suEXEC, may differ in their - configuration.</p> - - <p align="LEFT">Second, it is assumed you are familiar with - some basic concepts of your computer's security and its - administration. This involves an understanding of - <strong>setuid/setgid</strong> operations and the various - effects they may have on your system and its level of - security.</p> - - <p align="LEFT">Third, it is assumed that you are using an - <strong>unmodified</strong> version of suEXEC code. All code - for suEXEC has been carefully scrutinized and tested by the - developers as well as numerous beta testers. Every precaution - has been taken to ensure a simple yet solidly safe base of - code. Altering this code can cause unexpected problems and new - security risks. It is <strong>highly</strong> recommended you - not alter the suEXEC code unless you are well versed in the - particulars of security programming and are willing to share - your work with the Apache Group for consideration.</p> - - <p align="LEFT">Fourth, and last, it has been the decision of - the Apache Group to <strong>NOT</strong> make suEXEC part of - the default installation of Apache. To this end, suEXEC - configuration requires of the administrator careful attention - to details. After due consideration has been given to the - various settings for suEXEC, the administrator may install - suEXEC through normal installation methods. The values for - these settings need to be carefully determined and specified by - the administrator to properly maintain system security during - the use of suEXEC functionality. It is through this detailed - process that the Apache Group hopes to limit suEXEC - installation only to those who are careful and determined - enough to use it.</p> - - <p align="LEFT">Still with us? Yes? Good. Let's move on!</p> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="model" name="model">suEXEC Security Model</a></h3> - - <p align="LEFT">Before we begin configuring and installing - suEXEC, we will first discuss the security model you are about - to implement. By doing so, you may better understand what - exactly is going on inside suEXEC and what precautions are - taken to ensure your system's security.</p> - - <p align="LEFT"><strong>suEXEC</strong> is based on a setuid - "wrapper" program that is called by the main Apache web server. - This wrapper is called when an HTTP request is made for a CGI - or SSI program that the administrator has designated to run as - a userid other than that of the main server. When such a - request is made, Apache provides the suEXEC wrapper with the - program's name and the user and group IDs under which the - program is to execute.</p> - - <p align="LEFT">The wrapper then employs the following process - to determine success or failure -- if any one of these - conditions fail, the program logs the failure and exits with an - error, otherwise it will continue:</p> - - <ol> - <li> - <strong>Was the wrapper called with the proper number of - arguments?</strong> - - <blockquote> - The wrapper will only execute if it is given the proper - number of arguments. The proper argument format is known - to the Apache web server. If the wrapper is not receiving - the proper number of arguments, it is either being - hacked, or there is something wrong with the suEXEC - portion of your Apache binary. - </blockquote> - </li> - - <li> - <strong>Is the user executing this wrapper a valid user of - this system?</strong> - - <blockquote> - This is to ensure that the user executing the wrapper is - truly a user of the system. - </blockquote> - </li> - - <li> - <strong>Is this valid user allowed to run the - wrapper?</strong> - - <blockquote> - Is this user the user allowed to run this wrapper? Only - one user (the Apache user) is allowed to execute this - program. - </blockquote> - </li> - - <li> - <strong>Does the target program have an unsafe hierarchical - reference?</strong> - - <blockquote> - Does the target program contain a leading '/' or have a - '..' backreference? These are not allowed; the target - program must reside within the Apache webspace. - </blockquote> - </li> - - <li> - <strong>Is the target user name valid?</strong> - - <blockquote> - Does the target user exist? - </blockquote> - </li> - - <li> - <strong>Is the target group name valid?</strong> - - <blockquote> - Does the target group exist? - </blockquote> - </li> - - <li> - <strong>Is the target user <em>NOT</em> superuser?</strong> - - - <blockquote> - Presently, suEXEC does not allow 'root' to execute - CGI/SSI programs. - </blockquote> - </li> - - <li> - <strong>Is the target userid <em>ABOVE</em> the minimum ID - number?</strong> - - <blockquote> - The minimum user ID number is specified during - configuration. This allows you to set the lowest possible - userid that will be allowed to execute CGI/SSI programs. - This is useful to block out "system" accounts. - </blockquote> - </li> - - <li> - <strong>Is the target group <em>NOT</em> the superuser - group?</strong> - - <blockquote> - Presently, suEXEC does not allow the 'root' group to - execute CGI/SSI programs. - </blockquote> - </li> - - <li> - <strong>Is the target groupid <em>ABOVE</em> the minimum ID - number?</strong> - - <blockquote> - The minimum group ID number is specified during - configuration. This allows you to set the lowest possible - groupid that will be allowed to execute CGI/SSI programs. - This is useful to block out "system" groups. - </blockquote> - </li> - - <li> - <strong>Can the wrapper successfully become the target user - and group?</strong> - - <blockquote> - Here is where the program becomes the target user and - group via setuid and setgid calls. The group access list - is also initialized with all of the groups of which the - user is a member. - </blockquote> - </li> - - <li> - <strong>Does the directory in which the program resides - exist?</strong> - - <blockquote> - If it doesn't exist, it can't very well contain files. - </blockquote> - </li> - - <li> - <strong>Is the directory within the Apache - webspace?</strong> - - <blockquote> - If the request is for a regular portion of the server, is - the requested directory within the server's document - root? If the request is for a UserDir, is the requested - directory within the user's document root? - </blockquote> - </li> - - <li> - <strong>Is the directory <em>NOT</em> writable by anyone - else?</strong> - - <blockquote> - We don't want to open up the directory to others; only - the owner user may be able to alter this directories - contents. - </blockquote> - </li> - - <li> - <strong>Does the target program exist?</strong> - - <blockquote> - If it doesn't exists, it can't very well be executed. - </blockquote> - </li> - - <li> - <strong>Is the target program <em>NOT</em> writable by - anyone else?</strong> - - <blockquote> - We don't want to give anyone other than the owner the - ability to change the program. - </blockquote> - </li> - - <li> - <strong>Is the target program <em>NOT</em> setuid or - setgid?</strong> - - <blockquote> - We do not want to execute programs that will then change - our UID/GID again. - </blockquote> - </li> - - <li> - <strong>Is the target user/group the same as the program's - user/group?</strong> - - <blockquote> - Is the user the owner of the file? - </blockquote> - </li> - - <li> - <strong>Can we successfully clean the process environment - to ensure safe operations?</strong> - - <blockquote> - suEXEC cleans the process' environment by establishing a - safe execution PATH (defined during configuration), as - well as only passing through those variables whose names - are listed in the safe environment list (also created - during configuration). - </blockquote> - </li> - - <li> - <strong>Can we successfully become the target program and - execute?</strong> - - <blockquote> - Here is where suEXEC ends and the target program begins. - </blockquote> - </li> - </ol> - <br /> - <br /> - - - <p align="LEFT">This is the standard operation of the the - suEXEC wrapper's security model. It is somewhat stringent and - can impose new limitations and guidelines for CGI/SSI design, - but it was developed carefully step-by-step with security in - mind.</p> - - <p align="LEFT">For more information as to how this security - model can limit your possibilities in regards to server - configuration, as well as what security risks can be avoided - with a proper suEXEC setup, see the <a - href="#jabberwock">"Beware the Jabberwock"</a> section of this - document.</p> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="install" name="install">Configuring & Installing - suEXEC</a></h3> - - <p align="LEFT">Here's where we begin the fun. If you use - Apache 1.2 or prefer to configure Apache 1.3 with the - "<code>src/Configure</code>" script you have to edit the suEXEC - header file and install the binary in its proper location - manually. The following sections describe the configuration and - installation for Apache 1.3 with the AutoConf-style interface - (APACI).</p> - - <p align="LEFT"><strong>APACI's suEXEC configuration - options</strong><br /> - </p> - - <dl> - <dt><code>--enable-suexec</code></dt> - - <dd>This option enables the suEXEC feature which is never - installed or activated by default. At least one - --with-suexec-xxxxx option has to be provided together with the - --enable-suexec option to let APACI accept your request for - using the suEXEC feature.</dd> - - <dt><code>--with-suexec-caller=<em>UID</em></code></dt> - - <dd>The <a href="mod/mpm_common.html#user">username</a> under which - Apache normally runs. This is the only user allowed to - execute this program.</dd> - - <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt> - - <dd>Define as the DocumentRoot set for Apache. This will be - the only hierarchy (aside from UserDirs) that can be used for - suEXEC behavior. The default directory is the --datadir value - with the suffix "/htdocs", <em>e.g.</em> if you configure - with "<code>--datadir=/home/apache</code>" the directory - "/home/apache/htdocs" is used as document root for the suEXEC - wrapper.</dd> - - <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt> - - <dd>This defines the filename to which all suEXEC - transactions and errors are logged (useful for auditing and - debugging purposes). By default the logfile is named - "suexec_log" and located in your standard logfile directory - (--logfiledir).</dd> - - <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt> - - <dd>Define to be the subdirectory under users' home - directories where suEXEC access should be allowed. All - executables under this directory will be executable by suEXEC - as the user so they should be "safe" programs. If you are - using a "simple" UserDir directive (ie. one without a "*" in - it) this should be set to the same value. suEXEC will not - work properly in cases where the UserDir directive points to - a location that is not the same as the user's home directory - as referenced in the passwd file. Default value is - "public_html".<br /> - If you have virtual hosts with a different UserDir for each, - you will need to define them to all reside in one parent - directory; then name that parent directory here. <strong>If - this is not defined properly, "~userdir" cgi requests will - not work!</strong></dd> - - <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt> - - <dd>Define this as the lowest UID allowed to be a target user - for suEXEC. For most systems, 500 or 100 is common. Default - value is 100.</dd> - - <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt> - - <dd>Define this as the lowest GID allowed to be a target - group for suEXEC. For most systems, 100 is common and - therefore used as default value.</dd> - - <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> - - <dd>Define a safe PATH environment to pass to CGI - executables. Default value is - "/usr/local/bin:/usr/bin:/bin".</dd> - </dl> - <br /> - <br /> - - - <p align="LEFT"><strong>Checking your suEXEC - setup</strong><br /> - Before you compile and install the suEXEC wrapper you can - check the configuration with the --layout option.<br /> - Example output:</p> -<pre> - suEXEC setup: - suexec binary: /usr/local/apache/sbin/suexec - document root: /usr/local/apache/share/htdocs - userdir suffix: public_html - logfile: /usr/local/apache/var/log/suexec_log - safe path: /usr/local/bin:/usr/bin:/bin - caller ID: www - minimum user ID: 100 - minimum group ID: 100 -</pre> - <br /> - <br /> - - - <p align="LEFT"><strong>Compiling and installing the suEXEC - wrapper</strong><br /> - If you have enabled the suEXEC feature with the - --enable-suexec option the suexec binary (together with Apache - itself) is automatically built if you execute the command - "make".<br /> - After all components have been built you can execute the - command "make install" to install them. The binary image - "suexec" is installed in the directory defined by the --sbindir - option. Default location is - "/usr/local/apache/sbin/suexec".<br /> - Please note that you need <strong><em>root - privileges</em></strong> for the installation step. In order - for the wrapper to set the user ID, it must be installed as - owner <code><em>root</em></code> and must have the setuserid - execution bit set for file modes.</p> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="enable" name="enable">Enabling & Disabling - suEXEC</a></h3> - - <p align="LEFT">Upon startup of Apache, it looks for the file - "suexec" in the "sbin" directory (default is - "/usr/local/apache/sbin/suexec"). If Apache finds a properly - configured suEXEC wrapper, it will print the following message - to the error log:</p> -<pre> - [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>) -</pre> - If you don't see this message at server startup, the server is - most likely not finding the wrapper program where it expects - it, or the executable is not installed <em>setuid root</em>. - <br /> - If you want to enable the suEXEC mechanism for the first time - and an Apache server is already running you must kill and - restart Apache. Restarting it with a simple HUP or USR1 signal - will not be enough. <br /> - If you want to disable suEXEC you should kill and restart - Apache after you have removed the "suexec" file. <br /> - <br /> - - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="usage" name="usage">Using suEXEC</a></h3> - - <p align="LEFT"><strong>Virtual Hosts:</strong><br /> - One way to use the suEXEC wrapper is through the <a - href="mod/mpm_common.html#user">User</a> and <a - href="mod/mpm_common.html#group">Group</a> directives in <a - href="mod/core.html#virtualhost">VirtualHost</a> definitions. - By setting these directives to values different from the main - server user ID, all requests for CGI resources will be executed - as the <em>User</em> and <em>Group</em> defined for that - <code><VirtualHost></code>. If only one or neither of - these directives are specified for a - <code><VirtualHost></code> then the main server userid is - assumed.</p> - - <p><strong>User directories:</strong><br /> - The suEXEC wrapper can also be used to execute CGI programs as - the user to which the request is being directed. This is - accomplished by using the "<strong><code>~</code></strong>" - character prefixing the user ID for whom execution is desired. - The only requirement needed for this feature to work is for CGI - execution to be enabled for the user and that the script must - meet the scrutiny of the <a href="#model">security checks</a> - above.</p> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="debug" name="debug">Debugging suEXEC</a></h3> - - <p align="LEFT">The suEXEC wrapper will write log information - to the file defined with the --with-suexec-logfile option as - indicated above. If you feel you have configured and installed - the wrapper properly, have a look at this log and the error_log - for the server to see where you may have gone astray.</p> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - - <h3><a id="jabberwock" name="jabberwock">Beware the Jabberwock: - Warnings & Examples</a></h3> - - <p align="LEFT"><strong>NOTE!</strong> This section may not be - complete. For the latest revision of this section of the - documentation, see the Apache Group's <a - href="http://www.apache.org/docs/suexec.html">Online - Documentation</a> version.</p> - - <p align="LEFT">There are a few points of interest regarding - the wrapper that can cause limitations on server setup. Please - review these before submitting any "bugs" regarding suEXEC.</p> - - <ul> - <li><strong>suEXEC Points Of Interest</strong></li> - - <li> - Hierarchy limitations - - <blockquote> - For security and efficiency reasons, all suexec requests - must remain within either a top-level document root for - virtual host requests, or one top-level personal document - root for userdir requests. For example, if you have four - VirtualHosts configured, you would need to structure all - of your VHosts' document roots off of one main Apache - document hierarchy to take advantage of suEXEC for - VirtualHosts. (Example forthcoming.) - </blockquote> - </li> - - <li> - suEXEC's PATH environment variable - - <blockquote> - This can be a dangerous thing to change. Make certain - every path you include in this define is a - <strong>trusted</strong> directory. You don't want to - open people up to having someone from across the world - running a trojan horse on them. - </blockquote> - </li> - - <li> - Altering the suEXEC code - - <blockquote> - Again, this can cause <strong>Big Trouble</strong> if you - try this without knowing what you are doing. Stay away - from it if at all possible. - </blockquote> - </li> - </ul> - - <p align="CENTER"><strong><a href="suexec.html">BACK TO - CONTENTS</a></strong></p> - <!--#include virtual="footer.html" --> - </body> -</html> - diff --git a/docs/manual/suexec.html.ja.jis b/docs/manual/suexec.html.ja.jis new file mode 100644 index 0000000000..70b2ee33e3 --- /dev/null +++ b/docs/manual/suexec.html.ja.jis @@ -0,0 +1,613 @@ +<?xml version="1.0" encoding="iso-2022-jp"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja"> + <head> + + <title>Apache suEXEC Support</title> + + </head> + <!-- English revision: 1.27 --> + <!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <body bgcolor="#ffffff" text="#000000" link="#0000ff" + vlink="#000080" alink="#ff0000"> + <!--#include virtual="header.html" --> + + <h1 align="center">Apache suEXEC Support</h1> + + <ol> + + <li><big><strong>$BL\<!(B</strong></big></li> + + <li><a href="#what">suEXEC $B$H$O(B?</a></li> + + <li><a href="#before">$B;O$a$kA0$K(B</a></li> + + <li><a href="#model">suEXEC $B$N%;%-%e%j%F%#%b%G%k(B</a></li> + + <li><a href="#install">suEXEC $B$N@_Dj$H%$%s%9%H!<%k(B</a></li> + + <li><a href="#enable">suEXEC $B$NM-8z2=$HL58z2=(B</a></li> + + <li><a href="#usage">suEXEC $B$N;HMQ(B</a></li> + + <li><a href="#debug">suEXEC $B$N%G%P%C%0(B</a></li> + + <li><a href="#jabberwock">$B$H$+$2$KCm0U(B: $B7Y9p$H;vNc(B</a></li> + + </ol> + <br /> + <br /> + + <h3><a id="what" name="what">suEXEC $B$H$O(B?</a></h3> + + <p align="left">Apache 1.2 $B$GF3F~$5$l$?(B <strong>suEXEC</strong> + $B5!G=$K$h$j!"(BApache $B%f!<%6$O(B Web $B%5!<%P$r<B9T$7$F$$$k%f!<%6(B ID $B$H$O(B + $B0[$J$k%f!<%6(B ID $B$G(B <strong>CGI</strong> $B%W%m%0%i%`$d(B <strong>SSI</strong> + $B%W%m%0%i%`$r<B9T$9$k$3$H$,$G$-$^$9!#(BCGI $B%W%m%0%i%`$^$?$O(B SSI + $B%W%m%0%i%`$r<B9T$9$k>l9g!"DL>o$O(B web $B%5!<%P$HF1$8%f!<%6$G<B9T$5$l$^$9!#(B + </p> + + <p align="left">$BE,@Z$K;HMQ$9$k$H!"$3$N5!G=$K$h$j%f!<%6$,8DJL$N(B CGI + $B$d(B SSI $B%W%m%0%i%`$r3+H/$7<B9T$9$k$3$H$G@8$8$k%;%-%e%j%F%#>e$N4m81$r!"(B + $B$+$J$j8:$i$9$3$H$,$G$-$^$9!#$7$+$7!"(BsuEXEC $B$N@_Dj$,ITE,@Z$@$H!"(B + $BB?$/$NLdBj$,@8$8!"$"$J$?$N%3%s%T%e!<%?$K?7$7$$%;%-%e%j%F%#%[!<%k$r(B + $B:n$C$F$7$^$&2DG=@-$,$"$j$^$9!#$"$J$?$,(B root $B$K(B setuid + $B$5$l$?%W%m%0%i%`$H!"$=$l$i$+$i@8$8$k%;%-%e%j%F%#>e$NLdBj$N4IM}$K(B + $B>\$7$/$J$$$h$&$J$i!"(BsuEXEC $B$N;HMQ$r8!F$$7$J$$$h$&$K6/$/?d>)$7$^$9!#(B + </p> + + <p align="center"><strong><a href="suexec.html">$BL\<!$KLa$k(B</a></strong> + </p> + + <h3><a id="before" name="before">$B;O$a$kA0$K(B</a></h3> + + <p align="left">$B$3$NJ8=q$N@hF,$KHt$VA0$K!"(BApache + $B%0%k!<%W$H$3$NJ8=q$G$N2>Dj$rCN$C$F$*$/$Y$-$G$7$g$&!#(B + </p> + + <p align="left">$BBh(B 1 $B$K!"$"$J$?$,(B <strong>setuid</strong> $B$H(B + <strong>setgid</strong> $BA`:n$,2DG=$J(B UNIX + $BM3Mh$N%*%Z%l!<%F%#%s%0%7%9%F%`$r;H$C$F$$$k$3$H$rA[Dj$7$F$$$^$9!#(B + $B$3$l$O!"$9$Y$F$N%3%^%s%INc$K$"$F$O$^$j$^$9!#(B + $B$=$NB>$N%W%i%C%H%[!<%`$G$O!"$b$7(B suEXEC + $B$,%5%]!<%H$5$l$F$$$?$H$7$F$b@_Dj$O0[$J$k$+$b$7$l$^$;$s!#(B</p> + + <p align="left">$BBh(B 2 $B$K!"$"$J$?$,;HMQCf$N%3%s%T%e!<%?$N(B + $B%;%-%e%j%F%#$K4X$9$k4pK\E*$J35G0$H!"$=$l$i$N4IM}$K$D$$$F>\$7$$$3$H$r(B + $BA[Dj$7$F$$$^$9!#$3$l$O!"(B<strong>setuid/setgid</strong> + $BA`:n!"$"$J$?$N%7%9%F%`>e$G$N$=$NA`:n$K$h$kMM!9$J8z2L!"(B + $B%;%-%e%j%F%#%l%Y%k$K$D$$$F$"$J$?$,M}2r$7$F$$$k$H$$$&$3$H$r4^$_$^$9!#(B + </p> + + <p align="left">$BBh(B 3 $B$K!"(B<strong>$B2~B$$5$l$F$$$J$$(B</strong> suEXEC + $B%3!<%I$N;HMQ$rA[Dj$7$F$$$^$9!#(BsuEXEC $B$N%3!<%I$O!"(B + $BB?$/$N%Y!<%?%F%9%?$@$1$G$J$/!"3+H/<T$K$h$C$F$bCm0U?<$/@:::$5$l(B + $B%F%9%H$5$l$F$$$^$9!#$=$l$i$NCm0U$K$h$j!"4J7i$G?.Mj$G$-$k0BA4$J(B + $B%3!<%I$N4pHW$,J]>Z$5$l$^$9!#$3$N%3!<%I$r2~JQ$9$k$3$H$G!"(B + $BM=4|$5$l$J$$LdBj$d?7$7$$%;%-%e%j%F%#>e$N4m81$,@8$8$k$3$H$,$"$j$^$9!#(B + $B%;%-%e%j%F%#%W%m%0%i%_%s%0$N>\:Y$KDL$8$F$$$F!"(B + $B:#8e$N8!F$$N$?$a$K@.2L$r(B Apache + $B%0%k!<%W$H6&M-$7$h$&$H;W$&$N$G$J$1$l$P!"(BsuEXEC + $B%3!<%I$OJQ$($J$$$3$H$r(B <strong>$B6/$/(B</strong>$B?d>)$7$^$9!#(B</p> + + <p align="left">$BBh(B 4 $B$K!"$3$l$,:G8e$G$9$,!"(BsuEXEC $B$r(B Apache + $B$N%G%U%)%k%H%$%s%9%H!<%k$K$O(B<strong>$B4^$a$J$$(B</strong>$B$3$H$,(B + Apache $B%0%k!<%W$G7hDj$5$l$F$$$^$9!#$3$l$O!"(BsuEXEC + $B$N@_Dj$K$O4IM}<T$N>\:Y$K$o$?$k?5=E$JCm0U$,I,MW$@$+$i$G$9!#(B + suEXEC $B$NMM!9$J@_Dj$K$D$$$F8!F$$,=*$o$l$P!"4IM}<T$O(B suEXEC + $B$rDL>o$N%$%s%9%H!<%kJ}K!$G%$%s%9%H!<%k$9$k$3$H$,$G$-$^$9!#(B + $B$3$l$i$N@_DjCM$O!"(BsuEXEC + $B5!G=$N;HMQCf$K%7%9%F%`%;%-%e%j%F%#$rE,@Z$KJ]$D$?$a$K!"(B + $B4IM}<T$K$h$C$F?5=E$K7hDj$5$l;XDj$5$l$k$3$H$,I,MW$G$9!#(B + $B$3$N>\:Y$J<j=g$K$h$j!"(BApache $B%0%k!<%W$O!"(BsuEXEC + $B$N%$%s%9%H!<%k$K$D$$$F!"Cm0U?<$/==J,$K8!F$$7$F$=$l$r;HMQ$9$k$3$H$r(B + $B7hDj$7$?>l9g$K8B$C$F$$$?$@$-$?$$$H9M$($F$$$^$9!#(B + </p> + + <p align="left">$B$=$l$G$b?J$_$^$9$+(B? $B$h$m$7$$!#$G$O!"@h$X?J$_$^$7$g$&(B!</p> + + <p align="center"><strong><a + href="suexec.html">$BL\<!$KLa$k(B</a></strong></p> + + <h3><a id="model" name="model">suEXEC $B%;%-%e%j%F%#%b%G%k(B</a></h3> + + <p align="left">suEXEC $B$N@_Dj$H%$%s%9%H!<%k$r;O$a$kA0$K!"(B + $B$^$:<BAu$7$h$&$H$7$F$$$k%;%-%e%j%F%#%b%G%k$K$D$$$FO@$8$F$*$-$^$9!#(B + $B$=$l$K$O!"(BsuEXEC $B$NFbIt$G9T$J$o$l$F$$$k$3$H!"(B + $B%7%9%F%`$N%;%-%e%j%F%#$rJ]>Z$9$k$?$a$K7Y9p$5$l$k$3$H$r(B + $B$h$/M}2r$7$F$*$$$?J}$,$h$$$G$7$g$&!#(B</p> + + <p align="left"><strong>suEXEC</strong> $B$O!"(BApache web + $B%5!<%P$+$i8F$S=P$5$l$k(B setuid $B$5$l$?(B "wrapper" + $B%W%m%0%i%`$,4pK\$H$J$C$F$$$^$9!#@_7W$7$?(B CGI$B!"$^$?$O(B SSI + $B%W%m%0%i%`$X$N(B HTTP $B%j%/%(%9%H$,$"$k$H!"$3$N(B wrapper + $B$,8F$S=P$5$l$^$9!#$3$N$h$&$J%j%/%(%9%H$,$"$k$H!"(BApache + $B$O$=$N%W%m%0%i%`$,<B9T$5$l$k:]$N%W%m%0%i%`L>$H%f!<%6(B ID $B$H%0%k!<%W(B + ID $B$r;XDj$7$F(B suEXEC wrapper $B$r<B9T$7$^$9!#(B + </p> + + <p align="left">$B$=$l$+$i!"(Bwrapper $B$O@.8y$^$?$O<:GT$r7hDj$9$k$?$a(B + $B0J2<$N=hM}$r9T$J$$$^$9!#$3$l$i$N>uBV$N$&$A0l$D$G$b<:GT$7$?>l9g!"(B + $B%W%m%0%i%`$O<:GT$r%m%0$K5-O?$7$F%(%i!<$G=*N;$7$^$9!#(B + $B$=$&$G$J$1$l$P!"8e$N=hM}$,B3$1$i$l$^$9!#(B</p> + + <ol> + <li> + <strong>wrapper $B$,E,@Z$J?t$N0z?t$G8F$S=P$5$l$?$+(B?</strong> + + + <blockquote> + wrapper $B$OE,@Z$J?t$N0z?t$,M?$($i$l$?>l9g$K$N$_<B9T$5$l$^$9!#(B + $BE,@Z$J0z?t$N%U%)!<%^%C%H$O(B Apache Web $B%5!<%P$K2r<a$5$l$^$9!#(B + $BE,@Z$J?t$N0z?t$r<u$1<h$i$J$1$l$P!"967b$r$5$l$?$+(B + $B$"$J$?$N(B Apache $B%P%$%J%j$N(B suEXEC $B$NItJ,$,(B + $B$I$3$+$*$+$7$$2DG=@-$,$"$j$^$9!#(B + </blockquote> + </li> + + + <li> + <strong>wrapper + $B$r<B9T$7$F$$$k%f!<%6$O$3$N%7%9%F%`$N@5Ev$J%f!<%6$+(B?</strong> + + <blockquote> + $B$3$l$O!"(Bwrapper $B$r<B9T$7$F$$$k%f!<%6$,(B + $BK\Ev$K%7%9%F%`$NMxMQ<T$G$"$k$3$H$rJ]>Z$9$k$?$a$G$9!#(B + </blockquote> + </li> + + <li> + <strong>$B$3$N@5Ev$J%f!<%6$O(B wrapper + $B$N<B9T$r5v2D$5$l$F$$$k$+(B?</strong> + + <blockquote> + $B$3$N%f!<%6$O(B wrapper $B<B9T$r5v2D$5$l$?%f!<%6$G$9$+(B? + $B$?$@0l?M$N%f!<%6(B (Apache $B%f!<%6(B) $B$@$1$,!"(B + $B$3$N%W%m%0%i%`$N<B9T$r5v2D$5$l$^$9!#(B + </blockquote> + </li> + + <li> + <strong>$BBP>]$N%W%m%0%i%`$,0BA4$G$J$$3,AX$N;2>H$r$7$F$$$k$+(B? + </strong> + + <blockquote> + $BBP>]$N%W%m%0%i%`$,(B '/' $B$+$i;O$^$k!"$^$?$O(B + '..' $B$K$h$k;2>H$r9T$J$C$F$$$^$9$+(B? $B$3$l$i$O5v2D$5$l$^$;$s!#(B + $BBP>]$N%W%m%0%i%`$O(B Apache $B$N(B web $B6u4VFb$K$J$1$l$P$J$j$^$;$s!#(B + </blockquote> + </li> + + <li> + <strong>$BBP>]$H$J$k%f!<%6L>$O@5Ev$J$b$N$+(B?</strong> + + <blockquote> + $BBP>]$H$J$k%f!<%6L>$OB8:_$7$F$$$^$9$+(B? + </blockquote> + </li> + + <li> + <strong>$BBP>]$H$J$k%0%k!<%WL>$O@5Ev$J$b$N$+(B?</strong> + + <blockquote> + $BBP>]$H$J$k%0%k!<%WL>$OB8:_$7$F$$$^$9$+(B? + </blockquote> + </li> + + <li> + <strong>$BL\E*$N%f!<%6$O%9!<%Q!<%f!<%6$G$O(B<em>$B$J$$(B</em>$B$+(B? + </strong> + + <blockquote> + $B:#$N$H$3$m!"(BsuEXEC $B$O(B 'root' $B$K$h$k(B CGI/SSI + $B%W%m%0%i%`$N<B9T$r5v2D$7$F$$$^$;$s!#(B + </blockquote> + </li> + + <li> + <strong>$BBP>]$H$J$k%f!<%6(B ID $B$O!":G>.$N(B ID + $BHV9f$h$j$b(B<em>$BBg$-$$(B</em>$B$+(B? </strong> + + <blockquote> + $B:G>.%f!<%6(B ID $BHV9f$O@_Dj;~$K;XDj$5$l$^$9!#$3$l$O!"(B + CGI/SSI $B%W%m%0%i%`<B9T$r5v2D$5$l$k%f!<%6(B ID + $B$N$H$j$&$k:G>.CM$G$9!#$3$l$O(B + "system" $BMQ$N%"%+%&%s%H$rJD$a=P$9$N$KM-8z$G$9!#(B + </blockquote> + </li> + + <li> + <strong>$BBP>]$H$J$k%0%k!<%W$O%9!<%Q!<%f!<%6$N%0%k!<%W$G$O(B + <em>$B$J$$(B</em>$B$+(B?</strong> + + <blockquote> + $B:#$N$H$3$m!"(BsuEXEC $B$O(B 'root' $B%0%k!<%W$K$h$k(B CGI/SSI + $B%W%m%0%i%`$N<B9T$r5v2D$7$F$$$^$;$s!#(B + </blockquote> + </li> + + <li> + <strong>$BBP>]$H$J$k%0%k!<%W(B ID $B$O:G>.$N(B ID + $BHV9f$h$j$b(B<em>$BBg$-$$(B</em>$B$+(B?</strong> + + <blockquote> + $B:G>.%0%k!<%W(B ID $BHV9f$O@_Dj;~$K;XDj$5$l$^$9!#$3$l$O!"(B + CGI/SSI $B%W%m%0%i%`<B9T$r5v2D$5$l$k%0%k!<%W(B + ID $B$N$H$j$&$k:G>.CM$G$9!#(B + $B$3$l$O(B "system" $BMQ$N%0%k!<%W$rJD$a=P$9$N$KM-8z$G$9!#(B + </blockquote> + </li> + + <li> + <strong>wrapper $B$,@5>o$KBP>]$H$J$k%f!<%6$H%0%k!<%W$K$J$l$k$+(B? + </strong> + + <blockquote> + $B$3$3$G!"(Bsetuid $B$H(B setgid + $B$N5/F0$K$h$j%W%m%0%i%`$OBP>]$H$J$k%f!<%6$H%0%k!<%W$K$J$j$^$9!#(B + $B%0%k!<%W%"%/%;%9%j%9%H$O!"(B + $B%f!<%6$,B0$7$F$$$k$9$Y$F$N%0%k!<%W$G=i4|2=$5$l$^$9!#(B + </blockquote> + </li> + + <li> + <strong>$B%W%m%0%i%`$,CV$+$l$k%G%#%l%/%H%j$OB8:_$7$F$$$k$+(B? + </strong> + + <blockquote> + $B%G%#%l%/%H%j$,B8:_$7$J$$$J$i!"$=$N%U%!%$%k$bB8:_$7$J$$$+$b$7$l$^$;$s!#(B + </blockquote> + </li> + + <li> + <strong>$B%G%#%l%/%H%j$,(B Apache $B$N%I%-%e%a%s%H%D%j!<Fb$K$"$k$+(B? + </strong> + + <blockquote> + $B%j%/%(%9%H$,%5!<%PFb$N$b$N$G$"$l$P!"(B + $BMW5a$5$l$?%G%#%l%/%H%j$,%5!<%P$N%I%-%e%a%s%H%k!<%HG[2<$K$"$j$^$9$+(B? + $B%j%/%(%9%H$,(B UserDir $B$N$b$N$G$"$l$P!"(B + $BMW5a$5$l$?%G%#%l%/%H%j$,%f!<%6$N%I%-%e%a%s%H%k!<%HG[2<$K$"$j$^$9$+(B? + </blockquote> + </li> + + <li> + <strong>$B%G%#%l%/%H%j$rB>$N%f!<%6$,=q$-9~$a$k$h$&$K$J$C$F(B + <em>$B$$$J$$(B</em>$B$+(B?</strong> + + <blockquote> + $B%G%#%l%/%H%j$rB>%f!<%6$K3+J|$7$J$$$h$&$K$7$^$9!#(B + $B=jM-%f!<%6$@$1$,$3$N%G%#%l%/%H%j$NFbMF$r2~JQ$G$-$k$h$&$K$7$^$9!#(B + </blockquote> + </li> + + + <li> + <strong>$BBP>]$H$J$k%W%m%0%i%`$OB8:_$9$k$+(B?</strong> + + <blockquote> + $BB8:_$7$J$1$l$P<B9T$G$-$^$;$s!#(B + </blockquote> + </li> + + <li> + <strong>$BBP>]$H$J$k%W%m%0%i%`%U%!%$%k$,B>%"%+%&%s%H$+$i(B + $B=q$-9~$a$k$h$&$K$J$C$F(B<em>$B$$$J$$(B</em>$B$+(B?</strong> + + <blockquote> + $B=jM-<T0J30$K$O%W%m%0%i%`$rJQ99$9$k8"8B$OM?$($i$l$^$;$s!#(B + </blockquote> + </li> + + + <li> + <strong>$BBP>]$H$J$k%W%m%0%i%`$,(B setuid $B$^$?$O(B setgid + $B$5$l$F(B<em>$B$$$J$$(B</em>$B$+(B?</strong> + + <blockquote> + UID/GID $B$r:FEYJQ99$7$F$N%W%m%0%i%`<B9T$O$7$^$;$s(B + </blockquote> + </li> + + + <li> + <strong>$BBP>]$H$J$k%f!<%6(B/$B%0%k!<%W$,%W%m%0%i%`$N(B + $B%f!<%6(B/$B%0%k!<%W$HF1$8$+(B?</strong> + + <blockquote> + $B%f!<%6$,$=$N%U%!%$%k$N=jM-<T$G$9$+(B? + </blockquote> + </li> + + <li> + <strong>$B0BA4$JF0:n$rJ]>Z$9$k$?$a$N4D6-JQ?t%/%j%"$,2DG=$+(B? + </strong> + + <blockquote> + suEXEC $B$O!"0BA4$J4D6-JQ?t$N%j%9%H(B + ($B$3$l$i$O@_Dj;~$K:n@.$5$l$^$9(B) $BFb$NJQ?t$H$7$FEO$5$l$k0BA4$J(B + PATH $BJQ?t(B ($B@_Dj;~$K;XDj$5$l$^$9(B) $B$r@_Dj$9$k$3$H$G!"(B + $B%W%m%;%9$N4D6-JQ?t$r%/%j%"$7$^$9!#(B + </blockquote> + </li> + + + <li> + <strong>$BBP>]$H$J$k%W%m%0%i%`$r(B exec $B$7$F<B9T$G$-$k$+(B?</strong> + + + <blockquote> + $B$3$3$G(B suEXEC $B$,=*N;$7!"BP>]$H$J$k%W%m%0%i%`$,3+;O$5$l$^$9!#(B + </blockquote> + </li> + </ol> + <br /> + <br /> + + <p align="left">$B$3$3$^$G$,(B suEXEC $B$N(B wrapper + $B$K$*$1$k%;%-%e%j%F%#%b%G%k$NI8=`E*$JF0:n$G$9!#$b$&>/$787=E$K(B + CGI/SSI $B@_7W$K$D$$$F$N?7$7$$@)8B$d5,Dj$r<h$jF~$l$k$3$H$b$G$-$^$9$,!"(B + suEXEC $B$O%;%-%e%j%F%#$KCm0U$7$F?5=E$K>/$7$:$D3+H/$5$l$F$-$^$7$?!#(B + </p> + + <p align="left">$B$3$N%;%-%e%j%F%#%b%G%k$rMQ$$$F(B + $B%5!<%P@_Dj;~$K$I$N$h$&$K5v$9$3$H$r@)8B$9$k$+!"$^$?!"(BsuEXEC + $B$rE,@Z$K@_Dj$9$k$H$I$N$h$&$J%;%-%e%j%F%#>e$N4m81$rHr$1$i$l$k$+$K(B + $B4X$9$k$h$j>\$7$$>pJs$K$D$$$F$O!"(B<a href="#jabberwock">"$B$H$+$2$KCm0U(B" + (Beware the Jabberwock)</a> $B$N>O$r;2>H$7$F$/$@$5$$!#(B + </p> + + <p align="center"><strong><a href="suexec.html" + >$BL\<!$KLa$k(B</a></strong></p> + + <h3><a name="install" id="install">suEXEC + $B$N@_Dj$H%$%s%9%H!<%k(B</a></h3> + + <p align="left">$B$3$3$+$i3Z$7$/$J$j$^$9!#(BApache 1.2 $B$"$k$$$O(B + <code>"src/Configure"</code> $B%9%/%j%W%H$G(B Apache 1.3 $B$r@_Dj$9$k$J$i!"(B + suEXEC $B%X%C%@%U%!%$%k$rJT=8$7$F%P%$%J%j$rE,@Z$J>l=j$K<j:n6H$G(B + $B%$%s%9%H!<%k$7$J$1$l$P$J$j$^$;$s!#(B + $B0J2<$N>O$G$O!"(BAutoConf-style $B%$%s%?%U%'!<%9(B (APACI) $B$r;H$C$?(B + Apache 1.3 $B$G$N@_Dj$H%$%s%9%H!<%k$K$D$$$F=R$Y$F$$$^$9!#(B + </p> + + <p align="left"><strong>APACI $B$N(B suEXEC + $B@_Dj%*%W%7%g%s(B</strong><br /> + </p> + + <dl> + <dt><code>--enable-suexec</code></dt> + + <dd>$B$3$N%*%W%7%g%s$O!"%G%U%)%k%H$G$O%$%s%9%H!<%k$5$l$:!"(B + $BM-8z$K$O$J$i$J$$(B suEXEC $B5!G=$rM-8z$K$7$^$9!#(B + suEXEC $B$r;H$&$h$&$K(B APACI $B$KMW5a$9$k$K$O!"(B--enable-suexec + $B%*%W%7%g%s$K$"$o$;$F>/$J$/$H$b0l$D$O(B --with-suexec-xxxxx + $B%*%W%7%g%s$,;XDj$5$l$J$1$l$P$J$j$^$;$s!#(B</dd> + + <dt><code>--with-suexec-caller=<em>UID</em></code></dt> + + <dd>Apache $B$rDL>oF0:n$5$;$k(B<a + href="mod/mpm_common.html#user">$B%f!<%6L>(B</a>$B$r;XDj$7$^$9!#(B + $B$3$N%f!<%6$@$1$,(B suexec $B$N<B9T$r5v2D$5$l$?%f!<%6$K$J$j$^$9!#(B</dd> + + <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt> + + <dd>Apache $B$N%I%-%e%a%s%H%k!<%H$r@_Dj$7$^$9!#$3$l$,(B suEXEC + $B$NF0:n$G;HMQ$9$kM#0l$N%G%#%l%/%H%j3,AX$K$J$j$^$9(B (UserDir + $B$N;XDj$OJL(B)$B!#%G%U%)%k%H$G$O(B --datedir $B$K(B "/htdocs" + $B$H$$$&%5%U%#%C%/%9$r$D$1$?$b$N$G$9!#(B + "<code>--datadir=/home/apache</code>" $B$H$7$F@_Dj$9$k$H!"(B + suEXEC wrapper $B$K$H$C$F(B "/home/apache/htdocs" + $B$,%I%-%e%a%s%H%k!<%H$H$7$F;H$o$l$^$9!#(B</dd> + + <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt> + + <dd>suEXEC $B$N=hM}$H%(%i!<$,5-O?$5$l$k%U%!%$%kL>$r;XDj$7$^$9!#(B + ($B4F::$d%G%P%C%0L\E*$KM-MQ(B) + $B%G%U%)%k%H$G$O%m%0%U%!%$%k$O(B "suexec_log" $B$H$$$&L>A0$G!"(B + $BI8=`$N%m%0%U%!%$%k%G%#%l%/%H%j(B (--logfiledir) $B$KCV$+$l$^$9!#(B + </dd> + + <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt> + + <dd>suEXEC $B$,%"%/%;%9$r5v$5$l$k%f!<%6%[!<%`%G%#%l%/%H%jG[2<$N(B + $B%5%V%G%#%l%/%H%j$r;XDj$7$^$9!#(B + $B$3$N%G%#%l%/%H%j0J2<$NA4<B9T%U%!%$%k$O!"(B"$B0BA4$J(B"$B%W%m%0%i%`$K$J$k$h$&!"(B + suEXEC $B$,$=$N%f!<%6$H$7$F<B9T$G$-$k$h$&$K$7$^$9!#(B + "$BC1=c$J(B" UserDir $B%G%#%l%/%F%#%V$r;H$C$F$$$k>l9g(B + ($B$9$J$o$A(B "*" $B$r4^$^$J$$$b$N(B)$B!"$3$l$HF1$8CM$r@_Dj$9$Y$-$G$9!#(B + Userdir $B%G%#%l%/%F%#%V$,$=$N%f!<%6$N%Q%9%o!<%I%U%!%$%kFb$N(B + $B%[!<%`%G%#%l%/%H%j$HF1$8>l=j$r;X$7$F$$$J$1$l$P!"(B + suEXEC $B$OE,@Z$KF0:n$7$^$;$s!#%G%U%)%k%H$O(B "public_html" $B$G$9!#(B + <br /> + $B3F(B UserDir $B$,0[$J$C$?2>A[%[%9%H$r@_Dj$7$F$$$k>l9g!"(B + $B$=$l$i$rA4$F0l$D$N?F%G%#%l%/%H%j$K4^$a$F!"(B + $B$=$N?F%G%#%l%/%H%j$NL>A0$r$3$3$G;XDj$9$kI,MW$,$"$j$^$9!#(B + <strong>$B$3$N$h$&$K;XDj$5$l$J$1$l$P(B "~userdir" cgi + $B$X$N%j%/%(%9%H$,F0:n$7$^$;$s!#(B</strong></dd> + + <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt> + + <dd>suEXEC $B$NBP>]%f!<%6$H$7$F5v$5$l$k(B UID $B$N:G>.CM$r;XDj$7$^$9!#(B + $BBgDq$N%7%9%F%`$G$O(B 500 $B$+(B 100 $B$,0lHLE*$G$9!#(B + $B%G%U%)%k%HCM$O(B 100 $B$G$9!#(B</dd> + + <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt> + + <dd>suEXEC $B$NBP>]%0%k!<%W$H$7$F5v$5$l$k(B GID + $B$N:G>.CM$r;XDj$7$^$9!#BgDq$N%7%9%F%`$G$O(B 100 $B$,0lHLE*$J$N$G!"(B + $B%G%U%)%k%HCM$H$7$F$b(B 100 $B$,;H$o$l$F$$$^$9!#(B</dd> + + <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> + + <dd>CGI $B<B9T%U%!%$%k$KEO$5$l$k0BA4$J(B PATH $B4D6-JQ?t$G$9!#(B + $B%G%U%)%k%HCM$O(B "/usr/local/bin:/usr/bin:/bin" $B$G$9!#(B + </dd> + </dl> + <br /> + <br /> + + <p align="left"><strong>suEXEC $B@_Dj$N3NG'(B</strong> + <br /> + suEXEC wrapper $B$r%3%s%Q%$%k$7$F%$%s%9%H!<%k$9$kA0$K!"@_DjFbMF$r(B + --layout $B%*%W%7%g%s$G3NG'$G$-$^$9!#(B<br /> + $B=PNONc(B:</p> +<pre> + suEXEC setup: + suexec binary: /usr/local/apache/sbin/suexec + document root: /usr/local/apache/share/htdocs + userdir suffix: public_html + logfile: /usr/local/apache/var/log/suexec_log + safe path: /usr/local/bin:/usr/bin:/bin + caller ID: www + minimum user ID: 100 + minimum group ID: 100 +</pre> + <br /> + <br /> + + <p align="left"><strong>suEXEC wrapper + $B$N%3%s%Q%$%k$H%$%s%9%H!<%k(B</strong><br /> + --enable-suexec $B%*%W%7%g%s$G(B suEXEC $B5!G=$rM-8z$K$9$k$H!"(B + "make" $B%3%^%s%I$r<B9T$7$?;~$K(B suEXEC $B$N%P%$%J%j(B (Apache $B<+BN$b(B) + $B$,<+F0E*$K:n@.$5$l$^$9!#(B + <br /> + $B$9$Y$F$N9=@.MWAG$,:n@.$5$l$k$H!"$=$l$i$N%$%s%9%H!<%k$K$O(B + "make install" $B%3%^%s%I$,<B9T$G$-$^$9!#%P%$%J%j%$%a!<%8$N(B "suexec" + $B$O(B --sbindir $B%*%W%7%g%s$G;XDj$5$l$?%G%#%l%/%H%j$K%$%s%9%H!<%k$5$l$^$9!#(B + $B%G%U%)%k%H$N>l=j$O(B "/usr/local/apache/sbin/suexec" $B$G$9!#(B<br /> + $B%$%s%9%H!<%k;~$K$O(B <strong><em>root</em></strong> + $B8"8B$,I,MW$J$N$GCm0U$7$F$/$@$5$$!#(Bwrapper $B$,%f!<%6(B ID + $B$r@_Dj$9$k$?$a$K!"=jM-<T(B <code><em>root</em></code> + $B$G$N%;%C%H%f!<%6(B ID + $B%S%C%H$r$=$N%U%!%$%k$N%b!<%I$K@_Dj$7$J$1$l$P$J$j$^$;$s!#(B + </p> + + <p align="center"><strong><a + href="suexec.html">$BL\<!$KLa$k(B</a></strong></p> + + <h3><a id="enable" name="enable">suEXEC + $B$NM-8z2=$HL58z2=(B</a></h3> + + <p align="left">$B5/F0;~$K!"(BApache $B$O(B "sbin" $B%G%#%l%/%H%j$G(B + "suexec" $B$rC5$7$^$9(B + ($B%G%U%)%k%H$O(B "/usr/local/apache/sbin/suexec") $B!#(B + $BE,@Z$K@_Dj$5$l$?(B suEXEC $B$,$_$D$+$k$H!"(B + $B%(%i!<%m%0$K0J2<$N%a%C%;!<%8$,=PNO$5$l$^$9!#(B</p> +<pre> + [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>) +</pre> + + <p>$B%5!<%P5/F0;~$K$3$N%a%C%;!<%8$,=P$J$$>l9g!"(B + $BBgDq$O%5!<%P$,A[Dj$7$?>l=j$G(B wrapper $B%W%m%0%i%`$,8+$D$+$i$J$+$C$?$+!"(B + <em>setuid root</em> $B$H$7$F%$%s%9%H!<%k$5$l$F$$$J$$$+$G$9!#(B + <br /> + suEXEC $B$N;EAH$_$r;HMQ$9$k$N$,=i$a$F$G!"(BApache $B$,4{$KF0:nCf$G$"$l$P!"(B + Apache $B$r(B kill $B$7$F!":F5/F0$7$J$1$l$P$J$j$^$;$s!#(BHUP $B%7%0%J%k$d(B + USR1 $B%7%0%J%k$K$h$kC1=c$J:F5/F0$G$OIT==J,$G$9!#(B<br /> + suEXEC $B$rL58z$K$9$k>l9g$O!"(B"suexec" $B%U%!%$%k$r:o=|$7$F$+$i(B + Apache $B$r(B kill $B$7$F:F5/F0$7$^$9!#(B + </p> + + <p align="center"><strong><a + href="suexec.html">$BL\<!$KLa$k(B</a></strong></p> + + <h3><a id="usage" name="usage">suEXEC $B$N;HMQ(B</a></h3> + + <p align="left"><strong>$B2>A[%[%9%H(B:</strong><br /> + suEXEC wrapper $B$N;H$$J}$H$7$F!"(B + <a href="mod/core.html#virtualhost">$B2>A[%[%9%H(B</a>$B@_Dj$G$N(B + <a href="mod/mpm_common.html#user">User</a> $B%G%#%l%/%F%#%V$H(B + <a href="mod/mpm_common.html#group">Group</a> + $B%G%#%l%/%F%#%V$rDL$7$?$b$N$,$"$j$^$9!#(B + $B$3$l$i$N%G%#%l%/%F%#%V$r%a%$%s%5!<%P$N%f!<%6(B ID + $B$H0[$J$k$b$N$K$9$k$H!"(BCGI $B%j%=!<%9$X$N$9$Y$F$N%j%/%(%9%H$O!"$=$N(B + <code><VirtualHost></code> $B$G;XDj$5$l$?(B <em>User</em> $B$H(B + <em>Group</em> $B$H$7$F<B9T$5$l$^$9!#(B<code><VirtualHost></code> + $B$G$=$l$i$N%G%#%l%/%F%#%V$N$I$A$i$+!"$^$?$ON>J}$,;XDj$5$l$F$$$J$$>l9g!"(B + $B%a%$%s%5!<%P$N%f!<%6(B ID $B$,A[Dj$5$l$^$9!#(B</p> + + <p><strong>$B%f!<%6%G%#%l%/%H%j(B:</strong><br /> + suEXEC wrapper $B$O!"%j%/%(%9%H@h$N%f!<%6$H$7$F(B CGI + $B$r<B9T$9$k$?$a$K$b;H$($^$9!#$3$l$O4|BT$9$k<B9T8"8B$N%f!<%6(B ID + $B$NA0$K!"(B"<strong><code>~</code></strong>" + $BJ8;z$rCV$/$3$H$G<B8=$5$l$^$9!#(B + $B$3$N5!G=$rF0:n$5$;$k$?$a$KI,MW$J$3$H$O!"(BCGI + $B$r$=$N%f!<%6$G<B9T$G$-$k$3$H!"$=$N%9%/%j%W%H$,>e5-$N(B<a + href="#model">$B%;%-%e%j%F%#8!::(B</a>$B$r%Q%9$G$-$k$3$H$G$9!#(B + </p> + + <p align="center"><strong><a + href="suexec.html">$BL\<!$KLa$k(B</a></strong></p> + + <h3><a id="debug" name="debug">suEXEC $B$N%G%P%C%0(B</a></h3> + + <p align="left">suEXEC wrapper $B$O!">e5-$G=R$Y$?(B --with-suexec-logfile + $B%*%W%7%g%s$G;XDj$5$l$?%U%!%$%k$K%m%0>pJs$r5-O?$7$^$9!#(B + wrapper $B$rE,@Z$K@_Dj!"%$%s%9%H!<%k$G$-$F$$$k$H;W$&>l9g!"(B + $B$I$3$GLB$C$F$$$k$+8+$h$&$H$9$k$J$i$3$N%m%0$H%5!<%P$N(B + $B%(%i!<%m%0$r8+$k$H$h$$$G$7$g$&!#(B</p> + + <p align="center"><strong><a + href="suexec.html">$BL\<!$KLa$k(B</a></strong></p> + + <h3><a id="jabberwock" + name="jabberwock">$B$H$+$2$KCm0U(B: $B7Y9p$H;vNc(B</a></h3> + + <p align="left"><strong>$BCm0U(B!</strong> + $B$3$N>O$O40A4$G$O$"$j$^$;$s!#$3$N>O$N:G?72~D{HG$K$D$$$F$O!"(B + Apache $B%0%k!<%W$N(B<a href="http://www.apache.org/docs/suexec.html"> + $B%*%s%i%$%s%I%-%e%a%s%H(B</a>$BHG$r;2>H$7$F$/$@$5$$!#(B + </p> + + <p align="left">$B%5!<%P$N@_Dj$K@)8B$r$b$&$1$k(B wrapper $B$K$D$$$F!"(B + $B$$$/$D$+6=L#?<$$E@$,$"$j$^$9!#(BsuEXEC $B$K4X$9$k(B "$B%P%0(B" + $B$rJs9p$9$kA0$K$3$l$i$r3NG'$7$F$/$@$5$$!#(B</p> + + <ul> + <li><strong>suEXEC $B$N6=L#?<$$E@(B</strong></li> + + <li>$B3,AX9=B$$N@)8B(B + + + <blockquote> + $B%;%-%e%j%F%#$H8zN($NM}M3$+$i!"(BsuEXEC $B$NA4$F$N%j%/%(%9%H$O(B + $B2>A[%[%9%H$X$N%j%/%(%9%H$K$*$1$k:G>e0L$N%I%-%e%a%s%H%k!<%HFb$+!"(B + $B%f!<%6%G%#%l%/%H%j$X$N%j%/%(%9%H$K$*$1$k8D!9$N%f!<%6$N:G>e0L$N(B + $B%I%-%e%a%s%H%k!<%HFb$K;D$i$J$1$l$P$J$j$^$;$s!#(B + $BNc$($P!";M$D$N2>A[%[%9%H$r@_Dj$7$F$$$k>l9g!"(B + $B2>A[%[%9%H$N(B suEXEC $B$KM-Mx$J$h$&$K!"%a%$%s$N(B Apache + $B%I%-%e%a%s%H3,AX$N30B&$KA4$F$N2>A[%[%9%H$N%I%-%e%a%s%H%k!<%H$r(B + $B9=C[$9$kI,MW$,$"$j$^$9!#(B($BNc$O8eF|5-:\(B) + </blockquote> + </li> + + <li>suEXEC $B$N(B PATH $B4D6-JQ?t(B + + + <blockquote> + $B$3$l$rJQ99$9$k$N$O4m81$G$9!#$3$N;XDj$K4^$^$l$k3F%Q%9$,(B + <strong>$B?.Mj$G$-$k(B</strong> + $B%G%#%l%/%H%j$G$"$k$3$H$r3NG'$7$F$/$@$5$$!#(B + $B@$3&$+$i$N%"%/%;%9$K$h$j!"C/$+$,%[%9%H>e$G%H%m%$$NLZGO(B + $B$r<B9T$G$-$k$h$&$K$O$7$?$/$J$$$G$7$g$&!#(B + </blockquote> + </li> + + <li>suEXEC $B%3!<%I$N2~B$(B + + + <blockquote> + $B7+$jJV$7$^$9$,!"2?$r$d$m$&$H$7$F$$$k$+GD0.$;$:$K$3$l$r$d$k$H(B + <strong>$BBg$-$JLdBj(B</strong>$B$r0z$-5/$3$7$+$M$^$;$s!#(B + $B2DG=$J8B$jHr$1$F$/$@$5$$!#(B + </blockquote> + </li> + </ul> + + <p align="center"><strong><a + href="suexec.html">$BL\<!$KLa$k(B</a></strong></p> + <!--#include virtual="footer.html" --> + </body> +</html> |