summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorYoshiki Hayashi <yoshiki@apache.org>2002-05-22 10:22:40 +0000
committerYoshiki Hayashi <yoshiki@apache.org>2002-05-22 10:22:40 +0000
commitf897e63cf5a213bec32245558cf47aa8cd1b3a07 (patch)
tree056ba7cba9328c7135e9aea230cb379bc67e3220 /docs
parentee677e797ad2d35e0391160bd5ba1494ae40e2dc (diff)
downloadhttpd-f897e63cf5a213bec32245558cf47aa8cd1b3a07.tar.gz
New Japanese translation. Forward port from 1.3.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95214 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs')
-rw-r--r--docs/manual/suexec.html620
-rw-r--r--docs/manual/suexec.html.ja.jis613
2 files changed, 613 insertions, 620 deletions
diff --git a/docs/manual/suexec.html b/docs/manual/suexec.html
deleted file mode 100644
index 0448c942ec..0000000000
--- a/docs/manual/suexec.html
+++ /dev/null
@@ -1,620 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Apache suEXEC Support</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Apache suEXEC Support</h1>
-
- <ol>
- <li><big><strong>CONTENTS</strong></big></li>
-
- <li><a href="#what">What is suEXEC?</a></li>
-
- <li><a href="#before">Before we begin.</a></li>
-
- <li><a href="#model">suEXEC Security Model.</a></li>
-
- <li><a href="#install">Configuring &amp; Installing
- suEXEC</a></li>
-
- <li><a href="#enable">Enabling &amp; Disabling
- suEXEC</a></li>
-
- <li><a href="#usage">Using suEXEC</a></li>
-
- <li><a href="#debug">Debugging suEXEC</a></li>
-
- <li><a href="#jabberwock">Beware the Jabberwock: Warnings
- &amp; Examples</a></li>
- </ol>
- <br />
- <br />
-
-
- <h3><a id="what" name="what">What is suEXEC?</a></h3>
-
- <p align="LEFT">The <strong>suEXEC</strong> feature --
- introduced in Apache 1.2 -- provides Apache users the ability
- to run <strong>CGI</strong> and <strong>SSI</strong> programs
- under user IDs different from the user ID of the calling
- web-server. Normally, when a CGI or SSI program executes, it
- runs as the same user who is running the web server.</p>
-
- <p align="LEFT">Used properly, this feature can reduce
- considerably the security risks involved with allowing users to
- develop and run private CGI or SSI programs. However, if suEXEC
- is improperly configured, it can cause any number of problems
- and possibly create new holes in your computer's security. If
- you aren't familiar with managing setuid root programs and the
- security issues they present, we highly recommend that you not
- consider using suEXEC.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="before" name="before">Before we begin.</a></h3>
-
- <p align="LEFT">Before jumping head-first into this document,
- you should be aware of the assumptions made on the part of the
- Apache Group and this document.</p>
-
- <p align="LEFT">First, it is assumed that you are using a UNIX
- derivate operating system that is capable of
- <strong>setuid</strong> and <strong>setgid</strong> operations.
- All command examples are given in this regard. Other platforms,
- if they are capable of supporting suEXEC, may differ in their
- configuration.</p>
-
- <p align="LEFT">Second, it is assumed you are familiar with
- some basic concepts of your computer's security and its
- administration. This involves an understanding of
- <strong>setuid/setgid</strong> operations and the various
- effects they may have on your system and its level of
- security.</p>
-
- <p align="LEFT">Third, it is assumed that you are using an
- <strong>unmodified</strong> version of suEXEC code. All code
- for suEXEC has been carefully scrutinized and tested by the
- developers as well as numerous beta testers. Every precaution
- has been taken to ensure a simple yet solidly safe base of
- code. Altering this code can cause unexpected problems and new
- security risks. It is <strong>highly</strong> recommended you
- not alter the suEXEC code unless you are well versed in the
- particulars of security programming and are willing to share
- your work with the Apache Group for consideration.</p>
-
- <p align="LEFT">Fourth, and last, it has been the decision of
- the Apache Group to <strong>NOT</strong> make suEXEC part of
- the default installation of Apache. To this end, suEXEC
- configuration requires of the administrator careful attention
- to details. After due consideration has been given to the
- various settings for suEXEC, the administrator may install
- suEXEC through normal installation methods. The values for
- these settings need to be carefully determined and specified by
- the administrator to properly maintain system security during
- the use of suEXEC functionality. It is through this detailed
- process that the Apache Group hopes to limit suEXEC
- installation only to those who are careful and determined
- enough to use it.</p>
-
- <p align="LEFT">Still with us? Yes? Good. Let's move on!</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="model" name="model">suEXEC Security Model</a></h3>
-
- <p align="LEFT">Before we begin configuring and installing
- suEXEC, we will first discuss the security model you are about
- to implement. By doing so, you may better understand what
- exactly is going on inside suEXEC and what precautions are
- taken to ensure your system's security.</p>
-
- <p align="LEFT"><strong>suEXEC</strong> is based on a setuid
- "wrapper" program that is called by the main Apache web server.
- This wrapper is called when an HTTP request is made for a CGI
- or SSI program that the administrator has designated to run as
- a userid other than that of the main server. When such a
- request is made, Apache provides the suEXEC wrapper with the
- program's name and the user and group IDs under which the
- program is to execute.</p>
-
- <p align="LEFT">The wrapper then employs the following process
- to determine success or failure -- if any one of these
- conditions fail, the program logs the failure and exits with an
- error, otherwise it will continue:</p>
-
- <ol>
- <li>
- <strong>Was the wrapper called with the proper number of
- arguments?</strong>
-
- <blockquote>
- The wrapper will only execute if it is given the proper
- number of arguments. The proper argument format is known
- to the Apache web server. If the wrapper is not receiving
- the proper number of arguments, it is either being
- hacked, or there is something wrong with the suEXEC
- portion of your Apache binary.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the user executing this wrapper a valid user of
- this system?</strong>
-
- <blockquote>
- This is to ensure that the user executing the wrapper is
- truly a user of the system.
- </blockquote>
- </li>
-
- <li>
- <strong>Is this valid user allowed to run the
- wrapper?</strong>
-
- <blockquote>
- Is this user the user allowed to run this wrapper? Only
- one user (the Apache user) is allowed to execute this
- program.
- </blockquote>
- </li>
-
- <li>
- <strong>Does the target program have an unsafe hierarchical
- reference?</strong>
-
- <blockquote>
- Does the target program contain a leading '/' or have a
- '..' backreference? These are not allowed; the target
- program must reside within the Apache webspace.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target user name valid?</strong>
-
- <blockquote>
- Does the target user exist?
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target group name valid?</strong>
-
- <blockquote>
- Does the target group exist?
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target user <em>NOT</em> superuser?</strong>
-
-
- <blockquote>
- Presently, suEXEC does not allow 'root' to execute
- CGI/SSI programs.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target userid <em>ABOVE</em> the minimum ID
- number?</strong>
-
- <blockquote>
- The minimum user ID number is specified during
- configuration. This allows you to set the lowest possible
- userid that will be allowed to execute CGI/SSI programs.
- This is useful to block out "system" accounts.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target group <em>NOT</em> the superuser
- group?</strong>
-
- <blockquote>
- Presently, suEXEC does not allow the 'root' group to
- execute CGI/SSI programs.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target groupid <em>ABOVE</em> the minimum ID
- number?</strong>
-
- <blockquote>
- The minimum group ID number is specified during
- configuration. This allows you to set the lowest possible
- groupid that will be allowed to execute CGI/SSI programs.
- This is useful to block out "system" groups.
- </blockquote>
- </li>
-
- <li>
- <strong>Can the wrapper successfully become the target user
- and group?</strong>
-
- <blockquote>
- Here is where the program becomes the target user and
- group via setuid and setgid calls. The group access list
- is also initialized with all of the groups of which the
- user is a member.
- </blockquote>
- </li>
-
- <li>
- <strong>Does the directory in which the program resides
- exist?</strong>
-
- <blockquote>
- If it doesn't exist, it can't very well contain files.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the directory within the Apache
- webspace?</strong>
-
- <blockquote>
- If the request is for a regular portion of the server, is
- the requested directory within the server's document
- root? If the request is for a UserDir, is the requested
- directory within the user's document root?
- </blockquote>
- </li>
-
- <li>
- <strong>Is the directory <em>NOT</em> writable by anyone
- else?</strong>
-
- <blockquote>
- We don't want to open up the directory to others; only
- the owner user may be able to alter this directories
- contents.
- </blockquote>
- </li>
-
- <li>
- <strong>Does the target program exist?</strong>
-
- <blockquote>
- If it doesn't exists, it can't very well be executed.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target program <em>NOT</em> writable by
- anyone else?</strong>
-
- <blockquote>
- We don't want to give anyone other than the owner the
- ability to change the program.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target program <em>NOT</em> setuid or
- setgid?</strong>
-
- <blockquote>
- We do not want to execute programs that will then change
- our UID/GID again.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target user/group the same as the program's
- user/group?</strong>
-
- <blockquote>
- Is the user the owner of the file?
- </blockquote>
- </li>
-
- <li>
- <strong>Can we successfully clean the process environment
- to ensure safe operations?</strong>
-
- <blockquote>
- suEXEC cleans the process' environment by establishing a
- safe execution PATH (defined during configuration), as
- well as only passing through those variables whose names
- are listed in the safe environment list (also created
- during configuration).
- </blockquote>
- </li>
-
- <li>
- <strong>Can we successfully become the target program and
- execute?</strong>
-
- <blockquote>
- Here is where suEXEC ends and the target program begins.
- </blockquote>
- </li>
- </ol>
- <br />
- <br />
-
-
- <p align="LEFT">This is the standard operation of the the
- suEXEC wrapper's security model. It is somewhat stringent and
- can impose new limitations and guidelines for CGI/SSI design,
- but it was developed carefully step-by-step with security in
- mind.</p>
-
- <p align="LEFT">For more information as to how this security
- model can limit your possibilities in regards to server
- configuration, as well as what security risks can be avoided
- with a proper suEXEC setup, see the <a
- href="#jabberwock">"Beware the Jabberwock"</a> section of this
- document.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="install" name="install">Configuring &amp; Installing
- suEXEC</a></h3>
-
- <p align="LEFT">Here's where we begin the fun. If you use
- Apache 1.2 or prefer to configure Apache 1.3 with the
- "<code>src/Configure</code>" script you have to edit the suEXEC
- header file and install the binary in its proper location
- manually. The following sections describe the configuration and
- installation for Apache 1.3 with the AutoConf-style interface
- (APACI).</p>
-
- <p align="LEFT"><strong>APACI's suEXEC configuration
- options</strong><br />
- </p>
-
- <dl>
- <dt><code>--enable-suexec</code></dt>
-
- <dd>This option enables the suEXEC feature which is never
- installed or activated by default. At least one
- --with-suexec-xxxxx option has to be provided together with the
- --enable-suexec option to let APACI accept your request for
- using the suEXEC feature.</dd>
-
- <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
-
- <dd>The <a href="mod/mpm_common.html#user">username</a> under which
- Apache normally runs. This is the only user allowed to
- execute this program.</dd>
-
- <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
-
- <dd>Define as the DocumentRoot set for Apache. This will be
- the only hierarchy (aside from UserDirs) that can be used for
- suEXEC behavior. The default directory is the --datadir value
- with the suffix "/htdocs", <em>e.g.</em> if you configure
- with "<code>--datadir=/home/apache</code>" the directory
- "/home/apache/htdocs" is used as document root for the suEXEC
- wrapper.</dd>
-
- <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
-
- <dd>This defines the filename to which all suEXEC
- transactions and errors are logged (useful for auditing and
- debugging purposes). By default the logfile is named
- "suexec_log" and located in your standard logfile directory
- (--logfiledir).</dd>
-
- <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
-
- <dd>Define to be the subdirectory under users' home
- directories where suEXEC access should be allowed. All
- executables under this directory will be executable by suEXEC
- as the user so they should be "safe" programs. If you are
- using a "simple" UserDir directive (ie. one without a "*" in
- it) this should be set to the same value. suEXEC will not
- work properly in cases where the UserDir directive points to
- a location that is not the same as the user's home directory
- as referenced in the passwd file. Default value is
- "public_html".<br />
- If you have virtual hosts with a different UserDir for each,
- you will need to define them to all reside in one parent
- directory; then name that parent directory here. <strong>If
- this is not defined properly, "~userdir" cgi requests will
- not work!</strong></dd>
-
- <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
-
- <dd>Define this as the lowest UID allowed to be a target user
- for suEXEC. For most systems, 500 or 100 is common. Default
- value is 100.</dd>
-
- <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
-
- <dd>Define this as the lowest GID allowed to be a target
- group for suEXEC. For most systems, 100 is common and
- therefore used as default value.</dd>
-
- <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
-
- <dd>Define a safe PATH environment to pass to CGI
- executables. Default value is
- "/usr/local/bin:/usr/bin:/bin".</dd>
- </dl>
- <br />
- <br />
-
-
- <p align="LEFT"><strong>Checking your suEXEC
- setup</strong><br />
- Before you compile and install the suEXEC wrapper you can
- check the configuration with the --layout option.<br />
- Example output:</p>
-<pre>
- suEXEC setup:
- suexec binary: /usr/local/apache/sbin/suexec
- document root: /usr/local/apache/share/htdocs
- userdir suffix: public_html
- logfile: /usr/local/apache/var/log/suexec_log
- safe path: /usr/local/bin:/usr/bin:/bin
- caller ID: www
- minimum user ID: 100
- minimum group ID: 100
-</pre>
- <br />
- <br />
-
-
- <p align="LEFT"><strong>Compiling and installing the suEXEC
- wrapper</strong><br />
- If you have enabled the suEXEC feature with the
- --enable-suexec option the suexec binary (together with Apache
- itself) is automatically built if you execute the command
- "make".<br />
- After all components have been built you can execute the
- command "make install" to install them. The binary image
- "suexec" is installed in the directory defined by the --sbindir
- option. Default location is
- "/usr/local/apache/sbin/suexec".<br />
- Please note that you need <strong><em>root
- privileges</em></strong> for the installation step. In order
- for the wrapper to set the user ID, it must be installed as
- owner <code><em>root</em></code> and must have the setuserid
- execution bit set for file modes.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="enable" name="enable">Enabling &amp; Disabling
- suEXEC</a></h3>
-
- <p align="LEFT">Upon startup of Apache, it looks for the file
- "suexec" in the "sbin" directory (default is
- "/usr/local/apache/sbin/suexec"). If Apache finds a properly
- configured suEXEC wrapper, it will print the following message
- to the error log:</p>
-<pre>
- [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
-</pre>
- If you don't see this message at server startup, the server is
- most likely not finding the wrapper program where it expects
- it, or the executable is not installed <em>setuid root</em>.
- <br />
- If you want to enable the suEXEC mechanism for the first time
- and an Apache server is already running you must kill and
- restart Apache. Restarting it with a simple HUP or USR1 signal
- will not be enough. <br />
- If you want to disable suEXEC you should kill and restart
- Apache after you have removed the "suexec" file. <br />
- <br />
-
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="usage" name="usage">Using suEXEC</a></h3>
-
- <p align="LEFT"><strong>Virtual Hosts:</strong><br />
- One way to use the suEXEC wrapper is through the <a
- href="mod/mpm_common.html#user">User</a> and <a
- href="mod/mpm_common.html#group">Group</a> directives in <a
- href="mod/core.html#virtualhost">VirtualHost</a> definitions.
- By setting these directives to values different from the main
- server user ID, all requests for CGI resources will be executed
- as the <em>User</em> and <em>Group</em> defined for that
- <code>&lt;VirtualHost&gt;</code>. If only one or neither of
- these directives are specified for a
- <code>&lt;VirtualHost&gt;</code> then the main server userid is
- assumed.</p>
-
- <p><strong>User directories:</strong><br />
- The suEXEC wrapper can also be used to execute CGI programs as
- the user to which the request is being directed. This is
- accomplished by using the "<strong><code>~</code></strong>"
- character prefixing the user ID for whom execution is desired.
- The only requirement needed for this feature to work is for CGI
- execution to be enabled for the user and that the script must
- meet the scrutiny of the <a href="#model">security checks</a>
- above.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="debug" name="debug">Debugging suEXEC</a></h3>
-
- <p align="LEFT">The suEXEC wrapper will write log information
- to the file defined with the --with-suexec-logfile option as
- indicated above. If you feel you have configured and installed
- the wrapper properly, have a look at this log and the error_log
- for the server to see where you may have gone astray.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="jabberwock" name="jabberwock">Beware the Jabberwock:
- Warnings &amp; Examples</a></h3>
-
- <p align="LEFT"><strong>NOTE!</strong> This section may not be
- complete. For the latest revision of this section of the
- documentation, see the Apache Group's <a
- href="http://www.apache.org/docs/suexec.html">Online
- Documentation</a> version.</p>
-
- <p align="LEFT">There are a few points of interest regarding
- the wrapper that can cause limitations on server setup. Please
- review these before submitting any "bugs" regarding suEXEC.</p>
-
- <ul>
- <li><strong>suEXEC Points Of Interest</strong></li>
-
- <li>
- Hierarchy limitations
-
- <blockquote>
- For security and efficiency reasons, all suexec requests
- must remain within either a top-level document root for
- virtual host requests, or one top-level personal document
- root for userdir requests. For example, if you have four
- VirtualHosts configured, you would need to structure all
- of your VHosts' document roots off of one main Apache
- document hierarchy to take advantage of suEXEC for
- VirtualHosts. (Example forthcoming.)
- </blockquote>
- </li>
-
- <li>
- suEXEC's PATH environment variable
-
- <blockquote>
- This can be a dangerous thing to change. Make certain
- every path you include in this define is a
- <strong>trusted</strong> directory. You don't want to
- open people up to having someone from across the world
- running a trojan horse on them.
- </blockquote>
- </li>
-
- <li>
- Altering the suEXEC code
-
- <blockquote>
- Again, this can cause <strong>Big Trouble</strong> if you
- try this without knowing what you are doing. Stay away
- from it if at all possible.
- </blockquote>
- </li>
- </ul>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
diff --git a/docs/manual/suexec.html.ja.jis b/docs/manual/suexec.html.ja.jis
new file mode 100644
index 0000000000..70b2ee33e3
--- /dev/null
+++ b/docs/manual/suexec.html.ja.jis
@@ -0,0 +1,613 @@
+<?xml version="1.0" encoding="iso-2022-jp"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja">
+ <head>
+
+ <title>Apache suEXEC Support</title>
+
+ </head>
+ <!-- English revision: 1.27 -->
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <body bgcolor="#ffffff" text="#000000" link="#0000ff"
+ vlink="#000080" alink="#ff0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="center">Apache suEXEC Support</h1>
+
+ <ol>
+
+ <li><big><strong>$BL\<!(B</strong></big></li>
+
+ <li><a href="#what">suEXEC $B$H$O(B?</a></li>
+
+ <li><a href="#before">$B;O$a$kA0$K(B</a></li>
+
+ <li><a href="#model">suEXEC $B$N%;%-%e%j%F%#%b%G%k(B</a></li>
+
+ <li><a href="#install">suEXEC $B$N@_Dj$H%$%s%9%H!<%k(B</a></li>
+
+ <li><a href="#enable">suEXEC $B$NM-8z2=$HL58z2=(B</a></li>
+
+ <li><a href="#usage">suEXEC $B$N;HMQ(B</a></li>
+
+ <li><a href="#debug">suEXEC $B$N%G%P%C%0(B</a></li>
+
+ <li><a href="#jabberwock">$B$H$+$2$KCm0U(B: $B7Y9p$H;vNc(B</a></li>
+
+ </ol>
+ <br />
+ <br />
+
+ <h3><a id="what" name="what">suEXEC $B$H$O(B?</a></h3>
+
+ <p align="left">Apache 1.2 $B$GF3F~$5$l$?(B <strong>suEXEC</strong>
+ $B5!G=$K$h$j!"(BApache $B%f!<%6$O(B Web $B%5!<%P$r<B9T$7$F$$$k%f!<%6(B ID $B$H$O(B
+ $B0[$J$k%f!<%6(B ID $B$G(B <strong>CGI</strong> $B%W%m%0%i%`$d(B <strong>SSI</strong>
+ $B%W%m%0%i%`$r<B9T$9$k$3$H$,$G$-$^$9!#(BCGI $B%W%m%0%i%`$^$?$O(B SSI
+ $B%W%m%0%i%`$r<B9T$9$k>l9g!"DL>o$O(B web $B%5!<%P$HF1$8%f!<%6$G<B9T$5$l$^$9!#(B
+ </p>
+
+ <p align="left">$BE,@Z$K;HMQ$9$k$H!"$3$N5!G=$K$h$j%f!<%6$,8DJL$N(B CGI
+ $B$d(B SSI $B%W%m%0%i%`$r3+H/$7<B9T$9$k$3$H$G@8$8$k%;%-%e%j%F%#>e$N4m81$r!"(B
+ $B$+$J$j8:$i$9$3$H$,$G$-$^$9!#$7$+$7!"(BsuEXEC $B$N@_Dj$,ITE,@Z$@$H!"(B
+ $BB?$/$NLdBj$,@8$8!"$"$J$?$N%3%s%T%e!<%?$K?7$7$$%;%-%e%j%F%#%[!<%k$r(B
+ $B:n$C$F$7$^$&2DG=@-$,$"$j$^$9!#$"$J$?$,(B root $B$K(B setuid
+ $B$5$l$?%W%m%0%i%`$H!"$=$l$i$+$i@8$8$k%;%-%e%j%F%#>e$NLdBj$N4IM}$K(B
+ $B>\$7$/$J$$$h$&$J$i!"(BsuEXEC $B$N;HMQ$r8!F$$7$J$$$h$&$K6/$/?d>)$7$^$9!#(B
+ </p>
+
+ <p align="center"><strong><a href="suexec.html">$BL\<!$KLa$k(B</a></strong>
+ </p>
+
+ <h3><a id="before" name="before">$B;O$a$kA0$K(B</a></h3>
+
+ <p align="left">$B$3$NJ8=q$N@hF,$KHt$VA0$K!"(BApache
+ $B%0%k!<%W$H$3$NJ8=q$G$N2>Dj$rCN$C$F$*$/$Y$-$G$7$g$&!#(B
+ </p>
+
+ <p align="left">$BBh(B 1 $B$K!"$"$J$?$,(B <strong>setuid</strong> $B$H(B
+ <strong>setgid</strong> $BA`:n$,2DG=$J(B UNIX
+ $BM3Mh$N%*%Z%l!<%F%#%s%0%7%9%F%`$r;H$C$F$$$k$3$H$rA[Dj$7$F$$$^$9!#(B
+ $B$3$l$O!"$9$Y$F$N%3%^%s%INc$K$"$F$O$^$j$^$9!#(B
+ $B$=$NB>$N%W%i%C%H%[!<%`$G$O!"$b$7(B suEXEC
+ $B$,%5%]!<%H$5$l$F$$$?$H$7$F$b@_Dj$O0[$J$k$+$b$7$l$^$;$s!#(B</p>
+
+ <p align="left">$BBh(B 2 $B$K!"$"$J$?$,;HMQCf$N%3%s%T%e!<%?$N(B
+ $B%;%-%e%j%F%#$K4X$9$k4pK\E*$J35G0$H!"$=$l$i$N4IM}$K$D$$$F>\$7$$$3$H$r(B
+ $BA[Dj$7$F$$$^$9!#$3$l$O!"(B<strong>setuid/setgid</strong>
+ $BA`:n!"$"$J$?$N%7%9%F%`>e$G$N$=$NA`:n$K$h$kMM!9$J8z2L!"(B
+ $B%;%-%e%j%F%#%l%Y%k$K$D$$$F$"$J$?$,M}2r$7$F$$$k$H$$$&$3$H$r4^$_$^$9!#(B
+ </p>
+
+ <p align="left">$BBh(B 3 $B$K!"(B<strong>$B2~B$$5$l$F$$$J$$(B</strong> suEXEC
+ $B%3!<%I$N;HMQ$rA[Dj$7$F$$$^$9!#(BsuEXEC $B$N%3!<%I$O!"(B
+ $BB?$/$N%Y!<%?%F%9%?$@$1$G$J$/!"3+H/<T$K$h$C$F$bCm0U?<$/@:::$5$l(B
+ $B%F%9%H$5$l$F$$$^$9!#$=$l$i$NCm0U$K$h$j!"4J7i$G?.Mj$G$-$k0BA4$J(B
+ $B%3!<%I$N4pHW$,J]>Z$5$l$^$9!#$3$N%3!<%I$r2~JQ$9$k$3$H$G!"(B
+ $BM=4|$5$l$J$$LdBj$d?7$7$$%;%-%e%j%F%#>e$N4m81$,@8$8$k$3$H$,$"$j$^$9!#(B
+ $B%;%-%e%j%F%#%W%m%0%i%_%s%0$N>\:Y$KDL$8$F$$$F!"(B
+ $B:#8e$N8!F$$N$?$a$K@.2L$r(B Apache
+ $B%0%k!<%W$H6&M-$7$h$&$H;W$&$N$G$J$1$l$P!"(BsuEXEC
+ $B%3!<%I$OJQ$($J$$$3$H$r(B <strong>$B6/$/(B</strong>$B?d>)$7$^$9!#(B</p>
+
+ <p align="left">$BBh(B 4 $B$K!"$3$l$,:G8e$G$9$,!"(BsuEXEC $B$r(B Apache
+ $B$N%G%U%)%k%H%$%s%9%H!<%k$K$O(B<strong>$B4^$a$J$$(B</strong>$B$3$H$,(B
+ Apache $B%0%k!<%W$G7hDj$5$l$F$$$^$9!#$3$l$O!"(BsuEXEC
+ $B$N@_Dj$K$O4IM}<T$N>\:Y$K$o$?$k?5=E$JCm0U$,I,MW$@$+$i$G$9!#(B
+ suEXEC $B$NMM!9$J@_Dj$K$D$$$F8!F$$,=*$o$l$P!"4IM}<T$O(B suEXEC
+ $B$rDL>o$N%$%s%9%H!<%kJ}K!$G%$%s%9%H!<%k$9$k$3$H$,$G$-$^$9!#(B
+ $B$3$l$i$N@_DjCM$O!"(BsuEXEC
+ $B5!G=$N;HMQCf$K%7%9%F%`%;%-%e%j%F%#$rE,@Z$KJ]$D$?$a$K!"(B
+ $B4IM}<T$K$h$C$F?5=E$K7hDj$5$l;XDj$5$l$k$3$H$,I,MW$G$9!#(B
+ $B$3$N>\:Y$J<j=g$K$h$j!"(BApache $B%0%k!<%W$O!"(BsuEXEC
+ $B$N%$%s%9%H!<%k$K$D$$$F!"Cm0U?<$/==J,$K8!F$$7$F$=$l$r;HMQ$9$k$3$H$r(B
+ $B7hDj$7$?>l9g$K8B$C$F$$$?$@$-$?$$$H9M$($F$$$^$9!#(B
+ </p>
+
+ <p align="left">$B$=$l$G$b?J$_$^$9$+(B? $B$h$m$7$$!#$G$O!"@h$X?J$_$^$7$g$&(B!</p>
+
+ <p align="center"><strong><a
+ href="suexec.html">$BL\<!$KLa$k(B</a></strong></p>
+
+ <h3><a id="model" name="model">suEXEC $B%;%-%e%j%F%#%b%G%k(B</a></h3>
+
+ <p align="left">suEXEC $B$N@_Dj$H%$%s%9%H!<%k$r;O$a$kA0$K!"(B
+ $B$^$:<BAu$7$h$&$H$7$F$$$k%;%-%e%j%F%#%b%G%k$K$D$$$FO@$8$F$*$-$^$9!#(B
+ $B$=$l$K$O!"(BsuEXEC $B$NFbIt$G9T$J$o$l$F$$$k$3$H!"(B
+ $B%7%9%F%`$N%;%-%e%j%F%#$rJ]>Z$9$k$?$a$K7Y9p$5$l$k$3$H$r(B
+ $B$h$/M}2r$7$F$*$$$?J}$,$h$$$G$7$g$&!#(B</p>
+
+ <p align="left"><strong>suEXEC</strong> $B$O!"(BApache web
+ $B%5!<%P$+$i8F$S=P$5$l$k(B setuid $B$5$l$?(B "wrapper"
+ $B%W%m%0%i%`$,4pK\$H$J$C$F$$$^$9!#@_7W$7$?(B CGI$B!"$^$?$O(B SSI
+ $B%W%m%0%i%`$X$N(B HTTP $B%j%/%(%9%H$,$"$k$H!"$3$N(B wrapper
+ $B$,8F$S=P$5$l$^$9!#$3$N$h$&$J%j%/%(%9%H$,$"$k$H!"(BApache
+ $B$O$=$N%W%m%0%i%`$,<B9T$5$l$k:]$N%W%m%0%i%`L>$H%f!<%6(B ID $B$H%0%k!<%W(B
+ ID $B$r;XDj$7$F(B suEXEC wrapper $B$r<B9T$7$^$9!#(B
+ </p>
+
+ <p align="left">$B$=$l$+$i!"(Bwrapper $B$O@.8y$^$?$O<:GT$r7hDj$9$k$?$a(B
+ $B0J2<$N=hM}$r9T$J$$$^$9!#$3$l$i$N>uBV$N$&$A0l$D$G$b<:GT$7$?>l9g!"(B
+ $B%W%m%0%i%`$O<:GT$r%m%0$K5-O?$7$F%(%i!<$G=*N;$7$^$9!#(B
+ $B$=$&$G$J$1$l$P!"8e$N=hM}$,B3$1$i$l$^$9!#(B</p>
+
+ <ol>
+ <li>
+ <strong>wrapper $B$,E,@Z$J?t$N0z?t$G8F$S=P$5$l$?$+(B?</strong>
+
+
+ <blockquote>
+ wrapper $B$OE,@Z$J?t$N0z?t$,M?$($i$l$?>l9g$K$N$_<B9T$5$l$^$9!#(B
+ $BE,@Z$J0z?t$N%U%)!<%^%C%H$O(B Apache Web $B%5!<%P$K2r<a$5$l$^$9!#(B
+ $BE,@Z$J?t$N0z?t$r<u$1<h$i$J$1$l$P!"967b$r$5$l$?$+(B
+ $B$"$J$?$N(B Apache $B%P%$%J%j$N(B suEXEC $B$NItJ,$,(B
+ $B$I$3$+$*$+$7$$2DG=@-$,$"$j$^$9!#(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>wrapper
+ $B$r<B9T$7$F$$$k%f!<%6$O$3$N%7%9%F%`$N@5Ev$J%f!<%6$+(B?</strong>
+
+ <blockquote>
+ $B$3$l$O!"(Bwrapper $B$r<B9T$7$F$$$k%f!<%6$,(B
+ $BK\Ev$K%7%9%F%`$NMxMQ<T$G$"$k$3$H$rJ]>Z$9$k$?$a$G$9!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$B$3$N@5Ev$J%f!<%6$O(B wrapper
+ $B$N<B9T$r5v2D$5$l$F$$$k$+(B?</strong>
+
+ <blockquote>
+ $B$3$N%f!<%6$O(B wrapper $B<B9T$r5v2D$5$l$?%f!<%6$G$9$+(B?
+ $B$?$@0l?M$N%f!<%6(B (Apache $B%f!<%6(B) $B$@$1$,!"(B
+ $B$3$N%W%m%0%i%`$N<B9T$r5v2D$5$l$^$9!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$N%W%m%0%i%`$,0BA4$G$J$$3,AX$N;2>H$r$7$F$$$k$+(B?
+ </strong>
+
+ <blockquote>
+ $BBP>]$N%W%m%0%i%`$,(B '/' $B$+$i;O$^$k!"$^$?$O(B
+ '..' $B$K$h$k;2>H$r9T$J$C$F$$$^$9$+(B? $B$3$l$i$O5v2D$5$l$^$;$s!#(B
+ $BBP>]$N%W%m%0%i%`$O(B Apache $B$N(B web $B6u4VFb$K$J$1$l$P$J$j$^$;$s!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$H$J$k%f!<%6L>$O@5Ev$J$b$N$+(B?</strong>
+
+ <blockquote>
+ $BBP>]$H$J$k%f!<%6L>$OB8:_$7$F$$$^$9$+(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$H$J$k%0%k!<%WL>$O@5Ev$J$b$N$+(B?</strong>
+
+ <blockquote>
+ $BBP>]$H$J$k%0%k!<%WL>$OB8:_$7$F$$$^$9$+(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BL\E*$N%f!<%6$O%9!<%Q!<%f!<%6$G$O(B<em>$B$J$$(B</em>$B$+(B?
+ </strong>
+
+ <blockquote>
+ $B:#$N$H$3$m!"(BsuEXEC $B$O(B 'root' $B$K$h$k(B CGI/SSI
+ $B%W%m%0%i%`$N<B9T$r5v2D$7$F$$$^$;$s!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$H$J$k%f!<%6(B ID $B$O!":G>.$N(B ID
+ $BHV9f$h$j$b(B<em>$BBg$-$$(B</em>$B$+(B? </strong>
+
+ <blockquote>
+ $B:G>.%f!<%6(B ID $BHV9f$O@_Dj;~$K;XDj$5$l$^$9!#$3$l$O!"(B
+ CGI/SSI $B%W%m%0%i%`<B9T$r5v2D$5$l$k%f!<%6(B ID
+ $B$N$H$j$&$k:G>.CM$G$9!#$3$l$O(B
+ "system" $BMQ$N%"%+%&%s%H$rJD$a=P$9$N$KM-8z$G$9!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$H$J$k%0%k!<%W$O%9!<%Q!<%f!<%6$N%0%k!<%W$G$O(B
+ <em>$B$J$$(B</em>$B$+(B?</strong>
+
+ <blockquote>
+ $B:#$N$H$3$m!"(BsuEXEC $B$O(B 'root' $B%0%k!<%W$K$h$k(B CGI/SSI
+ $B%W%m%0%i%`$N<B9T$r5v2D$7$F$$$^$;$s!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$H$J$k%0%k!<%W(B ID $B$O:G>.$N(B ID
+ $BHV9f$h$j$b(B<em>$BBg$-$$(B</em>$B$+(B?</strong>
+
+ <blockquote>
+ $B:G>.%0%k!<%W(B ID $BHV9f$O@_Dj;~$K;XDj$5$l$^$9!#$3$l$O!"(B
+ CGI/SSI $B%W%m%0%i%`<B9T$r5v2D$5$l$k%0%k!<%W(B
+ ID $B$N$H$j$&$k:G>.CM$G$9!#(B
+ $B$3$l$O(B "system" $BMQ$N%0%k!<%W$rJD$a=P$9$N$KM-8z$G$9!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>wrapper $B$,@5>o$KBP>]$H$J$k%f!<%6$H%0%k!<%W$K$J$l$k$+(B?
+ </strong>
+
+ <blockquote>
+ $B$3$3$G!"(Bsetuid $B$H(B setgid
+ $B$N5/F0$K$h$j%W%m%0%i%`$OBP>]$H$J$k%f!<%6$H%0%k!<%W$K$J$j$^$9!#(B
+ $B%0%k!<%W%"%/%;%9%j%9%H$O!"(B
+ $B%f!<%6$,B0$7$F$$$k$9$Y$F$N%0%k!<%W$G=i4|2=$5$l$^$9!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$B%W%m%0%i%`$,CV$+$l$k%G%#%l%/%H%j$OB8:_$7$F$$$k$+(B?
+ </strong>
+
+ <blockquote>
+ $B%G%#%l%/%H%j$,B8:_$7$J$$$J$i!"$=$N%U%!%$%k$bB8:_$7$J$$$+$b$7$l$^$;$s!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$B%G%#%l%/%H%j$,(B Apache $B$N%I%-%e%a%s%H%D%j!<Fb$K$"$k$+(B?
+ </strong>
+
+ <blockquote>
+ $B%j%/%(%9%H$,%5!<%PFb$N$b$N$G$"$l$P!"(B
+ $BMW5a$5$l$?%G%#%l%/%H%j$,%5!<%P$N%I%-%e%a%s%H%k!<%HG[2<$K$"$j$^$9$+(B?
+ $B%j%/%(%9%H$,(B UserDir $B$N$b$N$G$"$l$P!"(B
+ $BMW5a$5$l$?%G%#%l%/%H%j$,%f!<%6$N%I%-%e%a%s%H%k!<%HG[2<$K$"$j$^$9$+(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$B%G%#%l%/%H%j$rB>$N%f!<%6$,=q$-9~$a$k$h$&$K$J$C$F(B
+ <em>$B$$$J$$(B</em>$B$+(B?</strong>
+
+ <blockquote>
+ $B%G%#%l%/%H%j$rB>%f!<%6$K3+J|$7$J$$$h$&$K$7$^$9!#(B
+ $B=jM-%f!<%6$@$1$,$3$N%G%#%l%/%H%j$NFbMF$r2~JQ$G$-$k$h$&$K$7$^$9!#(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>$BBP>]$H$J$k%W%m%0%i%`$OB8:_$9$k$+(B?</strong>
+
+ <blockquote>
+ $BB8:_$7$J$1$l$P<B9T$G$-$^$;$s!#(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$BBP>]$H$J$k%W%m%0%i%`%U%!%$%k$,B>%"%+%&%s%H$+$i(B
+ $B=q$-9~$a$k$h$&$K$J$C$F(B<em>$B$$$J$$(B</em>$B$+(B?</strong>
+
+ <blockquote>
+ $B=jM-<T0J30$K$O%W%m%0%i%`$rJQ99$9$k8"8B$OM?$($i$l$^$;$s!#(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>$BBP>]$H$J$k%W%m%0%i%`$,(B setuid $B$^$?$O(B setgid
+ $B$5$l$F(B<em>$B$$$J$$(B</em>$B$+(B?</strong>
+
+ <blockquote>
+ UID/GID $B$r:FEYJQ99$7$F$N%W%m%0%i%`<B9T$O$7$^$;$s(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>$BBP>]$H$J$k%f!<%6(B/$B%0%k!<%W$,%W%m%0%i%`$N(B
+ $B%f!<%6(B/$B%0%k!<%W$HF1$8$+(B?</strong>
+
+ <blockquote>
+ $B%f!<%6$,$=$N%U%!%$%k$N=jM-<T$G$9$+(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>$B0BA4$JF0:n$rJ]>Z$9$k$?$a$N4D6-JQ?t%/%j%"$,2DG=$+(B?
+ </strong>
+
+ <blockquote>
+ suEXEC $B$O!"0BA4$J4D6-JQ?t$N%j%9%H(B
+ ($B$3$l$i$O@_Dj;~$K:n@.$5$l$^$9(B) $BFb$NJQ?t$H$7$FEO$5$l$k0BA4$J(B
+ PATH $BJQ?t(B ($B@_Dj;~$K;XDj$5$l$^$9(B) $B$r@_Dj$9$k$3$H$G!"(B
+ $B%W%m%;%9$N4D6-JQ?t$r%/%j%"$7$^$9!#(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>$BBP>]$H$J$k%W%m%0%i%`$r(B exec $B$7$F<B9T$G$-$k$+(B?</strong>
+
+
+ <blockquote>
+ $B$3$3$G(B suEXEC $B$,=*N;$7!"BP>]$H$J$k%W%m%0%i%`$,3+;O$5$l$^$9!#(B
+ </blockquote>
+ </li>
+ </ol>
+ <br />
+ <br />
+
+ <p align="left">$B$3$3$^$G$,(B suEXEC $B$N(B wrapper
+ $B$K$*$1$k%;%-%e%j%F%#%b%G%k$NI8=`E*$JF0:n$G$9!#$b$&>/$787=E$K(B
+ CGI/SSI $B@_7W$K$D$$$F$N?7$7$$@)8B$d5,Dj$r<h$jF~$l$k$3$H$b$G$-$^$9$,!"(B
+ suEXEC $B$O%;%-%e%j%F%#$KCm0U$7$F?5=E$K>/$7$:$D3+H/$5$l$F$-$^$7$?!#(B
+ </p>
+
+ <p align="left">$B$3$N%;%-%e%j%F%#%b%G%k$rMQ$$$F(B
+ $B%5!<%P@_Dj;~$K$I$N$h$&$K5v$9$3$H$r@)8B$9$k$+!"$^$?!"(BsuEXEC
+ $B$rE,@Z$K@_Dj$9$k$H$I$N$h$&$J%;%-%e%j%F%#>e$N4m81$rHr$1$i$l$k$+$K(B
+ $B4X$9$k$h$j>\$7$$>pJs$K$D$$$F$O!"(B<a href="#jabberwock">"$B$H$+$2$KCm0U(B"
+ (Beware the Jabberwock)</a> $B$N>O$r;2>H$7$F$/$@$5$$!#(B
+ </p>
+
+ <p align="center"><strong><a href="suexec.html"
+ >$BL\<!$KLa$k(B</a></strong></p>
+
+ <h3><a name="install" id="install">suEXEC
+ $B$N@_Dj$H%$%s%9%H!<%k(B</a></h3>
+
+ <p align="left">$B$3$3$+$i3Z$7$/$J$j$^$9!#(BApache 1.2 $B$"$k$$$O(B
+ <code>"src/Configure"</code> $B%9%/%j%W%H$G(B Apache 1.3 $B$r@_Dj$9$k$J$i!"(B
+ suEXEC $B%X%C%@%U%!%$%k$rJT=8$7$F%P%$%J%j$rE,@Z$J>l=j$K<j:n6H$G(B
+ $B%$%s%9%H!<%k$7$J$1$l$P$J$j$^$;$s!#(B
+ $B0J2<$N>O$G$O!"(BAutoConf-style $B%$%s%?%U%'!<%9(B (APACI) $B$r;H$C$?(B
+ Apache 1.3 $B$G$N@_Dj$H%$%s%9%H!<%k$K$D$$$F=R$Y$F$$$^$9!#(B
+ </p>
+
+ <p align="left"><strong>APACI $B$N(B suEXEC
+ $B@_Dj%*%W%7%g%s(B</strong><br />
+ </p>
+
+ <dl>
+ <dt><code>--enable-suexec</code></dt>
+
+ <dd>$B$3$N%*%W%7%g%s$O!"%G%U%)%k%H$G$O%$%s%9%H!<%k$5$l$:!"(B
+ $BM-8z$K$O$J$i$J$$(B suEXEC $B5!G=$rM-8z$K$7$^$9!#(B
+ suEXEC $B$r;H$&$h$&$K(B APACI $B$KMW5a$9$k$K$O!"(B--enable-suexec
+ $B%*%W%7%g%s$K$"$o$;$F>/$J$/$H$b0l$D$O(B --with-suexec-xxxxx
+ $B%*%W%7%g%s$,;XDj$5$l$J$1$l$P$J$j$^$;$s!#(B</dd>
+
+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
+
+ <dd>Apache $B$rDL>oF0:n$5$;$k(B<a
+ href="mod/mpm_common.html#user">$B%f!<%6L>(B</a>$B$r;XDj$7$^$9!#(B
+ $B$3$N%f!<%6$@$1$,(B suexec $B$N<B9T$r5v2D$5$l$?%f!<%6$K$J$j$^$9!#(B</dd>
+
+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
+
+ <dd>Apache $B$N%I%-%e%a%s%H%k!<%H$r@_Dj$7$^$9!#$3$l$,(B suEXEC
+ $B$NF0:n$G;HMQ$9$kM#0l$N%G%#%l%/%H%j3,AX$K$J$j$^$9(B (UserDir
+ $B$N;XDj$OJL(B)$B!#%G%U%)%k%H$G$O(B --datedir $B$K(B "/htdocs"
+ $B$H$$$&%5%U%#%C%/%9$r$D$1$?$b$N$G$9!#(B
+ "<code>--datadir=/home/apache</code>" $B$H$7$F@_Dj$9$k$H!"(B
+ suEXEC wrapper $B$K$H$C$F(B "/home/apache/htdocs"
+ $B$,%I%-%e%a%s%H%k!<%H$H$7$F;H$o$l$^$9!#(B</dd>
+
+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
+
+ <dd>suEXEC $B$N=hM}$H%(%i!<$,5-O?$5$l$k%U%!%$%kL>$r;XDj$7$^$9!#(B
+ ($B4F::$d%G%P%C%0L\E*$KM-MQ(B)
+ $B%G%U%)%k%H$G$O%m%0%U%!%$%k$O(B "suexec_log" $B$H$$$&L>A0$G!"(B
+ $BI8=`$N%m%0%U%!%$%k%G%#%l%/%H%j(B (--logfiledir) $B$KCV$+$l$^$9!#(B
+ </dd>
+
+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
+
+ <dd>suEXEC $B$,%"%/%;%9$r5v$5$l$k%f!<%6%[!<%`%G%#%l%/%H%jG[2<$N(B
+ $B%5%V%G%#%l%/%H%j$r;XDj$7$^$9!#(B
+ $B$3$N%G%#%l%/%H%j0J2<$NA4<B9T%U%!%$%k$O!"(B"$B0BA4$J(B"$B%W%m%0%i%`$K$J$k$h$&!"(B
+ suEXEC $B$,$=$N%f!<%6$H$7$F<B9T$G$-$k$h$&$K$7$^$9!#(B
+ "$BC1=c$J(B" UserDir $B%G%#%l%/%F%#%V$r;H$C$F$$$k>l9g(B
+ ($B$9$J$o$A(B "*" $B$r4^$^$J$$$b$N(B)$B!"$3$l$HF1$8CM$r@_Dj$9$Y$-$G$9!#(B
+ Userdir $B%G%#%l%/%F%#%V$,$=$N%f!<%6$N%Q%9%o!<%I%U%!%$%kFb$N(B
+ $B%[!<%`%G%#%l%/%H%j$HF1$8>l=j$r;X$7$F$$$J$1$l$P!"(B
+ suEXEC $B$OE,@Z$KF0:n$7$^$;$s!#%G%U%)%k%H$O(B "public_html" $B$G$9!#(B
+ <br />
+ $B3F(B UserDir $B$,0[$J$C$?2>A[%[%9%H$r@_Dj$7$F$$$k>l9g!"(B
+ $B$=$l$i$rA4$F0l$D$N?F%G%#%l%/%H%j$K4^$a$F!"(B
+ $B$=$N?F%G%#%l%/%H%j$NL>A0$r$3$3$G;XDj$9$kI,MW$,$"$j$^$9!#(B
+ <strong>$B$3$N$h$&$K;XDj$5$l$J$1$l$P(B "~userdir" cgi
+ $B$X$N%j%/%(%9%H$,F0:n$7$^$;$s!#(B</strong></dd>
+
+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
+
+ <dd>suEXEC $B$NBP>]%f!<%6$H$7$F5v$5$l$k(B UID $B$N:G>.CM$r;XDj$7$^$9!#(B
+ $BBgDq$N%7%9%F%`$G$O(B 500 $B$+(B 100 $B$,0lHLE*$G$9!#(B
+ $B%G%U%)%k%HCM$O(B 100 $B$G$9!#(B</dd>
+
+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
+
+ <dd>suEXEC $B$NBP>]%0%k!<%W$H$7$F5v$5$l$k(B GID
+ $B$N:G>.CM$r;XDj$7$^$9!#BgDq$N%7%9%F%`$G$O(B 100 $B$,0lHLE*$J$N$G!"(B
+ $B%G%U%)%k%HCM$H$7$F$b(B 100 $B$,;H$o$l$F$$$^$9!#(B</dd>
+
+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
+
+ <dd>CGI $B<B9T%U%!%$%k$KEO$5$l$k0BA4$J(B PATH $B4D6-JQ?t$G$9!#(B
+ $B%G%U%)%k%HCM$O(B "/usr/local/bin:/usr/bin:/bin" $B$G$9!#(B
+ </dd>
+ </dl>
+ <br />
+ <br />
+
+ <p align="left"><strong>suEXEC $B@_Dj$N3NG'(B</strong>
+ <br />
+ suEXEC wrapper $B$r%3%s%Q%$%k$7$F%$%s%9%H!<%k$9$kA0$K!"@_DjFbMF$r(B
+ --layout $B%*%W%7%g%s$G3NG'$G$-$^$9!#(B<br />
+ $B=PNONc(B:</p>
+<pre>
+ suEXEC setup:
+ suexec binary: /usr/local/apache/sbin/suexec
+ document root: /usr/local/apache/share/htdocs
+ userdir suffix: public_html
+ logfile: /usr/local/apache/var/log/suexec_log
+ safe path: /usr/local/bin:/usr/bin:/bin
+ caller ID: www
+ minimum user ID: 100
+ minimum group ID: 100
+</pre>
+ <br />
+ <br />
+
+ <p align="left"><strong>suEXEC wrapper
+ $B$N%3%s%Q%$%k$H%$%s%9%H!<%k(B</strong><br />
+ --enable-suexec $B%*%W%7%g%s$G(B suEXEC $B5!G=$rM-8z$K$9$k$H!"(B
+ "make" $B%3%^%s%I$r<B9T$7$?;~$K(B suEXEC $B$N%P%$%J%j(B (Apache $B<+BN$b(B)
+ $B$,<+F0E*$K:n@.$5$l$^$9!#(B
+ <br />
+ $B$9$Y$F$N9=@.MWAG$,:n@.$5$l$k$H!"$=$l$i$N%$%s%9%H!<%k$K$O(B
+ "make install" $B%3%^%s%I$,<B9T$G$-$^$9!#%P%$%J%j%$%a!<%8$N(B "suexec"
+ $B$O(B --sbindir $B%*%W%7%g%s$G;XDj$5$l$?%G%#%l%/%H%j$K%$%s%9%H!<%k$5$l$^$9!#(B
+ $B%G%U%)%k%H$N>l=j$O(B "/usr/local/apache/sbin/suexec" $B$G$9!#(B<br />
+ $B%$%s%9%H!<%k;~$K$O(B <strong><em>root</em></strong>
+ $B8"8B$,I,MW$J$N$GCm0U$7$F$/$@$5$$!#(Bwrapper $B$,%f!<%6(B ID
+ $B$r@_Dj$9$k$?$a$K!"=jM-<T(B <code><em>root</em></code>
+ $B$G$N%;%C%H%f!<%6(B ID
+ $B%S%C%H$r$=$N%U%!%$%k$N%b!<%I$K@_Dj$7$J$1$l$P$J$j$^$;$s!#(B
+ </p>
+
+ <p align="center"><strong><a
+ href="suexec.html">$BL\<!$KLa$k(B</a></strong></p>
+
+ <h3><a id="enable" name="enable">suEXEC
+ $B$NM-8z2=$HL58z2=(B</a></h3>
+
+ <p align="left">$B5/F0;~$K!"(BApache $B$O(B "sbin" $B%G%#%l%/%H%j$G(B
+ "suexec" $B$rC5$7$^$9(B
+ ($B%G%U%)%k%H$O(B "/usr/local/apache/sbin/suexec") $B!#(B
+ $BE,@Z$K@_Dj$5$l$?(B suEXEC $B$,$_$D$+$k$H!"(B
+ $B%(%i!<%m%0$K0J2<$N%a%C%;!<%8$,=PNO$5$l$^$9!#(B</p>
+<pre>
+ [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
+</pre>
+
+ <p>$B%5!<%P5/F0;~$K$3$N%a%C%;!<%8$,=P$J$$>l9g!"(B
+ $BBgDq$O%5!<%P$,A[Dj$7$?>l=j$G(B wrapper $B%W%m%0%i%`$,8+$D$+$i$J$+$C$?$+!"(B
+ <em>setuid root</em> $B$H$7$F%$%s%9%H!<%k$5$l$F$$$J$$$+$G$9!#(B
+ <br />
+ suEXEC $B$N;EAH$_$r;HMQ$9$k$N$,=i$a$F$G!"(BApache $B$,4{$KF0:nCf$G$"$l$P!"(B
+ Apache $B$r(B kill $B$7$F!":F5/F0$7$J$1$l$P$J$j$^$;$s!#(BHUP $B%7%0%J%k$d(B
+ USR1 $B%7%0%J%k$K$h$kC1=c$J:F5/F0$G$OIT==J,$G$9!#(B<br />
+ suEXEC $B$rL58z$K$9$k>l9g$O!"(B"suexec" $B%U%!%$%k$r:o=|$7$F$+$i(B
+ Apache $B$r(B kill $B$7$F:F5/F0$7$^$9!#(B
+ </p>
+
+ <p align="center"><strong><a
+ href="suexec.html">$BL\<!$KLa$k(B</a></strong></p>
+
+ <h3><a id="usage" name="usage">suEXEC $B$N;HMQ(B</a></h3>
+
+ <p align="left"><strong>$B2>A[%[%9%H(B:</strong><br />
+ suEXEC wrapper $B$N;H$$J}$H$7$F!"(B
+ <a href="mod/core.html#virtualhost">$B2>A[%[%9%H(B</a>$B@_Dj$G$N(B
+ <a href="mod/mpm_common.html#user">User</a> $B%G%#%l%/%F%#%V$H(B
+ <a href="mod/mpm_common.html#group">Group</a>
+ $B%G%#%l%/%F%#%V$rDL$7$?$b$N$,$"$j$^$9!#(B
+ $B$3$l$i$N%G%#%l%/%F%#%V$r%a%$%s%5!<%P$N%f!<%6(B ID
+ $B$H0[$J$k$b$N$K$9$k$H!"(BCGI $B%j%=!<%9$X$N$9$Y$F$N%j%/%(%9%H$O!"$=$N(B
+ <code>&lt;VirtualHost&gt;</code> $B$G;XDj$5$l$?(B <em>User</em> $B$H(B
+ <em>Group</em> $B$H$7$F<B9T$5$l$^$9!#(B<code>&lt;VirtualHost&gt;</code>
+ $B$G$=$l$i$N%G%#%l%/%F%#%V$N$I$A$i$+!"$^$?$ON>J}$,;XDj$5$l$F$$$J$$>l9g!"(B
+ $B%a%$%s%5!<%P$N%f!<%6(B ID $B$,A[Dj$5$l$^$9!#(B</p>
+
+ <p><strong>$B%f!<%6%G%#%l%/%H%j(B:</strong><br />
+ suEXEC wrapper $B$O!"%j%/%(%9%H@h$N%f!<%6$H$7$F(B CGI
+ $B$r<B9T$9$k$?$a$K$b;H$($^$9!#$3$l$O4|BT$9$k<B9T8"8B$N%f!<%6(B ID
+ $B$NA0$K!"(B"<strong><code>~</code></strong>"
+ $BJ8;z$rCV$/$3$H$G<B8=$5$l$^$9!#(B
+ $B$3$N5!G=$rF0:n$5$;$k$?$a$KI,MW$J$3$H$O!"(BCGI
+ $B$r$=$N%f!<%6$G<B9T$G$-$k$3$H!"$=$N%9%/%j%W%H$,>e5-$N(B<a
+ href="#model">$B%;%-%e%j%F%#8!::(B</a>$B$r%Q%9$G$-$k$3$H$G$9!#(B
+ </p>
+
+ <p align="center"><strong><a
+ href="suexec.html">$BL\<!$KLa$k(B</a></strong></p>
+
+ <h3><a id="debug" name="debug">suEXEC $B$N%G%P%C%0(B</a></h3>
+
+ <p align="left">suEXEC wrapper $B$O!">e5-$G=R$Y$?(B --with-suexec-logfile
+ $B%*%W%7%g%s$G;XDj$5$l$?%U%!%$%k$K%m%0>pJs$r5-O?$7$^$9!#(B
+ wrapper $B$rE,@Z$K@_Dj!"%$%s%9%H!<%k$G$-$F$$$k$H;W$&>l9g!"(B
+ $B$I$3$GLB$C$F$$$k$+8+$h$&$H$9$k$J$i$3$N%m%0$H%5!<%P$N(B
+ $B%(%i!<%m%0$r8+$k$H$h$$$G$7$g$&!#(B</p>
+
+ <p align="center"><strong><a
+ href="suexec.html">$BL\<!$KLa$k(B</a></strong></p>
+
+ <h3><a id="jabberwock"
+ name="jabberwock">$B$H$+$2$KCm0U(B: $B7Y9p$H;vNc(B</a></h3>
+
+ <p align="left"><strong>$BCm0U(B!</strong>
+ $B$3$N>O$O40A4$G$O$"$j$^$;$s!#$3$N>O$N:G?72~D{HG$K$D$$$F$O!"(B
+ Apache $B%0%k!<%W$N(B<a href="http://www.apache.org/docs/suexec.html">
+ $B%*%s%i%$%s%I%-%e%a%s%H(B</a>$BHG$r;2>H$7$F$/$@$5$$!#(B
+ </p>
+
+ <p align="left">$B%5!<%P$N@_Dj$K@)8B$r$b$&$1$k(B wrapper $B$K$D$$$F!"(B
+ $B$$$/$D$+6=L#?<$$E@$,$"$j$^$9!#(BsuEXEC $B$K4X$9$k(B "$B%P%0(B"
+ $B$rJs9p$9$kA0$K$3$l$i$r3NG'$7$F$/$@$5$$!#(B</p>
+
+ <ul>
+ <li><strong>suEXEC $B$N6=L#?<$$E@(B</strong></li>
+
+ <li>$B3,AX9=B$$N@)8B(B
+
+
+ <blockquote>
+ $B%;%-%e%j%F%#$H8zN($NM}M3$+$i!"(BsuEXEC $B$NA4$F$N%j%/%(%9%H$O(B
+ $B2>A[%[%9%H$X$N%j%/%(%9%H$K$*$1$k:G>e0L$N%I%-%e%a%s%H%k!<%HFb$+!"(B
+ $B%f!<%6%G%#%l%/%H%j$X$N%j%/%(%9%H$K$*$1$k8D!9$N%f!<%6$N:G>e0L$N(B
+ $B%I%-%e%a%s%H%k!<%HFb$K;D$i$J$1$l$P$J$j$^$;$s!#(B
+ $BNc$($P!";M$D$N2>A[%[%9%H$r@_Dj$7$F$$$k>l9g!"(B
+ $B2>A[%[%9%H$N(B suEXEC $B$KM-Mx$J$h$&$K!"%a%$%s$N(B Apache
+ $B%I%-%e%a%s%H3,AX$N30B&$KA4$F$N2>A[%[%9%H$N%I%-%e%a%s%H%k!<%H$r(B
+ $B9=C[$9$kI,MW$,$"$j$^$9!#(B($BNc$O8eF|5-:\(B)
+ </blockquote>
+ </li>
+
+ <li>suEXEC $B$N(B PATH $B4D6-JQ?t(B
+
+
+ <blockquote>
+ $B$3$l$rJQ99$9$k$N$O4m81$G$9!#$3$N;XDj$K4^$^$l$k3F%Q%9$,(B
+ <strong>$B?.Mj$G$-$k(B</strong>
+ $B%G%#%l%/%H%j$G$"$k$3$H$r3NG'$7$F$/$@$5$$!#(B
+ $B@$3&$+$i$N%"%/%;%9$K$h$j!"C/$+$,%[%9%H>e$G%H%m%$$NLZGO(B
+ $B$r<B9T$G$-$k$h$&$K$O$7$?$/$J$$$G$7$g$&!#(B
+ </blockquote>
+ </li>
+
+ <li>suEXEC $B%3!<%I$N2~B$(B
+
+
+ <blockquote>
+ $B7+$jJV$7$^$9$,!"2?$r$d$m$&$H$7$F$$$k$+GD0.$;$:$K$3$l$r$d$k$H(B
+ <strong>$BBg$-$JLdBj(B</strong>$B$r0z$-5/$3$7$+$M$^$;$s!#(B
+ $B2DG=$J8B$jHr$1$F$/$@$5$$!#(B
+ </blockquote>
+ </li>
+ </ul>
+
+ <p align="center"><strong><a
+ href="suexec.html">$BL\<!$KLa$k(B</a></strong></p>
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
View Lorry Controller Status