suexec.h revision 09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1
842ae4bd224140319ae7feec1872b93dfd491143fielding/* ====================================================================
842ae4bd224140319ae7feec1872b93dfd491143fielding * Copyright (c) 1995-1999 The Apache Group. All rights reserved.
842ae4bd224140319ae7feec1872b93dfd491143fielding * Redistribution and use in source and binary forms, with or without
842ae4bd224140319ae7feec1872b93dfd491143fielding * modification, are permitted provided that the following conditions
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * 1. Redistributions of source code must retain the above copyright
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * notice, this list of conditions and the following disclaimer.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * 2. Redistributions in binary form must reproduce the above copyright
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * notice, this list of conditions and the following disclaimer in
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * the documentation and/or other materials provided with the
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd * distribution.
7e79e8fd53348f9fc6e8009a4a2522425ab6f08ffielding * 3. All advertising materials mentioning features or use of this
92ae63a7151376cfb024555195deb4860af1a90afuankg * software must display the following acknowledgment:
92ae63a7151376cfb024555195deb4860af1a90afuankg * "This product includes software developed by the Apache Group
92ae63a7151376cfb024555195deb4860af1a90afuankg * for use in the Apache HTTP server project (http://www.apache.org/)."
92ae63a7151376cfb024555195deb4860af1a90afuankg * 4. The names "Apache Server" and "Apache Group" must not be used to
92ae63a7151376cfb024555195deb4860af1a90afuankg * endorse or promote products derived from this software without
92ae63a7151376cfb024555195deb4860af1a90afuankg * prior written permission. For written permission, please contact
92ae63a7151376cfb024555195deb4860af1a90afuankg * apache@apache.org.
92ae63a7151376cfb024555195deb4860af1a90afuankg * 5. Products derived from this software may not be called "Apache"
92ae63a7151376cfb024555195deb4860af1a90afuankg * nor may "Apache" appear in their names without prior written
92ae63a7151376cfb024555195deb4860af1a90afuankg * permission of the Apache Group.
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein * 6. Redistributions of any form whatsoever must retain the following
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein * acknowledgment:
92ae63a7151376cfb024555195deb4860af1a90afuankg * "This product includes software developed by the Apache Group
92ae63a7151376cfb024555195deb4860af1a90afuankg * for use in the Apache HTTP server project (http://www.apache.org/)."
a50ebe9ca7a0a8e3e9b3f0abd3b9ef55b8dc36c5fuankg * THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
92ae63a7151376cfb024555195deb4860af1a90afuankg * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
92ae63a7151376cfb024555195deb4860af1a90afuankg * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
14262dee6334e2315a7293c40c3d7b20d62e838btrawick * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
14262dee6334e2315a7293c40c3d7b20d62e838btrawick * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
14262dee6334e2315a7293c40c3d7b20d62e838btrawick * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * OF THE POSSIBILITY OF SUCH DAMAGE.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * ====================================================================
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * This software consists of voluntary contributions made by many
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * individuals on behalf of the Apache Group and was originally based
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * on public domain software written at the National Center for
3de8d8649277a02f53aa4f06121420985e8eee08nd * Supercomputing Applications, University of Illinois, Urbana-Champaign.
10db6c4117794cbb76695f8b81b02a82bcf986e1ben * For more information on the Apache Group and the Apache HTTP server
81cc440ca73845f44dc589db106d3feb7a36f33bminfrin * project, please see <http://www.apache.org/>.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * suexec.h -- user-definable variables for the suexec wrapper code.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding * (See README.configure on how to customize these variables.)
10db6c4117794cbb76695f8b81b02a82bcf986e1ben * HTTPD_USER -- Define as the username under which Apache normally
81cc440ca73845f44dc589db106d3feb7a36f33bminfrin * runs. This is the only user allowed to execute
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * this program.
81cc440ca73845f44dc589db106d3feb7a36f33bminfrin * UID_MIN -- Define this as the lowest UID allowed to be a target user
81cc440ca73845f44dc589db106d3feb7a36f33bminfrin * for suEXEC. For most systems, 500 or 100 is common.
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * GID_MIN -- Define this as the lowest GID allowed to be a target group
36e56bad6e9dff97dce981cd7543e81d814b5e35fuankg * for suEXEC. For most systems, 100 is common.
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh * USERDIR_SUFFIX -- Define to be the subdirectory under users'
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * home directories where suEXEC access should
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * be allowed. All executables under this directory
8b9a4881f960811c0804bd11e13f7341be5bace8wrowe * will be executable by suEXEC as the user so
fdf0370f05f77efd6e8f7e888dc21afc1fc79cbfben * they should be "safe" programs. If you are
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * using a "simple" UserDir directive (ie. one
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * without a "*" in it) this should be set to
8b9a4881f960811c0804bd11e13f7341be5bace8wrowe * the same value. suEXEC will not work properly
fdf0370f05f77efd6e8f7e888dc21afc1fc79cbfben * in cases where the UserDir directive points to
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * a location that is not the same as the user's
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * home directory as referenced in the passwd file.
8b9a4881f960811c0804bd11e13f7341be5bace8wrowe * If you have VirtualHosts with a different
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * UserDir for each, you will need to define them to
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * all reside in one parent directory; then name that
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * parent directory here. IF THIS IS NOT DEFINED
85c4a4d5ba3751702855fd9b1a78daed874941dcwrowe * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * See the suEXEC documentation for more detailed
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * information.
c7b8ebf28db0c79631ddcc97aaf7ea7d3e029d2ffielding * LOG_EXEC -- Define this as a filename if you want all suEXEC
c7b8ebf28db0c79631ddcc97aaf7ea7d3e029d2ffielding * transactions and errors logged for auditing and
2261031aa94be82d7e6b1b8c367afc1b282317f5ianh * debugging purposes.
3de8d8649277a02f53aa4f06121420985e8eee08nd#define LOG_EXEC "/usr/local/apache/logs/cgi.log" /* Need me? */
3de8d8649277a02f53aa4f06121420985e8eee08nd * DOC_ROOT -- Define as the DocumentRoot set for Apache. This
fdf0370f05f77efd6e8f7e888dc21afc1fc79cbfben * will be the only hierarchy (aside from UserDirs)
3de8d8649277a02f53aa4f06121420985e8eee08nd * that can be used for suEXEC behavior.
8b64441666c2d3894744886fc5eda2e9ee15605eben * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
09fe0b69d3d1e8c8041c9ce99ee77b8b44b5e3b1fielding#endif /* _SUEXEC_H */