1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 * @brief user-definable variables for the suexec wrapper code.
20 * (See README.configure on how to customize these variables.)
28 * Include ap_config_layout so we can work out where the default htdocsdir
31 #include "ap_config_layout.h"
34 * HTTPD_USER -- Define as the username under which Apache normally
35 * runs. This is the only user allowed to execute
39 #define AP_HTTPD_USER "www"
43 * UID_MIN -- Define this as the lowest UID allowed to be a target user
44 * for suEXEC. For most systems, 500 or 100 is common.
47 #define AP_UID_MIN 100
51 * GID_MIN -- Define this as the lowest GID allowed to be a target group
52 * for suEXEC. For most systems, 100 is common.
55 #define AP_GID_MIN 100
59 * USERDIR_SUFFIX -- Define to be the subdirectory under users'
60 * home directories where suEXEC access should
61 * be allowed. All executables under this directory
62 * will be executable by suEXEC as the user so
63 * they should be "safe" programs. If you are
64 * using a "simple" UserDir directive (ie. one
65 * without a "*" in it) this should be set to
66 * the same value. suEXEC will not work properly
67 * in cases where the UserDir directive points to
68 * a location that is not the same as the user's
69 * home directory as referenced in the passwd file.
71 * If you have VirtualHosts with a different
72 * UserDir for each, you will need to define them to
73 * all reside in one parent directory; then name that
74 * parent directory here. IF THIS IS NOT DEFINED
75 * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
76 * See the suEXEC documentation for more detailed
79 #ifndef AP_USERDIR_SUFFIX
80 #define AP_USERDIR_SUFFIX "public_html"
84 * LOG_EXEC -- Define this as a filename if you want all suEXEC
85 * transactions and errors logged for auditing and
89 #define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */
93 * DOC_ROOT -- Define as the DocumentRoot set for Apache. This
94 * will be the only hierarchy (aside from UserDirs)
95 * that can be used for suEXEC behavior.
98 #define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR
102 * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
106 #define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
109 #endif /* _SUEXEC_H */