+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta name="generator" content="HTML Tidy, see www.w3.org" />
-
- <title>Apache suEXEC Support</title>
- </head>
- <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
-
- <body bgcolor="#FFFFFF" text="#000000" link="#0000FF"
- vlink="#000080" alink="#FF0000">
- <!--#include virtual="header.html" -->
-
- <h1 align="CENTER">Apache suEXEC Support</h1>
-
- <ol>
- <li><big><strong>CONTENTS</strong></big></li>
-
- <li><a href="#what">What is suEXEC?</a></li>
-
- <li><a href="#before">Before we begin.</a></li>
-
- <li><a href="#model">suEXEC Security Model.</a></li>
-
- <li><a href="#install">Configuring & Installing
- suEXEC</a></li>
-
- <li><a href="#enable">Enabling & Disabling
- suEXEC</a></li>
-
- <li><a href="#usage">Using suEXEC</a></li>
-
- <li><a href="#debug">Debugging suEXEC</a></li>
-
- <li><a href="#jabberwock">Beware the Jabberwock: Warnings
- & Examples</a></li>
- </ol>
- <br />
- <br />
-
-
- <h3><a id="what" name="what">What is suEXEC?</a></h3>
-
- <p align="LEFT">The <strong>suEXEC</strong> feature --
- introduced in Apache 1.2 -- provides Apache users the ability
- to run <strong>CGI</strong> and <strong>SSI</strong> programs
- under user IDs different from the user ID of the calling
- web-server. Normally, when a CGI or SSI program executes, it
- runs as the same user who is running the web server.</p>
-
- <p align="LEFT">Used properly, this feature can reduce
- considerably the security risks involved with allowing users to
- develop and run private CGI or SSI programs. However, if suEXEC
- is improperly configured, it can cause any number of problems
- and possibly create new holes in your computer's security. If
- you aren't familiar with managing setuid root programs and the
- security issues they present, we highly recommend that you not
- consider using suEXEC.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="before" name="before">Before we begin.</a></h3>
-
- <p align="LEFT">Before jumping head-first into this document,
- you should be aware of the assumptions made on the part of the
- Apache Group and this document.</p>
-
- <p align="LEFT">First, it is assumed that you are using a UNIX
- derivate operating system that is capable of
- <strong>setuid</strong> and <strong>setgid</strong> operations.
- All command examples are given in this regard. Other platforms,
- if they are capable of supporting suEXEC, may differ in their
- configuration.</p>
-
- <p align="LEFT">Second, it is assumed you are familiar with
- some basic concepts of your computer's security and its
- administration. This involves an understanding of
- <strong>setuid/setgid</strong> operations and the various
- effects they may have on your system and its level of
- security.</p>
-
- <p align="LEFT">Third, it is assumed that you are using an
- <strong>unmodified</strong> version of suEXEC code. All code
- for suEXEC has been carefully scrutinized and tested by the
- developers as well as numerous beta testers. Every precaution
- has been taken to ensure a simple yet solidly safe base of
- code. Altering this code can cause unexpected problems and new
- security risks. It is <strong>highly</strong> recommended you
- not alter the suEXEC code unless you are well versed in the
- particulars of security programming and are willing to share
- your work with the Apache Group for consideration.</p>
-
- <p align="LEFT">Fourth, and last, it has been the decision of
- the Apache Group to <strong>NOT</strong> make suEXEC part of
- the default installation of Apache. To this end, suEXEC
- configuration requires of the administrator careful attention
- to details. After due consideration has been given to the
- various settings for suEXEC, the administrator may install
- suEXEC through normal installation methods. The values for
- these settings need to be carefully determined and specified by
- the administrator to properly maintain system security during
- the use of suEXEC functionality. It is through this detailed
- process that the Apache Group hopes to limit suEXEC
- installation only to those who are careful and determined
- enough to use it.</p>
-
- <p align="LEFT">Still with us? Yes? Good. Let's move on!</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="model" name="model">suEXEC Security Model</a></h3>
-
- <p align="LEFT">Before we begin configuring and installing
- suEXEC, we will first discuss the security model you are about
- to implement. By doing so, you may better understand what
- exactly is going on inside suEXEC and what precautions are
- taken to ensure your system's security.</p>
-
- <p align="LEFT"><strong>suEXEC</strong> is based on a setuid
- "wrapper" program that is called by the main Apache web server.
- This wrapper is called when an HTTP request is made for a CGI
- or SSI program that the administrator has designated to run as
- a userid other than that of the main server. When such a
- request is made, Apache provides the suEXEC wrapper with the
- program's name and the user and group IDs under which the
- program is to execute.</p>
-
- <p align="LEFT">The wrapper then employs the following process
- to determine success or failure -- if any one of these
- conditions fail, the program logs the failure and exits with an
- error, otherwise it will continue:</p>
-
- <ol>
- <li>
- <strong>Was the wrapper called with the proper number of
- arguments?</strong>
-
- <blockquote>
- The wrapper will only execute if it is given the proper
- number of arguments. The proper argument format is known
- to the Apache web server. If the wrapper is not receiving
- the proper number of arguments, it is either being
- hacked, or there is something wrong with the suEXEC
- portion of your Apache binary.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the user executing this wrapper a valid user of
- this system?</strong>
-
- <blockquote>
- This is to ensure that the user executing the wrapper is
- truly a user of the system.
- </blockquote>
- </li>
-
- <li>
- <strong>Is this valid user allowed to run the
- wrapper?</strong>
-
- <blockquote>
- Is this user the user allowed to run this wrapper? Only
- one user (the Apache user) is allowed to execute this
- program.
- </blockquote>
- </li>
-
- <li>
- <strong>Does the target program have an unsafe hierarchical
- reference?</strong>
-
- <blockquote>
- Does the target program contain a leading '/' or have a
- '..' backreference? These are not allowed; the target
- program must reside within the Apache webspace.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target user name valid?</strong>
-
- <blockquote>
- Does the target user exist?
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target group name valid?</strong>
-
- <blockquote>
- Does the target group exist?
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target user <em>NOT</em> superuser?</strong>
-
-
- <blockquote>
- Presently, suEXEC does not allow 'root' to execute
- CGI/SSI programs.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target userid <em>ABOVE</em> the minimum ID
- number?</strong>
-
- <blockquote>
- The minimum user ID number is specified during
- configuration. This allows you to set the lowest possible
- userid that will be allowed to execute CGI/SSI programs.
- This is useful to block out "system" accounts.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target group <em>NOT</em> the superuser
- group?</strong>
-
- <blockquote>
- Presently, suEXEC does not allow the 'root' group to
- execute CGI/SSI programs.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target groupid <em>ABOVE</em> the minimum ID
- number?</strong>
-
- <blockquote>
- The minimum group ID number is specified during
- configuration. This allows you to set the lowest possible
- groupid that will be allowed to execute CGI/SSI programs.
- This is useful to block out "system" groups.
- </blockquote>
- </li>
-
- <li>
- <strong>Can the wrapper successfully become the target user
- and group?</strong>
-
- <blockquote>
- Here is where the program becomes the target user and
- group via setuid and setgid calls. The group access list
- is also initialized with all of the groups of which the
- user is a member.
- </blockquote>
- </li>
-
- <li>
- <strong>Does the directory in which the program resides
- exist?</strong>
-
- <blockquote>
- If it doesn't exist, it can't very well contain files.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the directory within the Apache
- webspace?</strong>
-
- <blockquote>
- If the request is for a regular portion of the server, is
- the requested directory within the server's document
- root? If the request is for a UserDir, is the requested
- directory within the user's document root?
- </blockquote>
- </li>
-
- <li>
- <strong>Is the directory <em>NOT</em> writable by anyone
- else?</strong>
-
- <blockquote>
- We don't want to open up the directory to others; only
- the owner user may be able to alter this directories
- contents.
- </blockquote>
- </li>
-
- <li>
- <strong>Does the target program exist?</strong>
-
- <blockquote>
- If it doesn't exists, it can't very well be executed.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target program <em>NOT</em> writable by
- anyone else?</strong>
-
- <blockquote>
- We don't want to give anyone other than the owner the
- ability to change the program.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target program <em>NOT</em> setuid or
- setgid?</strong>
-
- <blockquote>
- We do not want to execute programs that will then change
- our UID/GID again.
- </blockquote>
- </li>
-
- <li>
- <strong>Is the target user/group the same as the program's
- user/group?</strong>
-
- <blockquote>
- Is the user the owner of the file?
- </blockquote>
- </li>
-
- <li>
- <strong>Can we successfully clean the process environment
- to ensure safe operations?</strong>
-
- <blockquote>
- suEXEC cleans the process' environment by establishing a
- safe execution PATH (defined during configuration), as
- well as only passing through those variables whose names
- are listed in the safe environment list (also created
- during configuration).
- </blockquote>
- </li>
-
- <li>
- <strong>Can we successfully become the target program and
- execute?</strong>
-
- <blockquote>
- Here is where suEXEC ends and the target program begins.
- </blockquote>
- </li>
- </ol>
- <br />
- <br />
-
-
- <p align="LEFT">This is the standard operation of the the
- suEXEC wrapper's security model. It is somewhat stringent and
- can impose new limitations and guidelines for CGI/SSI design,
- but it was developed carefully step-by-step with security in
- mind.</p>
-
- <p align="LEFT">For more information as to how this security
- model can limit your possibilities in regards to server
- configuration, as well as what security risks can be avoided
- with a proper suEXEC setup, see the <a
- href="#jabberwock">"Beware the Jabberwock"</a> section of this
- document.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="install" name="install">Configuring & Installing
- suEXEC</a></h3>
-
- <p align="LEFT">Here's where we begin the fun. If you use
- Apache 1.2 or prefer to configure Apache 1.3 with the
- "<code>src/Configure</code>" script you have to edit the suEXEC
- header file and install the binary in its proper location
- manually. The following sections describe the configuration and
- installation for Apache 1.3 with the AutoConf-style interface
- (APACI).</p>
-
- <p align="LEFT"><strong>APACI's suEXEC configuration
- options</strong><br />
- </p>
-
- <dl>
- <dt><code>--enable-suexec</code></dt>
-
- <dd>This option enables the suEXEC feature which is never
- installed or activated by default. At least one
- --with-suexec-xxxxx option has to be provided together with the
- --enable-suexec option to let APACI accept your request for
- using the suEXEC feature.</dd>
-
- <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
-
- <dd>The <a href="mod/mpm_common.html#user">username</a> under which
- Apache normally runs. This is the only user allowed to
- execute this program.</dd>
-
- <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
-
- <dd>Define as the DocumentRoot set for Apache. This will be
- the only hierarchy (aside from UserDirs) that can be used for
- suEXEC behavior. The default directory is the --datadir value
- with the suffix "/htdocs", <em>e.g.</em> if you configure
- with "<code>--datadir=/home/apache</code>" the directory
- "/home/apache/htdocs" is used as document root for the suEXEC
- wrapper.</dd>
-
- <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
-
- <dd>This defines the filename to which all suEXEC
- transactions and errors are logged (useful for auditing and
- debugging purposes). By default the logfile is named
- "suexec_log" and located in your standard logfile directory
- (--logfiledir).</dd>
-
- <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
-
- <dd>Define to be the subdirectory under users' home
- directories where suEXEC access should be allowed. All
- executables under this directory will be executable by suEXEC
- as the user so they should be "safe" programs. If you are
- using a "simple" UserDir directive (ie. one without a "*" in
- it) this should be set to the same value. suEXEC will not
- work properly in cases where the UserDir directive points to
- a location that is not the same as the user's home directory
- as referenced in the passwd file. Default value is
- "public_html".<br />
- If you have virtual hosts with a different UserDir for each,
- you will need to define them to all reside in one parent
- directory; then name that parent directory here. <strong>If
- this is not defined properly, "~userdir" cgi requests will
- not work!</strong></dd>
-
- <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
-
- <dd>Define this as the lowest UID allowed to be a target user
- for suEXEC. For most systems, 500 or 100 is common. Default
- value is 100.</dd>
-
- <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
-
- <dd>Define this as the lowest GID allowed to be a target
- group for suEXEC. For most systems, 100 is common and
- therefore used as default value.</dd>
-
- <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
-
- <dd>Define a safe PATH environment to pass to CGI
- executables. Default value is
- "/usr/local/bin:/usr/bin:/bin".</dd>
- </dl>
- <br />
- <br />
-
-
- <p align="LEFT"><strong>Checking your suEXEC
- setup</strong><br />
- Before you compile and install the suEXEC wrapper you can
- check the configuration with the --layout option.<br />
- Example output:</p>
-<pre>
- suEXEC setup:
- suexec binary: /usr/local/apache/sbin/suexec
- document root: /usr/local/apache/share/htdocs
- userdir suffix: public_html
- logfile: /usr/local/apache/var/log/suexec_log
- safe path: /usr/local/bin:/usr/bin:/bin
- caller ID: www
- minimum user ID: 100
- minimum group ID: 100
-</pre>
- <br />
- <br />
-
-
- <p align="LEFT"><strong>Compiling and installing the suEXEC
- wrapper</strong><br />
- If you have enabled the suEXEC feature with the
- --enable-suexec option the suexec binary (together with Apache
- itself) is automatically built if you execute the command
- "make".<br />
- After all components have been built you can execute the
- command "make install" to install them. The binary image
- "suexec" is installed in the directory defined by the --sbindir
- option. Default location is
- "/usr/local/apache/sbin/suexec".<br />
- Please note that you need <strong><em>root
- privileges</em></strong> for the installation step. In order
- for the wrapper to set the user ID, it must be installed as
- owner <code><em>root</em></code> and must have the setuserid
- execution bit set for file modes.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="enable" name="enable">Enabling & Disabling
- suEXEC</a></h3>
-
- <p align="LEFT">Upon startup of Apache, it looks for the file
- "suexec" in the "sbin" directory (default is
- "/usr/local/apache/sbin/suexec"). If Apache finds a properly
- configured suEXEC wrapper, it will print the following message
- to the error log:</p>
-<pre>
- [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
-</pre>
- If you don't see this message at server startup, the server is
- most likely not finding the wrapper program where it expects
- it, or the executable is not installed <em>setuid root</em>.
- <br />
- If you want to enable the suEXEC mechanism for the first time
- and an Apache server is already running you must kill and
- restart Apache. Restarting it with a simple HUP or USR1 signal
- will not be enough. <br />
- If you want to disable suEXEC you should kill and restart
- Apache after you have removed the "suexec" file. <br />
- <br />
-
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="usage" name="usage">Using suEXEC</a></h3>
-
- <p align="LEFT"><strong>Virtual Hosts:</strong><br />
- One way to use the suEXEC wrapper is through the <a
- href="mod/mpm_common.html#user">User</a> and <a
- href="mod/mpm_common.html#group">Group</a> directives in <a
- href="mod/core.html#virtualhost">VirtualHost</a> definitions.
- By setting these directives to values different from the main
- server user ID, all requests for CGI resources will be executed
- as the <em>User</em> and <em>Group</em> defined for that
- <code><VirtualHost></code>. If only one or neither of
- these directives are specified for a
- <code><VirtualHost></code> then the main server userid is
- assumed.</p>
-
- <p><strong>User directories:</strong><br />
- The suEXEC wrapper can also be used to execute CGI programs as
- the user to which the request is being directed. This is
- accomplished by using the "<strong><code>~</code></strong>"
- character prefixing the user ID for whom execution is desired.
- The only requirement needed for this feature to work is for CGI
- execution to be enabled for the user and that the script must
- meet the scrutiny of the <a href="#model">security checks</a>
- above.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="debug" name="debug">Debugging suEXEC</a></h3>
-
- <p align="LEFT">The suEXEC wrapper will write log information
- to the file defined with the --with-suexec-logfile option as
- indicated above. If you feel you have configured and installed
- the wrapper properly, have a look at this log and the error_log
- for the server to see where you may have gone astray.</p>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
-
- <h3><a id="jabberwock" name="jabberwock">Beware the Jabberwock:
- Warnings & Examples</a></h3>
-
- <p align="LEFT"><strong>NOTE!</strong> This section may not be
- complete. For the latest revision of this section of the
- documentation, see the Apache Group's <a
- href="http://www.apache.org/docs/suexec.html">Online
- Documentation</a> version.</p>
-
- <p align="LEFT">There are a few points of interest regarding
- the wrapper that can cause limitations on server setup. Please
- review these before submitting any "bugs" regarding suEXEC.</p>
-
- <ul>
- <li><strong>suEXEC Points Of Interest</strong></li>
-
- <li>
- Hierarchy limitations
-
- <blockquote>
- For security and efficiency reasons, all suexec requests
- must remain within either a top-level document root for
- virtual host requests, or one top-level personal document
- root for userdir requests. For example, if you have four
- VirtualHosts configured, you would need to structure all
- of your VHosts' document roots off of one main Apache
- document hierarchy to take advantage of suEXEC for
- VirtualHosts. (Example forthcoming.)
- </blockquote>
- </li>
-
- <li>
- suEXEC's PATH environment variable
-
- <blockquote>
- This can be a dangerous thing to change. Make certain
- every path you include in this define is a
- <strong>trusted</strong> directory. You don't want to
- open people up to having someone from across the world
- running a trojan horse on them.
- </blockquote>
- </li>
-
- <li>
- Altering the suEXEC code
-
- <blockquote>
- Again, this can cause <strong>Big Trouble</strong> if you
- try this without knowing what you are doing. Stay away
- from it if at all possible.
- </blockquote>
- </li>
- </ul>
-
- <p align="CENTER"><strong><a href="suexec.html">BACK TO
- CONTENTS</a></strong></p>
- <!--#include virtual="footer.html" -->
- </body>
-</html>
-
--- /dev/null
+<?xml version="1.0" encoding="iso-2022-jp"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja">
+ <head>
+
+ <title>Apache suEXEC Support</title>
+
+ </head>
+ <!-- English revision: 1.27 -->
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <body bgcolor="#ffffff" text="#000000" link="#0000ff"
+ vlink="#000080" alink="#ff0000">
+ <!--#include virtual="header.html" -->
+
+ <h1 align="center">Apache suEXEC Support</h1>
+
+ <ol>
+
+ <li><big><strong>\e$BL\<!\e(B</strong></big></li>
+
+ <li><a href="#what">suEXEC \e$B$H$O\e(B?</a></li>
+
+ <li><a href="#before">\e$B;O$a$kA0$K\e(B</a></li>
+
+ <li><a href="#model">suEXEC \e$B$N%;%-%e%j%F%#%b%G%k\e(B</a></li>
+
+ <li><a href="#install">suEXEC \e$B$N@_Dj$H%$%s%9%H!<%k\e(B</a></li>
+
+ <li><a href="#enable">suEXEC \e$B$NM-8z2=$HL58z2=\e(B</a></li>
+
+ <li><a href="#usage">suEXEC \e$B$N;HMQ\e(B</a></li>
+
+ <li><a href="#debug">suEXEC \e$B$N%G%P%C%0\e(B</a></li>
+
+ <li><a href="#jabberwock">\e$B$H$+$2$KCm0U\e(B: \e$B7Y9p$H;vNc\e(B</a></li>
+
+ </ol>
+ <br />
+ <br />
+
+ <h3><a id="what" name="what">suEXEC \e$B$H$O\e(B?</a></h3>
+
+ <p align="left">Apache 1.2 \e$B$GF3F~$5$l$?\e(B <strong>suEXEC</strong>
+ \e$B5!G=$K$h$j!"\e(BApache \e$B%f!<%6$O\e(B Web \e$B%5!<%P$r<B9T$7$F$$$k%f!<%6\e(B ID \e$B$H$O\e(B
+ \e$B0[$J$k%f!<%6\e(B ID \e$B$G\e(B <strong>CGI</strong> \e$B%W%m%0%i%`$d\e(B <strong>SSI</strong>
+ \e$B%W%m%0%i%`$r<B9T$9$k$3$H$,$G$-$^$9!#\e(BCGI \e$B%W%m%0%i%`$^$?$O\e(B SSI
+ \e$B%W%m%0%i%`$r<B9T$9$k>l9g!"DL>o$O\e(B web \e$B%5!<%P$HF1$8%f!<%6$G<B9T$5$l$^$9!#\e(B
+ </p>
+
+ <p align="left">\e$BE,@Z$K;HMQ$9$k$H!"$3$N5!G=$K$h$j%f!<%6$,8DJL$N\e(B CGI
+ \e$B$d\e(B SSI \e$B%W%m%0%i%`$r3+H/$7<B9T$9$k$3$H$G@8$8$k%;%-%e%j%F%#>e$N4m81$r!"\e(B
+ \e$B$+$J$j8:$i$9$3$H$,$G$-$^$9!#$7$+$7!"\e(BsuEXEC \e$B$N@_Dj$,ITE,@Z$@$H!"\e(B
+ \e$BB?$/$NLdBj$,@8$8!"$"$J$?$N%3%s%T%e!<%?$K?7$7$$%;%-%e%j%F%#%[!<%k$r\e(B
+ \e$B:n$C$F$7$^$&2DG=@-$,$"$j$^$9!#$"$J$?$,\e(B root \e$B$K\e(B setuid
+ \e$B$5$l$?%W%m%0%i%`$H!"$=$l$i$+$i@8$8$k%;%-%e%j%F%#>e$NLdBj$N4IM}$K\e(B
+ \e$B>\$7$/$J$$$h$&$J$i!"\e(BsuEXEC \e$B$N;HMQ$r8!F$$7$J$$$h$&$K6/$/?d>)$7$^$9!#\e(B
+ </p>
+
+ <p align="center"><strong><a href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong>
+ </p>
+
+ <h3><a id="before" name="before">\e$B;O$a$kA0$K\e(B</a></h3>
+
+ <p align="left">\e$B$3$NJ8=q$N@hF,$KHt$VA0$K!"\e(BApache
+ \e$B%0%k!<%W$H$3$NJ8=q$G$N2>Dj$rCN$C$F$*$/$Y$-$G$7$g$&!#\e(B
+ </p>
+
+ <p align="left">\e$BBh\e(B 1 \e$B$K!"$"$J$?$,\e(B <strong>setuid</strong> \e$B$H\e(B
+ <strong>setgid</strong> \e$BA`:n$,2DG=$J\e(B UNIX
+ \e$BM3Mh$N%*%Z%l!<%F%#%s%0%7%9%F%`$r;H$C$F$$$k$3$H$rA[Dj$7$F$$$^$9!#\e(B
+ \e$B$3$l$O!"$9$Y$F$N%3%^%s%INc$K$"$F$O$^$j$^$9!#\e(B
+ \e$B$=$NB>$N%W%i%C%H%[!<%`$G$O!"$b$7\e(B suEXEC
+ \e$B$,%5%]!<%H$5$l$F$$$?$H$7$F$b@_Dj$O0[$J$k$+$b$7$l$^$;$s!#\e(B</p>
+
+ <p align="left">\e$BBh\e(B 2 \e$B$K!"$"$J$?$,;HMQCf$N%3%s%T%e!<%?$N\e(B
+ \e$B%;%-%e%j%F%#$K4X$9$k4pK\E*$J35G0$H!"$=$l$i$N4IM}$K$D$$$F>\$7$$$3$H$r\e(B
+ \e$BA[Dj$7$F$$$^$9!#$3$l$O!"\e(B<strong>setuid/setgid</strong>
+ \e$BA`:n!"$"$J$?$N%7%9%F%`>e$G$N$=$NA`:n$K$h$kMM!9$J8z2L!"\e(B
+ \e$B%;%-%e%j%F%#%l%Y%k$K$D$$$F$"$J$?$,M}2r$7$F$$$k$H$$$&$3$H$r4^$_$^$9!#\e(B
+ </p>
+
+ <p align="left">\e$BBh\e(B 3 \e$B$K!"\e(B<strong>\e$B2~B$$5$l$F$$$J$$\e(B</strong> suEXEC
+ \e$B%3!<%I$N;HMQ$rA[Dj$7$F$$$^$9!#\e(BsuEXEC \e$B$N%3!<%I$O!"\e(B
+ \e$BB?$/$N%Y!<%?%F%9%?$@$1$G$J$/!"3+H/<T$K$h$C$F$bCm0U?<$/@:::$5$l\e(B
+ \e$B%F%9%H$5$l$F$$$^$9!#$=$l$i$NCm0U$K$h$j!"4J7i$G?.Mj$G$-$k0BA4$J\e(B
+ \e$B%3!<%I$N4pHW$,J]>Z$5$l$^$9!#$3$N%3!<%I$r2~JQ$9$k$3$H$G!"\e(B
+ \e$BM=4|$5$l$J$$LdBj$d?7$7$$%;%-%e%j%F%#>e$N4m81$,@8$8$k$3$H$,$"$j$^$9!#\e(B
+ \e$B%;%-%e%j%F%#%W%m%0%i%_%s%0$N>\:Y$KDL$8$F$$$F!"\e(B
+ \e$B:#8e$N8!F$$N$?$a$K@.2L$r\e(B Apache
+ \e$B%0%k!<%W$H6&M-$7$h$&$H;W$&$N$G$J$1$l$P!"\e(BsuEXEC
+ \e$B%3!<%I$OJQ$($J$$$3$H$r\e(B <strong>\e$B6/$/\e(B</strong>\e$B?d>)$7$^$9!#\e(B</p>
+
+ <p align="left">\e$BBh\e(B 4 \e$B$K!"$3$l$,:G8e$G$9$,!"\e(BsuEXEC \e$B$r\e(B Apache
+ \e$B$N%G%U%)%k%H%$%s%9%H!<%k$K$O\e(B<strong>\e$B4^$a$J$$\e(B</strong>\e$B$3$H$,\e(B
+ Apache \e$B%0%k!<%W$G7hDj$5$l$F$$$^$9!#$3$l$O!"\e(BsuEXEC
+ \e$B$N@_Dj$K$O4IM}<T$N>\:Y$K$o$?$k?5=E$JCm0U$,I,MW$@$+$i$G$9!#\e(B
+ suEXEC \e$B$NMM!9$J@_Dj$K$D$$$F8!F$$,=*$o$l$P!"4IM}<T$O\e(B suEXEC
+ \e$B$rDL>o$N%$%s%9%H!<%kJ}K!$G%$%s%9%H!<%k$9$k$3$H$,$G$-$^$9!#\e(B
+ \e$B$3$l$i$N@_DjCM$O!"\e(BsuEXEC
+ \e$B5!G=$N;HMQCf$K%7%9%F%`%;%-%e%j%F%#$rE,@Z$KJ]$D$?$a$K!"\e(B
+ \e$B4IM}<T$K$h$C$F?5=E$K7hDj$5$l;XDj$5$l$k$3$H$,I,MW$G$9!#\e(B
+ \e$B$3$N>\:Y$J<j=g$K$h$j!"\e(BApache \e$B%0%k!<%W$O!"\e(BsuEXEC
+ \e$B$N%$%s%9%H!<%k$K$D$$$F!"Cm0U?<$/==J,$K8!F$$7$F$=$l$r;HMQ$9$k$3$H$r\e(B
+ \e$B7hDj$7$?>l9g$K8B$C$F$$$?$@$-$?$$$H9M$($F$$$^$9!#\e(B
+ </p>
+
+ <p align="left">\e$B$=$l$G$b?J$_$^$9$+\e(B? \e$B$h$m$7$$!#$G$O!"@h$X?J$_$^$7$g$&\e(B!</p>
+
+ <p align="center"><strong><a
+ href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong></p>
+
+ <h3><a id="model" name="model">suEXEC \e$B%;%-%e%j%F%#%b%G%k\e(B</a></h3>
+
+ <p align="left">suEXEC \e$B$N@_Dj$H%$%s%9%H!<%k$r;O$a$kA0$K!"\e(B
+ \e$B$^$:<BAu$7$h$&$H$7$F$$$k%;%-%e%j%F%#%b%G%k$K$D$$$FO@$8$F$*$-$^$9!#\e(B
+ \e$B$=$l$K$O!"\e(BsuEXEC \e$B$NFbIt$G9T$J$o$l$F$$$k$3$H!"\e(B
+ \e$B%7%9%F%`$N%;%-%e%j%F%#$rJ]>Z$9$k$?$a$K7Y9p$5$l$k$3$H$r\e(B
+ \e$B$h$/M}2r$7$F$*$$$?J}$,$h$$$G$7$g$&!#\e(B</p>
+
+ <p align="left"><strong>suEXEC</strong> \e$B$O!"\e(BApache web
+ \e$B%5!<%P$+$i8F$S=P$5$l$k\e(B setuid \e$B$5$l$?\e(B "wrapper"
+ \e$B%W%m%0%i%`$,4pK\$H$J$C$F$$$^$9!#@_7W$7$?\e(B CGI\e$B!"$^$?$O\e(B SSI
+ \e$B%W%m%0%i%`$X$N\e(B HTTP \e$B%j%/%(%9%H$,$"$k$H!"$3$N\e(B wrapper
+ \e$B$,8F$S=P$5$l$^$9!#$3$N$h$&$J%j%/%(%9%H$,$"$k$H!"\e(BApache
+ \e$B$O$=$N%W%m%0%i%`$,<B9T$5$l$k:]$N%W%m%0%i%`L>$H%f!<%6\e(B ID \e$B$H%0%k!<%W\e(B
+ ID \e$B$r;XDj$7$F\e(B suEXEC wrapper \e$B$r<B9T$7$^$9!#\e(B
+ </p>
+
+ <p align="left">\e$B$=$l$+$i!"\e(Bwrapper \e$B$O@.8y$^$?$O<:GT$r7hDj$9$k$?$a\e(B
+ \e$B0J2<$N=hM}$r9T$J$$$^$9!#$3$l$i$N>uBV$N$&$A0l$D$G$b<:GT$7$?>l9g!"\e(B
+ \e$B%W%m%0%i%`$O<:GT$r%m%0$K5-O?$7$F%(%i!<$G=*N;$7$^$9!#\e(B
+ \e$B$=$&$G$J$1$l$P!"8e$N=hM}$,B3$1$i$l$^$9!#\e(B</p>
+
+ <ol>
+ <li>
+ <strong>wrapper \e$B$,E,@Z$J?t$N0z?t$G8F$S=P$5$l$?$+\e(B?</strong>
+
+
+ <blockquote>
+ wrapper \e$B$OE,@Z$J?t$N0z?t$,M?$($i$l$?>l9g$K$N$_<B9T$5$l$^$9!#\e(B
+
\e$BE,@Z$J0z?t$N%U%)!<%^%C%H$O
\e(B Apache Web
\e$B%5!<%P$K2r<a$5$l$^$9!#
\e(B
+ \e$BE,@Z$J?t$N0z?t$r<u$1<h$i$J$1$l$P!"967b$r$5$l$?$+\e(B
+ \e$B$"$J$?$N\e(B Apache \e$B%P%$%J%j$N\e(B suEXEC \e$B$NItJ,$,\e(B
+ \e$B$I$3$+$*$+$7$$2DG=@-$,$"$j$^$9!#\e(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>wrapper
+ \e$B$r<B9T$7$F$$$k%f!<%6$O$3$N%7%9%F%`$N@5Ev$J%f!<%6$+\e(B?</strong>
+
+ <blockquote>
+ \e$B$3$l$O!"\e(Bwrapper \e$B$r<B9T$7$F$$$k%f!<%6$,\e(B
+ \e$BK\Ev$K%7%9%F%`$NMxMQ<T$G$"$k$3$H$rJ]>Z$9$k$?$a$G$9!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$B$3$N@5Ev$J%f!<%6$O\e(B wrapper
+ \e$B$N<B9T$r5v2D$5$l$F$$$k$+\e(B?</strong>
+
+ <blockquote>
+ \e$B$3$N%f!<%6$O\e(B wrapper \e$B<B9T$r5v2D$5$l$?%f!<%6$G$9$+\e(B?
+ \e$B$?$@0l?M$N%f!<%6\e(B (Apache \e$B%f!<%6\e(B) \e$B$@$1$,!"\e(B
+ \e$B$3$N%W%m%0%i%`$N<B9T$r5v2D$5$l$^$9!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$N%W%m%0%i%`$,0BA4$G$J$$3,AX$N;2>H$r$7$F$$$k$+\e(B?
+ </strong>
+
+ <blockquote>
+ \e$BBP>]$N%W%m%0%i%`$,\e(B '/' \e$B$+$i;O$^$k!"$^$?$O\e(B
+ '..' \e$B$K$h$k;2>H$r9T$J$C$F$$$^$9$+\e(B? \e$B$3$l$i$O5v2D$5$l$^$;$s!#\e(B
+ \e$BBP>]$N%W%m%0%i%`$O\e(B Apache \e$B$N\e(B web \e$B6u4VFb$K$J$1$l$P$J$j$^$;$s!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%f!<%6L>$O@5Ev$J$b$N$+\e(B?</strong>
+
+ <blockquote>
+ \e$BBP>]$H$J$k%f!<%6L>$OB8:_$7$F$$$^$9$+\e(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%0%k!<%WL>$O@5Ev$J$b$N$+\e(B?</strong>
+
+ <blockquote>
+ \e$BBP>]$H$J$k%0%k!<%WL>$OB8:_$7$F$$$^$9$+\e(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BL\E*$N%f!<%6$O%9!<%Q!<%f!<%6$G$O\e(B<em>\e$B$J$$\e(B</em>\e$B$+\e(B?
+ </strong>
+
+ <blockquote>
+ \e$B:#$N$H$3$m!"\e(BsuEXEC \e$B$O\e(B 'root' \e$B$K$h$k\e(B CGI/SSI
+ \e$B%W%m%0%i%`$N<B9T$r5v2D$7$F$$$^$;$s!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%f!<%6\e(B ID \e$B$O!":G>.$N\e(B ID
+ \e$BHV9f$h$j$b\e(B<em>\e$BBg$-$$\e(B</em>\e$B$+\e(B? </strong>
+
+ <blockquote>
+ \e$B:G>.%f!<%6\e(B ID \e$BHV9f$O@_Dj;~$K;XDj$5$l$^$9!#$3$l$O!"\e(B
+ CGI/SSI \e$B%W%m%0%i%`<B9T$r5v2D$5$l$k%f!<%6\e(B ID
+ \e$B$N$H$j$&$k:G>.CM$G$9!#$3$l$O\e(B
+ "system" \e$BMQ$N%"%+%&%s%H$rJD$a=P$9$N$KM-8z$G$9!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%0%k!<%W$O%9!<%Q!<%f!<%6$N%0%k!<%W$G$O\e(B
+ <em>\e$B$J$$\e(B</em>\e$B$+\e(B?</strong>
+
+ <blockquote>
+ \e$B:#$N$H$3$m!"\e(BsuEXEC \e$B$O\e(B 'root' \e$B%0%k!<%W$K$h$k\e(B CGI/SSI
+ \e$B%W%m%0%i%`$N<B9T$r5v2D$7$F$$$^$;$s!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%0%k!<%W\e(B ID \e$B$O:G>.$N\e(B ID
+ \e$BHV9f$h$j$b\e(B<em>\e$BBg$-$$\e(B</em>\e$B$+\e(B?</strong>
+
+ <blockquote>
+ \e$B:G>.%0%k!<%W\e(B ID \e$BHV9f$O@_Dj;~$K;XDj$5$l$^$9!#$3$l$O!"\e(B
+ CGI/SSI \e$B%W%m%0%i%`<B9T$r5v2D$5$l$k%0%k!<%W\e(B
+ ID \e$B$N$H$j$&$k:G>.CM$G$9!#\e(B
+ \e$B$3$l$O\e(B "system" \e$BMQ$N%0%k!<%W$rJD$a=P$9$N$KM-8z$G$9!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>wrapper \e$B$,@5>o$KBP>]$H$J$k%f!<%6$H%0%k!<%W$K$J$l$k$+\e(B?
+ </strong>
+
+ <blockquote>
+ \e$B$3$3$G!"\e(Bsetuid \e$B$H\e(B setgid
+ \e$B$N5/F0$K$h$j%W%m%0%i%`$OBP>]$H$J$k%f!<%6$H%0%k!<%W$K$J$j$^$9!#\e(B
+ \e$B%0%k!<%W%"%/%;%9%j%9%H$O!"\e(B
+ \e$B%f!<%6$,B0$7$F$$$k$9$Y$F$N%0%k!<%W$G=i4|2=$5$l$^$9!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$B%W%m%0%i%`$,CV$+$l$k%G%#%l%/%H%j$OB8:_$7$F$$$k$+\e(B?
+ </strong>
+
+ <blockquote>
+ \e$B%G%#%l%/%H%j$,B8:_$7$J$$$J$i!"$=$N%U%!%$%k$bB8:_$7$J$$$+$b$7$l$^$;$s!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$B%G%#%l%/%H%j$,\e(B Apache \e$B$N%I%-%e%a%s%H%D%j!<Fb$K$"$k$+\e(B?
+ </strong>
+
+ <blockquote>
+ \e$B%j%/%(%9%H$,%5!<%PFb$N$b$N$G$"$l$P!"\e(B
+ \e$BMW5a$5$l$?%G%#%l%/%H%j$,%5!<%P$N%I%-%e%a%s%H%k!<%HG[2<$K$"$j$^$9$+\e(B?
+ \e$B%j%/%(%9%H$,\e(B UserDir \e$B$N$b$N$G$"$l$P!"\e(B
+ \e$BMW5a$5$l$?%G%#%l%/%H%j$,%f!<%6$N%I%-%e%a%s%H%k!<%HG[2<$K$"$j$^$9$+\e(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$B%G%#%l%/%H%j$rB>$N%f!<%6$,=q$-9~$a$k$h$&$K$J$C$F\e(B
+ <em>\e$B$$$J$$\e(B</em>\e$B$+\e(B?</strong>
+
+ <blockquote>
+ \e$B%G%#%l%/%H%j$rB>%f!<%6$K3+J|$7$J$$$h$&$K$7$^$9!#\e(B
+ \e$B=jM-%f!<%6$@$1$,$3$N%G%#%l%/%H%j$NFbMF$r2~JQ$G$-$k$h$&$K$7$^$9!#\e(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%W%m%0%i%`$OB8:_$9$k$+\e(B?</strong>
+
+ <blockquote>
+ \e$BB8:_$7$J$1$l$P<B9T$G$-$^$;$s!#\e(B
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%W%m%0%i%`%U%!%$%k$,B>%"%+%&%s%H$+$i\e(B
+ \e$B=q$-9~$a$k$h$&$K$J$C$F\e(B<em>\e$B$$$J$$\e(B</em>\e$B$+\e(B?</strong>
+
+ <blockquote>
+ \e$B=jM-<T0J30$K$O%W%m%0%i%`$rJQ99$9$k8"8B$OM?$($i$l$^$;$s!#\e(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%W%m%0%i%`$,\e(B setuid \e$B$^$?$O\e(B setgid
+ \e$B$5$l$F\e(B<em>\e$B$$$J$$\e(B</em>\e$B$+\e(B?</strong>
+
+ <blockquote>
+ UID/GID \e$B$r:FEYJQ99$7$F$N%W%m%0%i%`<B9T$O$7$^$;$s\e(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%f!<%6\e(B/\e$B%0%k!<%W$,%W%m%0%i%`$N\e(B
+ \e$B%f!<%6\e(B/\e$B%0%k!<%W$HF1$8$+\e(B?</strong>
+
+ <blockquote>
+ \e$B%f!<%6$,$=$N%U%!%$%k$N=jM-<T$G$9$+\e(B?
+ </blockquote>
+ </li>
+
+ <li>
+ <strong>\e$B0BA4$JF0:n$rJ]>Z$9$k$?$a$N4D6-JQ?t%/%j%"$,2DG=$+\e(B?
+ </strong>
+
+ <blockquote>
+ suEXEC \e$B$O!"0BA4$J4D6-JQ?t$N%j%9%H\e(B
+ (\e$B$3$l$i$O@_Dj;~$K:n@.$5$l$^$9\e(B) \e$BFb$NJQ?t$H$7$FEO$5$l$k0BA4$J\e(B
+ PATH \e$BJQ?t\e(B (\e$B@_Dj;~$K;XDj$5$l$^$9\e(B) \e$B$r@_Dj$9$k$3$H$G!"\e(B
+ \e$B%W%m%;%9$N4D6-JQ?t$r%/%j%"$7$^$9!#\e(B
+ </blockquote>
+ </li>
+
+
+ <li>
+ <strong>\e$BBP>]$H$J$k%W%m%0%i%`$r\e(B exec \e$B$7$F<B9T$G$-$k$+\e(B?</strong>
+
+
+ <blockquote>
+ \e$B$3$3$G\e(B suEXEC \e$B$,=*N;$7!"BP>]$H$J$k%W%m%0%i%`$,3+;O$5$l$^$9!#\e(B
+ </blockquote>
+ </li>
+ </ol>
+ <br />
+ <br />
+
+ <p align="left">\e$B$3$3$^$G$,\e(B suEXEC \e$B$N\e(B wrapper
+ \e$B$K$*$1$k%;%-%e%j%F%#%b%G%k$NI8=`E*$JF0:n$G$9!#$b$&>/$787=E$K\e(B
+ CGI/SSI \e$B@_7W$K$D$$$F$N?7$7$$@)8B$d5,Dj$r<h$jF~$l$k$3$H$b$G$-$^$9$,!"\e(B
+ suEXEC \e$B$O%;%-%e%j%F%#$KCm0U$7$F?5=E$K>/$7$:$D3+H/$5$l$F$-$^$7$?!#\e(B
+ </p>
+
+ <p align="left">\e$B$3$N%;%-%e%j%F%#%b%G%k$rMQ$$$F\e(B
+ \e$B%5!<%P@_Dj;~$K$I$N$h$&$K5v$9$3$H$r@)8B$9$k$+!"$^$?!"\e(BsuEXEC
+ \e$B$rE,@Z$K@_Dj$9$k$H$I$N$h$&$J%;%-%e%j%F%#>e$N4m81$rHr$1$i$l$k$+$K\e(B
+
\e$B4X$9$k$h$j>\$7$$>pJs$K$D$$$F$O!"
\e(B<a href="#jabberwock">"
\e$B$H$+$2$KCm0U
\e(B"
+ (Beware the Jabberwock)</a> \e$B$N>O$r;2>H$7$F$/$@$5$$!#\e(B
+ </p>
+
+ <p align="center"><strong><a href="suexec.html"
+ >\e$BL\<!$KLa$k\e(B</a></strong></p>
+
+ <h3><a name="install" id="install">suEXEC
+ \e$B$N@_Dj$H%$%s%9%H!<%k\e(B</a></h3>
+
+ <p align="left">\e$B$3$3$+$i3Z$7$/$J$j$^$9!#\e(BApache 1.2 \e$B$"$k$$$O\e(B
+ <code>"src/Configure"</code> \e$B%9%/%j%W%H$G\e(B Apache 1.3 \e$B$r@_Dj$9$k$J$i!"\e(B
+ suEXEC \e$B%X%C%@%U%!%$%k$rJT=8$7$F%P%$%J%j$rE,@Z$J>l=j$K<j:n6H$G\e(B
+ \e$B%$%s%9%H!<%k$7$J$1$l$P$J$j$^$;$s!#\e(B
+ \e$B0J2<$N>O$G$O!"\e(BAutoConf-style \e$B%$%s%?%U%'!<%9\e(B (APACI) \e$B$r;H$C$?\e(B
+ Apache 1.3 \e$B$G$N@_Dj$H%$%s%9%H!<%k$K$D$$$F=R$Y$F$$$^$9!#\e(B
+ </p>
+
+ <p align="left"><strong>APACI \e$B$N\e(B suEXEC
+ \e$B@_Dj%*%W%7%g%s\e(B</strong><br />
+ </p>
+
+ <dl>
+ <dt><code>--enable-suexec</code></dt>
+
+ <dd>\e$B$3$N%*%W%7%g%s$O!"%G%U%)%k%H$G$O%$%s%9%H!<%k$5$l$:!"\e(B
+ \e$BM-8z$K$O$J$i$J$$\e(B suEXEC \e$B5!G=$rM-8z$K$7$^$9!#\e(B
+ suEXEC \e$B$r;H$&$h$&$K\e(B APACI \e$B$KMW5a$9$k$K$O!"\e(B--enable-suexec
+ \e$B%*%W%7%g%s$K$"$o$;$F>/$J$/$H$b0l$D$O\e(B --with-suexec-xxxxx
+ \e$B%*%W%7%g%s$,;XDj$5$l$J$1$l$P$J$j$^$;$s!#\e(B</dd>
+
+ <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
+
+ <dd>Apache
\e$B$rDL>oF0:n$5$;$k
\e(B<a
+ href="mod/mpm_common.html#user">\e$B%f!<%6L>\e(B</a>\e$B$r;XDj$7$^$9!#\e(B
+ \e$B$3$N%f!<%6$@$1$,\e(B suexec \e$B$N<B9T$r5v2D$5$l$?%f!<%6$K$J$j$^$9!#\e(B</dd>
+
+ <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
+
+ <dd>Apache \e$B$N%I%-%e%a%s%H%k!<%H$r@_Dj$7$^$9!#$3$l$,\e(B suEXEC
+ \e$B$NF0:n$G;HMQ$9$kM#0l$N%G%#%l%/%H%j3,AX$K$J$j$^$9\e(B (UserDir
+ \e$B$N;XDj$OJL\e(B)\e$B!#%G%U%)%k%H$G$O\e(B --datedir \e$B$K\e(B "/htdocs"
+ \e$B$H$$$&%5%U%#%C%/%9$r$D$1$?$b$N$G$9!#\e(B
+ "<code>--datadir=/home/apache</code>" \e$B$H$7$F@_Dj$9$k$H!"\e(B
+ suEXEC wrapper \e$B$K$H$C$F\e(B "/home/apache/htdocs"
+ \e$B$,%I%-%e%a%s%H%k!<%H$H$7$F;H$o$l$^$9!#\e(B</dd>
+
+ <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
+
+ <dd>suEXEC \e$B$N=hM}$H%(%i!<$,5-O?$5$l$k%U%!%$%kL>$r;XDj$7$^$9!#\e(B
+ (\e$B4F::$d%G%P%C%0L\E*$KM-MQ\e(B)
+ \e$B%G%U%)%k%H$G$O%m%0%U%!%$%k$O\e(B "suexec_log" \e$B$H$$$&L>A0$G!"\e(B
+ \e$BI8=`$N%m%0%U%!%$%k%G%#%l%/%H%j\e(B (--logfiledir) \e$B$KCV$+$l$^$9!#\e(B
+ </dd>
+
+ <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
+
+ <dd>suEXEC \e$B$,%"%/%;%9$r5v$5$l$k%f!<%6%[!<%`%G%#%l%/%H%jG[2<$N\e(B
+ \e$B%5%V%G%#%l%/%H%j$r;XDj$7$^$9!#\e(B
+ \e$B$3$N%G%#%l%/%H%j0J2<$NA4<B9T%U%!%$%k$O!"\e(B"\e$B0BA4$J\e(B"\e$B%W%m%0%i%`$K$J$k$h$&!"\e(B
+ suEXEC \e$B$,$=$N%f!<%6$H$7$F<B9T$G$-$k$h$&$K$7$^$9!#\e(B
+ "\e$BC1=c$J\e(B" UserDir \e$B%G%#%l%/%F%#%V$r;H$C$F$$$k>l9g\e(B
+ (\e$B$9$J$o$A\e(B "*" \e$B$r4^$^$J$$$b$N\e(B)\e$B!"$3$l$HF1$8CM$r@_Dj$9$Y$-$G$9!#\e(B
+ Userdir \e$B%G%#%l%/%F%#%V$,$=$N%f!<%6$N%Q%9%o!<%I%U%!%$%kFb$N\e(B
+ \e$B%[!<%`%G%#%l%/%H%j$HF1$8>l=j$r;X$7$F$$$J$1$l$P!"\e(B
+ suEXEC \e$B$OE,@Z$KF0:n$7$^$;$s!#%G%U%)%k%H$O\e(B "public_html" \e$B$G$9!#\e(B
+ <br />
+ \e$B3F\e(B UserDir \e$B$,0[$J$C$?2>A[%[%9%H$r@_Dj$7$F$$$k>l9g!"\e(B
+ \e$B$=$l$i$rA4$F0l$D$N?F%G%#%l%/%H%j$K4^$a$F!"\e(B
+ \e$B$=$N?F%G%#%l%/%H%j$NL>A0$r$3$3$G;XDj$9$kI,MW$,$"$j$^$9!#\e(B
+ <strong>\e$B$3$N$h$&$K;XDj$5$l$J$1$l$P\e(B "~userdir" cgi
+ \e$B$X$N%j%/%(%9%H$,F0:n$7$^$;$s!#\e(B</strong></dd>
+
+ <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
+
+ <dd>suEXEC \e$B$NBP>]%f!<%6$H$7$F5v$5$l$k\e(B UID \e$B$N:G>.CM$r;XDj$7$^$9!#\e(B
+ \e$BBgDq$N%7%9%F%`$G$O\e(B 500 \e$B$+\e(B 100 \e$B$,0lHLE*$G$9!#\e(B
+ \e$B%G%U%)%k%HCM$O\e(B 100 \e$B$G$9!#\e(B</dd>
+
+ <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
+
+ <dd>suEXEC \e$B$NBP>]%0%k!<%W$H$7$F5v$5$l$k\e(B GID
+ \e$B$N:G>.CM$r;XDj$7$^$9!#BgDq$N%7%9%F%`$G$O\e(B 100 \e$B$,0lHLE*$J$N$G!"\e(B
+ \e$B%G%U%)%k%HCM$H$7$F$b\e(B 100 \e$B$,;H$o$l$F$$$^$9!#\e(B</dd>
+
+ <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
+
+ <dd>CGI \e$B<B9T%U%!%$%k$KEO$5$l$k0BA4$J\e(B PATH \e$B4D6-JQ?t$G$9!#\e(B
+ \e$B%G%U%)%k%HCM$O\e(B "/usr/local/bin:/usr/bin:/bin" \e$B$G$9!#\e(B
+ </dd>
+ </dl>
+ <br />
+ <br />
+
+ <p align="left"><strong>suEXEC \e$B@_Dj$N3NG'\e(B</strong>
+ <br />
+ suEXEC wrapper \e$B$r%3%s%Q%$%k$7$F%$%s%9%H!<%k$9$kA0$K!"@_DjFbMF$r\e(B
+ --layout \e$B%*%W%7%g%s$G3NG'$G$-$^$9!#\e(B<br />
+ \e$B=PNONc\e(B:</p>
+<pre>
+ suEXEC setup:
+ suexec binary: /usr/local/apache/sbin/suexec
+ document root: /usr/local/apache/share/htdocs
+ userdir suffix: public_html
+ logfile: /usr/local/apache/var/log/suexec_log
+ safe path: /usr/local/bin:/usr/bin:/bin
+ caller ID: www
+ minimum user ID: 100
+ minimum group ID: 100
+</pre>
+ <br />
+ <br />
+
+ <p align="left"><strong>suEXEC wrapper
+ \e$B$N%3%s%Q%$%k$H%$%s%9%H!<%k\e(B</strong><br />
+ --enable-suexec \e$B%*%W%7%g%s$G\e(B suEXEC \e$B5!G=$rM-8z$K$9$k$H!"\e(B
+ "make" \e$B%3%^%s%I$r<B9T$7$?;~$K\e(B suEXEC \e$B$N%P%$%J%j\e(B (Apache \e$B<+BN$b\e(B)
+ \e$B$,<+F0E*$K:n@.$5$l$^$9!#\e(B
+ <br />
+ \e$B$9$Y$F$N9=@.MWAG$,:n@.$5$l$k$H!"$=$l$i$N%$%s%9%H!<%k$K$O\e(B
+ "make install" \e$B%3%^%s%I$,<B9T$G$-$^$9!#%P%$%J%j%$%a!<%8$N\e(B "suexec"
+ \e$B$O\e(B --sbindir \e$B%*%W%7%g%s$G;XDj$5$l$?%G%#%l%/%H%j$K%$%s%9%H!<%k$5$l$^$9!#\e(B
+ \e$B%G%U%)%k%H$N>l=j$O\e(B "/usr/local/apache/sbin/suexec" \e$B$G$9!#\e(B<br />
+ \e$B%$%s%9%H!<%k;~$K$O\e(B <strong><em>root</em></strong>
+ \e$B8"8B$,I,MW$J$N$GCm0U$7$F$/$@$5$$!#\e(Bwrapper \e$B$,%f!<%6\e(B ID
+ \e$B$r@_Dj$9$k$?$a$K!"=jM-<T\e(B <code><em>root</em></code>
+ \e$B$G$N%;%C%H%f!<%6\e(B ID
+ \e$B%S%C%H$r$=$N%U%!%$%k$N%b!<%I$K@_Dj$7$J$1$l$P$J$j$^$;$s!#\e(B
+ </p>
+
+ <p align="center"><strong><a
+ href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong></p>
+
+ <h3><a id="enable" name="enable">suEXEC
+ \e$B$NM-8z2=$HL58z2=\e(B</a></h3>
+
+ <p align="left">\e$B5/F0;~$K!"\e(BApache \e$B$O\e(B "sbin" \e$B%G%#%l%/%H%j$G\e(B
+ "suexec" \e$B$rC5$7$^$9\e(B
+ (\e$B%G%U%)%k%H$O\e(B "/usr/local/apache/sbin/suexec") \e$B!#\e(B
+ \e$BE,@Z$K@_Dj$5$l$?\e(B suEXEC \e$B$,$_$D$+$k$H!"\e(B
+ \e$B%(%i!<%m%0$K0J2<$N%a%C%;!<%8$,=PNO$5$l$^$9!#\e(B</p>
+<pre>
+ [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
+</pre>
+
+ <p>\e$B%5!<%P5/F0;~$K$3$N%a%C%;!<%8$,=P$J$$>l9g!"\e(B
+ \e$BBgDq$O%5!<%P$,A[Dj$7$?>l=j$G\e(B wrapper \e$B%W%m%0%i%`$,8+$D$+$i$J$+$C$?$+!"\e(B
+ <em>setuid root</em> \e$B$H$7$F%$%s%9%H!<%k$5$l$F$$$J$$$+$G$9!#\e(B
+ <br />
+ suEXEC \e$B$N;EAH$_$r;HMQ$9$k$N$,=i$a$F$G!"\e(BApache \e$B$,4{$KF0:nCf$G$"$l$P!"\e(B
+ Apache \e$B$r\e(B kill \e$B$7$F!":F5/F0$7$J$1$l$P$J$j$^$;$s!#\e(BHUP \e$B%7%0%J%k$d\e(B
+ USR1 \e$B%7%0%J%k$K$h$kC1=c$J:F5/F0$G$OIT==J,$G$9!#\e(B<br />
+ suEXEC \e$B$rL58z$K$9$k>l9g$O!"\e(B"suexec" \e$B%U%!%$%k$r:o=|$7$F$+$i\e(B
+ Apache \e$B$r\e(B kill \e$B$7$F:F5/F0$7$^$9!#\e(B
+ </p>
+
+ <p align="center"><strong><a
+ href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong></p>
+
+ <h3><a id="usage" name="usage">suEXEC \e$B$N;HMQ\e(B</a></h3>
+
+ <p align="left"><strong>\e$B2>A[%[%9%H\e(B:</strong><br />
+ suEXEC wrapper \e$B$N;H$$J}$H$7$F!"\e(B
+ <a href="mod/core.html#virtualhost">\e$B2>A[%[%9%H\e(B</a>\e$B@_Dj$G$N\e(B
+ <a href="mod/mpm_common.html#user">User</a> \e$B%G%#%l%/%F%#%V$H\e(B
+ <a href="mod/mpm_common.html#group">Group</a>
+ \e$B%G%#%l%/%F%#%V$rDL$7$?$b$N$,$"$j$^$9!#\e(B
+ \e$B$3$l$i$N%G%#%l%/%F%#%V$r%a%$%s%5!<%P$N%f!<%6\e(B ID
+ \e$B$H0[$J$k$b$N$K$9$k$H!"\e(BCGI \e$B%j%=!<%9$X$N$9$Y$F$N%j%/%(%9%H$O!"$=$N\e(B
+ <code><VirtualHost></code> \e$B$G;XDj$5$l$?\e(B <em>User</em> \e$B$H\e(B
+ <em>Group</em> \e$B$H$7$F<B9T$5$l$^$9!#\e(B<code><VirtualHost></code>
+ \e$B$G$=$l$i$N%G%#%l%/%F%#%V$N$I$A$i$+!"$^$?$ON>J}$,;XDj$5$l$F$$$J$$>l9g!"\e(B
+ \e$B%a%$%s%5!<%P$N%f!<%6\e(B ID \e$B$,A[Dj$5$l$^$9!#\e(B</p>
+
+ <p><strong>\e$B%f!<%6%G%#%l%/%H%j\e(B:</strong><br />
+ suEXEC wrapper \e$B$O!"%j%/%(%9%H@h$N%f!<%6$H$7$F\e(B CGI
+ \e$B$r<B9T$9$k$?$a$K$b;H$($^$9!#$3$l$O4|BT$9$k<B9T8"8B$N%f!<%6\e(B ID
+ \e$B$NA0$K!"\e(B"<strong><code>~</code></strong>"
+ \e$BJ8;z$rCV$/$3$H$G<B8=$5$l$^$9!#\e(B
+ \e$B$3$N5!G=$rF0:n$5$;$k$?$a$KI,MW$J$3$H$O!"\e(BCGI
+
\e$B$r$=$N%f!<%6$G<B9T$G$-$k$3$H!"$=$N%9%/%j%W%H$,>e5-$N
\e(B<a
+ href="#model">\e$B%;%-%e%j%F%#8!::\e(B</a>\e$B$r%Q%9$G$-$k$3$H$G$9!#\e(B
+ </p>
+
+ <p align="center"><strong><a
+ href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong></p>
+
+ <h3><a id="debug" name="debug">suEXEC \e$B$N%G%P%C%0\e(B</a></h3>
+
+ <p align="left">suEXEC wrapper \e$B$O!">e5-$G=R$Y$?\e(B --with-suexec-logfile
+ \e$B%*%W%7%g%s$G;XDj$5$l$?%U%!%$%k$K%m%0>pJs$r5-O?$7$^$9!#\e(B
+ wrapper \e$B$rE,@Z$K@_Dj!"%$%s%9%H!<%k$G$-$F$$$k$H;W$&>l9g!"\e(B
+ \e$B$I$3$GLB$C$F$$$k$+8+$h$&$H$9$k$J$i$3$N%m%0$H%5!<%P$N\e(B
+ \e$B%(%i!<%m%0$r8+$k$H$h$$$G$7$g$&!#\e(B</p>
+
+ <p align="center"><strong><a
+ href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong></p>
+
+ <h3><a id="jabberwock"
+ name="jabberwock">\e$B$H$+$2$KCm0U\e(B: \e$B7Y9p$H;vNc\e(B</a></h3>
+
+ <p align="left"><strong>\e$BCm0U\e(B!</strong>
+ \e$B$3$N>O$O40A4$G$O$"$j$^$;$s!#$3$N>O$N:G?72~D{HG$K$D$$$F$O!"\e(B
+ Apache
\e$B%0%k!<%W$N
\e(B<a href="http://www.apache.org/docs/suexec.html">
+ \e$B%*%s%i%$%s%I%-%e%a%s%H\e(B</a>\e$BHG$r;2>H$7$F$/$@$5$$!#\e(B
+ </p>
+
+ <p align="left">\e$B%5!<%P$N@_Dj$K@)8B$r$b$&$1$k\e(B wrapper \e$B$K$D$$$F!"\e(B
+ \e$B$$$/$D$+6=L#?<$$E@$,$"$j$^$9!#\e(BsuEXEC \e$B$K4X$9$k\e(B "\e$B%P%0\e(B"
+ \e$B$rJs9p$9$kA0$K$3$l$i$r3NG'$7$F$/$@$5$$!#\e(B</p>
+
+ <ul>
+ <li><strong>suEXEC \e$B$N6=L#?<$$E@\e(B</strong></li>
+
+ <li>\e$B3,AX9=B$$N@)8B\e(B
+
+
+ <blockquote>
+ \e$B%;%-%e%j%F%#$H8zN($NM}M3$+$i!"\e(BsuEXEC \e$B$NA4$F$N%j%/%(%9%H$O\e(B
+ \e$B2>A[%[%9%H$X$N%j%/%(%9%H$K$*$1$k:G>e0L$N%I%-%e%a%s%H%k!<%HFb$+!"\e(B
+ \e$B%f!<%6%G%#%l%/%H%j$X$N%j%/%(%9%H$K$*$1$k8D!9$N%f!<%6$N:G>e0L$N\e(B
+ \e$B%I%-%e%a%s%H%k!<%HFb$K;D$i$J$1$l$P$J$j$^$;$s!#\e(B
+ \e$BNc$($P!";M$D$N2>A[%[%9%H$r@_Dj$7$F$$$k>l9g!"\e(B
+ \e$B2>A[%[%9%H$N\e(B suEXEC \e$B$KM-Mx$J$h$&$K!"%a%$%s$N\e(B Apache
+ \e$B%I%-%e%a%s%H3,AX$N30B&$KA4$F$N2>A[%[%9%H$N%I%-%e%a%s%H%k!<%H$r\e(B
+ \e$B9=C[$9$kI,MW$,$"$j$^$9!#\e(B(\e$BNc$O8eF|5-:\\e(B)
+ </blockquote>
+ </li>
+
+ <li>suEXEC \e$B$N\e(B PATH \e$B4D6-JQ?t\e(B
+
+
+ <blockquote>
+ \e$B$3$l$rJQ99$9$k$N$O4m81$G$9!#$3$N;XDj$K4^$^$l$k3F%Q%9$,\e(B
+ <strong>\e$B?.Mj$G$-$k\e(B</strong>
+ \e$B%G%#%l%/%H%j$G$"$k$3$H$r3NG'$7$F$/$@$5$$!#\e(B
+ \e$B@$3&$+$i$N%"%/%;%9$K$h$j!"C/$+$,%[%9%H>e$G%H%m%$$NLZGO\e(B
+ \e$B$r<B9T$G$-$k$h$&$K$O$7$?$/$J$$$G$7$g$&!#\e(B
+ </blockquote>
+ </li>
+
+ <li>suEXEC \e$B%3!<%I$N2~B$\e(B
+
+
+ <blockquote>
+ \e$B7+$jJV$7$^$9$,!"2?$r$d$m$&$H$7$F$$$k$+GD0.$;$:$K$3$l$r$d$k$H\e(B
+ <strong>\e$BBg$-$JLdBj\e(B</strong>\e$B$r0z$-5/$3$7$+$M$^$;$s!#\e(B
+ \e$B2DG=$J8B$jHr$1$F$/$@$5$$!#\e(B
+ </blockquote>
+ </li>
+ </ul>
+
+ <p align="center"><strong><a
+ href="suexec.html">\e$BL\<!$KLa$k\e(B</a></strong></p>
+ <!--#include virtual="footer.html" -->
+ </body>
+</html>
projects / apache / commitdiff