From: Ken Coar Date: Sun, 4 May 1997 03:46:35 +0000 (+0000) Subject: Changed s to s, s to s, brought most of the lines X-Git-Tag: APACHE_1_2b11~26 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0e29cb212c1e65c643d82d2a5d13c4312c2436e0;p=apache Changed s to s, s to s, brought most of the lines to less than 80 characters, and corrected the note about what characters aren't allowed in the path. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@78086 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/suexec.html b/docs/manual/suexec.html index 4a939a5df1..239217988d 100644 --- a/docs/manual/suexec.html +++ b/docs/manual/suexec.html @@ -8,13 +8,14 @@

What is suEXEC?

-The suEXEC feature, introduced in Apache 1.2 provides the ability to -run CGI programs under user ids different from the user id of the -calling web-server. Used properly, this feature can reduce considerably the -insecurity of allowing users to run CGI programs. At the same time, improperly -configured, this facility can crash your computer, burn your house down and -steal all the money from your retirement fund. :-) If you aren't -familiar with managing setuid root programs and the security issues they +The suEXEC feature, introduced in Apache 1.2 provides +the ability to run CGI programs under user IDs +different from the user ID of the calling web-server. Used properly, +this feature can reduce considerably the insecurity of allowing users to +run CGI programs. At the same time, improperly configured, this facility +can crash your computer, burn your house down and steal all the money +from your retirement fund. :-) If you aren't familiar +with managing setuid root programs and the security issues they present, we highly recommend that you not consider using this feature.

@@ -25,11 +26,11 @@ the intent that it will only be installed by users determined to use it and is not part of the normal install/compile process.

Configuring the suEXEC wrapper

-From the top-level of the Apache source tree, type:  cd support [ENTER]

-Edit the suexec.h file and change the following macros to match your -local Apache installation.

-From support/suexec.h - +From the top-level of the Apache source tree, +type:  cd support [ENTER]

+Edit the suexec.h file and change the following macros to +match your local Apache installation.

+From support/suexec.h 

 /*
  * HTTPD_USER -- Define as the username under which Apache normally
@@ -58,95 +59,123 @@ local Apache installation.

  */
 #define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
-

Compiling the suEXEC wrapper

-At the shell command prompt, type:  cc suexec.c -o suexec [ENTER].

-This should create the suexec wrapper executable. +At the shell command prompt, type:  cc suexec.c +-o suexec [ENTER].

+This should create the suexec wrapper executable.

Compiling Apache for suEXEC support

By default, Apache is compiled to look for the suEXEC wrapper in the following location.

-From src/httpd.h - +From src/httpd.h 

 /* The path to the suEXEC wrapper */
 #ifndef SUEXEC_BIN
 #define SUEXEC_BIN "/usr/local/etc/httpd/sbin/suexec"
 #endif
-

If your installation requires location of the wrapper program in a different -directory, edit src/httpd.h and recompile your Apache server. See Compiling and Installing Apache for more info on this process.

+directory, edit src/httpd.h and recompile your Apache server. +See Compiling and Installing Apache for more +info on this process.

Installing the suEXEC wrapper

-Copy the suexec executable created in the exercise above to the defined -location for SUEXEC_BIN.

-In order for the wrapper to set the user id for execution requests it must me installed -as owner root and must have the setuserid execution bit set for file modes. -If you are not running a root user shell, do so now and execute the following -commands.

+Copy the suexec executable created in the +exercise above to the defined location for SUEXEC_BIN.

+In order for the wrapper to set the user ID for execution requests it +must me installed as owner root and must have +the setuserid execution bit set for file modes. +If you are not running a root user shell, do +so now and execute the following commands.

-chown root /usr/local/etc/httpd/sbin/suexec [ENTER]

-chmod 4711 /usr/local/etc/httpd/sbin/suexec [ENTER]

+chown root /usr/local/etc/httpd/sbin/suexec [ENTER]

+chmod 4711 /usr/local/etc/httpd/sbin/suexec [ENTER]

-Change the path to the suEXEC wrapper to match your system installation. +Change the path to the suEXEC wrapper to match your system +installation.

Security Model of suEXEC

-The suEXEC wrapper supplied with Apache performs the following security -checks before it will execute any program passed to it for execution. +The suEXEC wrapper supplied with Apache performs the +following security checks before it will execute any program passed to +it for execution.
    -
  1. User executing the wrapper must be a valid user on this system. -
  2. User executing the wrapper must be the compiled in HTTPD_USER. -
  3. The command that the request wishes to execute must not contain a /. -
  4. The command being executed must reside under the compiled in DOC_ROOT. -
  5. The current working directory must be a directory. -
  6. The current working directory must not be writable by group or other. -
  7. The command being executed cannot be a symbolic link. -
  8. The command being executed cannot be writable by group or other. -
  9. The command being executed cannot be a setuid or setgid program. -
  10. The target UID and GID must be a valid user and group on this system. -
  11. The target UID and GID to execute as, must match the UID and GID of the directory. -
  12. The target execution UID and GID must not be the privileged ID 0. +
  13. User executing the wrapper must be a valid user on this + system. +
  14. User executing the wrapper must be the compiled in + HTTPD_USER. +
  15. The command that the request wishes to execute must not + contain a leading / or ../, or the string "/../" anywhere. +
  16. The command being executed must reside under the compiled in + DOC_ROOT. +
  17. The current working directory must be a directory. +
  18. The current working directory must not be writable by + group or other. +
  19. The command being executed cannot be a symbolic link. +
  20. The command being executed cannot be writable by + group or other. +
  21. The command being executed cannot be a setuid or + setgid program. +
  22. The target UID and GID must be a valid user and group on + this system. +
  23. The target UID and GID to execute as, must match the UID and + GID of the directory. +
  24. The target execution UID and GID must not be the privileged + ID 0.
-If any of these issues are too restrictive, or do not seem restrictive enough, you are -welcome to install your own version of the wrapper. We've given you the rope, now go -have fun with it. :-) +If any of these issues are too restrictive, or do not seem restrictive +enough, you are welcome to install your own version of the wrapper. +We've given you the rope, now go have fun with it. :-)

Using suEXEC

-After properly installing the suexec wrapper executable, you must kill and restart -the Apache server. A simple kill -1 `cat httpd.pid` will not be enough. -Upon startup of the web-server, if Apache finds a properly configured suexec wrapper, -it will print the following message to the console.

+After properly installing the suexec wrapper +executable, you must kill and restart the Apache server. A simple +kill -1 `cat httpd.pid` will not be enough. +Upon startup of the web-server, if Apache finds a properly configured +suexec wrapper, it will print the following message to +the console:

Configuring Apache for use with suexec wrapper.

-If you don't see this message at server startup, the server is most likely not finding the -wrapper program where it expects it, or the executable is not installed setuid root. Check your installation and try again.

- -One way to use suEXEC is through the User and Group directives in VirtualHost definitions. By setting these directives to values -different from the main server user id, all requests for CGI resources will be executed as -the User and Group defined for that <VirtualHost>. If only one or -neither of these directives are specified for a <VirtualHost> then the main +If you don't see this message at server startup, the server is most +likely not finding the wrapper program where it expects it, or the +executable is not installed setuid root. Check +your installation and try again.

+ +One way to use suEXEC is through the +User and +Group directives in +VirtualHost +definitions. By setting these directives to values different from the +main server user ID, all requests for CGI resources will be executed as +the User and Group defined for that +<VirtualHost>. If only one or +neither of these directives are specified for a +<VirtualHost> then the main server userid is assumed.

-suEXEC can also be used to to execute CGI programs as the user to which the request -is being directed. This is accomplished by using the ~ character prefixing the -user id for whom execution is desired. The only requirement needed for this feature to work -is for CGI execution to be enabled for the user and that the script must meet the scrutiny of the security checks above. +suEXEC can also be used to to execute CGI programs as +the user to which the request is being directed. This is accomplished by +using the ~ character prefixing the user ID for whom +execution is desired. +The only requirement needed for this feature to work is for CGI +execution to be enabled for the user and that the script must meet the +scrutiny of the security checks above.

Debugging suEXEC

-The suEXEC wrapper will write log information to the location defined in the suexec.h as indicated above. If you feel you have configured and installed the wrapper properly, -have a look at this log and the error_log for the server to see where you may have gone astray. +The suEXEC wrapper will write log information to the location defined in +the suexec.h as indicated above. If you feel you have +configured and installed the wrapper properly, +have a look at this log and the error_log for the server to see where +you may have gone astray. - diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en index 4a939a5df1..239217988d 100644 --- a/docs/manual/suexec.html.en +++ b/docs/manual/suexec.html.en @@ -8,13 +8,14 @@

What is suEXEC?

-The suEXEC feature, introduced in Apache 1.2 provides the ability to -run CGI programs under user ids different from the user id of the -calling web-server. Used properly, this feature can reduce considerably the -insecurity of allowing users to run CGI programs. At the same time, improperly -configured, this facility can crash your computer, burn your house down and -steal all the money from your retirement fund. :-) If you aren't -familiar with managing setuid root programs and the security issues they +The suEXEC feature, introduced in Apache 1.2 provides +the ability to run CGI programs under user IDs +different from the user ID of the calling web-server. Used properly, +this feature can reduce considerably the insecurity of allowing users to +run CGI programs. At the same time, improperly configured, this facility +can crash your computer, burn your house down and steal all the money +from your retirement fund. :-) If you aren't familiar +with managing setuid root programs and the security issues they present, we highly recommend that you not consider using this feature.

@@ -25,11 +26,11 @@ the intent that it will only be installed by users determined to use it and is not part of the normal install/compile process.

Configuring the suEXEC wrapper

-From the top-level of the Apache source tree, type:  cd support [ENTER]

-Edit the suexec.h file and change the following macros to match your -local Apache installation.

-From support/suexec.h - +From the top-level of the Apache source tree, +type:  cd support [ENTER]

+Edit the suexec.h file and change the following macros to +match your local Apache installation.

+From support/suexec.h 

 /*
  * HTTPD_USER -- Define as the username under which Apache normally
@@ -58,95 +59,123 @@ local Apache installation.

  */
 #define SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
-

Compiling the suEXEC wrapper

-At the shell command prompt, type:  cc suexec.c -o suexec [ENTER].

-This should create the suexec wrapper executable. +At the shell command prompt, type:  cc suexec.c +-o suexec [ENTER].

+This should create the suexec wrapper executable.

Compiling Apache for suEXEC support

By default, Apache is compiled to look for the suEXEC wrapper in the following location.

-From src/httpd.h - +From src/httpd.h 

 /* The path to the suEXEC wrapper */
 #ifndef SUEXEC_BIN
 #define SUEXEC_BIN "/usr/local/etc/httpd/sbin/suexec"
 #endif
-

If your installation requires location of the wrapper program in a different -directory, edit src/httpd.h and recompile your Apache server. See Compiling and Installing Apache for more info on this process.

+directory, edit src/httpd.h and recompile your Apache server. +See Compiling and Installing Apache for more +info on this process.

Installing the suEXEC wrapper

-Copy the suexec executable created in the exercise above to the defined -location for SUEXEC_BIN.

-In order for the wrapper to set the user id for execution requests it must me installed -as owner root and must have the setuserid execution bit set for file modes. -If you are not running a root user shell, do so now and execute the following -commands.

+Copy the suexec executable created in the +exercise above to the defined location for SUEXEC_BIN.

+In order for the wrapper to set the user ID for execution requests it +must me installed as owner root and must have +the setuserid execution bit set for file modes. +If you are not running a root user shell, do +so now and execute the following commands.

-chown root /usr/local/etc/httpd/sbin/suexec [ENTER]

-chmod 4711 /usr/local/etc/httpd/sbin/suexec [ENTER]

+chown root /usr/local/etc/httpd/sbin/suexec [ENTER]

+chmod 4711 /usr/local/etc/httpd/sbin/suexec [ENTER]

-Change the path to the suEXEC wrapper to match your system installation. +Change the path to the suEXEC wrapper to match your system +installation.

Security Model of suEXEC

-The suEXEC wrapper supplied with Apache performs the following security -checks before it will execute any program passed to it for execution. +The suEXEC wrapper supplied with Apache performs the +following security checks before it will execute any program passed to +it for execution.
    -
  1. User executing the wrapper must be a valid user on this system. -
  2. User executing the wrapper must be the compiled in HTTPD_USER. -
  3. The command that the request wishes to execute must not contain a /. -
  4. The command being executed must reside under the compiled in DOC_ROOT. -
  5. The current working directory must be a directory. -
  6. The current working directory must not be writable by group or other. -
  7. The command being executed cannot be a symbolic link. -
  8. The command being executed cannot be writable by group or other. -
  9. The command being executed cannot be a setuid or setgid program. -
  10. The target UID and GID must be a valid user and group on this system. -
  11. The target UID and GID to execute as, must match the UID and GID of the directory. -
  12. The target execution UID and GID must not be the privileged ID 0. +
  13. User executing the wrapper must be a valid user on this + system. +
  14. User executing the wrapper must be the compiled in + HTTPD_USER. +
  15. The command that the request wishes to execute must not + contain a leading / or ../, or the string "/../" anywhere. +
  16. The command being executed must reside under the compiled in + DOC_ROOT. +
  17. The current working directory must be a directory. +
  18. The current working directory must not be writable by + group or other. +
  19. The command being executed cannot be a symbolic link. +
  20. The command being executed cannot be writable by + group or other. +
  21. The command being executed cannot be a setuid or + setgid program. +
  22. The target UID and GID must be a valid user and group on + this system. +
  23. The target UID and GID to execute as, must match the UID and + GID of the directory. +
  24. The target execution UID and GID must not be the privileged + ID 0.
-If any of these issues are too restrictive, or do not seem restrictive enough, you are -welcome to install your own version of the wrapper. We've given you the rope, now go -have fun with it. :-) +If any of these issues are too restrictive, or do not seem restrictive +enough, you are welcome to install your own version of the wrapper. +We've given you the rope, now go have fun with it. :-)

Using suEXEC

-After properly installing the suexec wrapper executable, you must kill and restart -the Apache server. A simple kill -1 `cat httpd.pid` will not be enough. -Upon startup of the web-server, if Apache finds a properly configured suexec wrapper, -it will print the following message to the console.

+After properly installing the suexec wrapper +executable, you must kill and restart the Apache server. A simple +kill -1 `cat httpd.pid` will not be enough. +Upon startup of the web-server, if Apache finds a properly configured +suexec wrapper, it will print the following message to +the console:

Configuring Apache for use with suexec wrapper.

-If you don't see this message at server startup, the server is most likely not finding the -wrapper program where it expects it, or the executable is not installed setuid root. Check your installation and try again.

- -One way to use suEXEC is through the User and Group directives in VirtualHost definitions. By setting these directives to values -different from the main server user id, all requests for CGI resources will be executed as -the User and Group defined for that <VirtualHost>. If only one or -neither of these directives are specified for a <VirtualHost> then the main +If you don't see this message at server startup, the server is most +likely not finding the wrapper program where it expects it, or the +executable is not installed setuid root. Check +your installation and try again.

+ +One way to use suEXEC is through the +User and +Group directives in +VirtualHost +definitions. By setting these directives to values different from the +main server user ID, all requests for CGI resources will be executed as +the User and Group defined for that +<VirtualHost>. If only one or +neither of these directives are specified for a +<VirtualHost> then the main server userid is assumed.

-suEXEC can also be used to to execute CGI programs as the user to which the request -is being directed. This is accomplished by using the ~ character prefixing the -user id for whom execution is desired. The only requirement needed for this feature to work -is for CGI execution to be enabled for the user and that the script must meet the scrutiny of the security checks above. +suEXEC can also be used to to execute CGI programs as +the user to which the request is being directed. This is accomplished by +using the ~ character prefixing the user ID for whom +execution is desired. +The only requirement needed for this feature to work is for CGI +execution to be enabled for the user and that the script must meet the +scrutiny of the security checks above.

Debugging suEXEC

-The suEXEC wrapper will write log information to the location defined in the suexec.h as indicated above. If you feel you have configured and installed the wrapper properly, -have a look at this log and the error_log for the server to see where you may have gone astray. +The suEXEC wrapper will write log information to the location defined in +the suexec.h as indicated above. If you feel you have +configured and installed the wrapper properly, +have a look at this log and the error_log for the server to see where +you may have gone astray. -