Commit 711b7d34 authored by Ryan Bloom's avatar Ryan Bloom
Browse files

Add documentation for mod_suexec. And add a note in the old docs 

about User that SuexecUserGroup now replaces putting User/Group directives
inside of VirtualHosts.
PR:	7634


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89499 13f79535-47bb-0310-9956-ffa450edef68
parent 6c8b202b

docs/manual/mod/index-bytype.html

+2 −0
Original line number Diff line number Diff line
@@ -136,6 +136,8 @@ virtual hosts under different userids. 
<DD>Windows ISAPI Extension support

<DT><A HREF="mod_ext_filter.html">mod_ext_filter</A>

<DD>Filtering content with external programs.

<DT><A HREF="mod_suexec.html">mod_suexec</A>

<DD>Run CGI requests as a specified user and group.

</DL>



<H2>Internal Content Handlers</H2>

docs/manual/mod/index.html

+2 −0
Original line number Diff line number Diff line
@@ -118,6 +118,8 @@ virtual hosts under different userids. 
<DD>Automatically correct minor typos in URLs

<DT><A HREF="mod_status.html">mod_status</A>

<DD>Server status display

<DT><A HREF="mod_suexec.html">mod_suexec</A>

<DD>Run CGI requests as a specified user and group.

<DT><A HREF="mod_userdir.html">mod_userdir</A>

<DD>User home directories.

<DT><A HREF="mod_unique_id.html">mod_unique_id</A>

docs/manual/mod/mod_suexec.html

0 → 100644
+95 −0
Original line number Diff line number Diff line 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>

<HEAD>

<TITLE>Apache module mod_suexec</TITLE>

</HEAD>



<!-- Background white, links blue (unvisited), navy (visited), red (active) -->

<BODY

 BGCOLOR="#FFFFFF"

 TEXT="#000000"

 LINK="#0000FF"

 VLINK="#000080"

 ALINK="#FF0000"

>

<!--#include virtual="header.html" -->

<H1 ALIGN="CENTER">Module mod_suexec</H1>



<P>

This module provides support for <A HREF="../suexec.html">

running CGI scripts as a specified User and Group</A>.

</P>



<P><A

HREF="module-dict.html#Status"

REL="Help"

><STRONG>Status:</STRONG></A> Extension

<BR>

<A

HREF="module-dict.html#SourceFile"

REL="Help"

><STRONG>Source File:</STRONG></A> mod_suexec.c

<BR>

<A

HREF="module-dict.html#ModuleIdentifier"

REL="Help"

><STRONG>Module Identifier:</STRONG></A> suexec_module

<BR>

<A

HREF="module-dict.html#Compatibility"

REL="Help"

><STRONG>Compatibility:</STRONG></A> Available in Apache 2.0 and later.

</P>



<h2>Summary</h2>



<p>This module allows CGI scripts to run as a specified user and Group.</p>



<H2>Directives</H2>

<UL>

  <LI><A HREF="#suexecusergroup">SuexecUserGroup</A>

</UL>



<H2><A NAME="suexecusergroup">SuexecUserGroup directive</A></H2>

<P>

<A

 HREF="directive-dict.html#Syntax"

 REL="Help"

><STRONG>Syntax:</STRONG></A> SuexecUserGroup <EM>User Group</EM><BR>

<A

 HREF="directive-dict.html#Default"

 REL="Help"

><STRONG>Default:</STRONG></A> None<BR>

<A

 HREF="directive-dict.html#Context"

 REL="Help"

><STRONG>Context:</STRONG></A> server config, virtual host<BR>

<A

 HREF="directive-dict.html#Status"

 REL="Help"

><STRONG>Status:</STRONG></A> Extension<BR>

<A

 HREF="directive-dict.html#Module"

 REL="Help"

><STRONG>Module:</STRONG></A> mod_suexec<BR>

<A

 HREF="directive-dict.html#Compatibility"

 REL="Help"

><STRONG>Compatibility:</STRONG></A> SuexecUserGroup is only available in 2.0 and later.</P>

<P>

The <CODE>SuexecUserGroup</CODE> directive allows you to specify a user and

group for CGI programs to run as.  Non-CGI requests are still processes

with the user specified in the User directive.  This directive replaces

using the User and Group directives inside of VirtualHosts.

</P>

<HR>



<H3 ALIGN="CENTER">

 Apache HTTP Server Version 2.0

</H3>



<A HREF="./"><IMG SRC="../images/index.gif" ALT="Index"></A>

<A HREF="../"><IMG SRC="../images/home.gif" ALT="Home"></A>



</BODY>

</HTML>

docs/manual/mod/mpm_common.html

+7 −10
Original line number Diff line number Diff line
@@ -145,11 +145,10 @@ Note: if you start the server as a non-root user, it will fail to change 
to the specified group, and will instead continue to run as the group of the

original user. <P>



Special note: Use of this directive in &lt;VirtualHost&gt; requires a

properly configured <A HREF="../suexec.html">suEXEC wrapper</A>.

When used inside a &lt;VirtualHost&gt; in this manner, only the group

that CGIs are run as is affected.  Non-CGI requests are still processed

as the group specified in the main Group directive.<P>

Special note: Use of this directive in &lt;VirtualHost&lt; is no longer

supported.  To implement the <A HREF="../suexec.html">suEXEC wrapper</A>

with Apache 2.0, use the <A HREF=mod_suexec.html#suexecusergroup>

SuexecUserGroup</A> directive.



SECURITY: See <A HREF="#user">User</A> for a discussion of the security

considerations.<P><HR>
@@ -759,11 +758,9 @@ to the lesser privileged user, and will instead continue to run as 
that original user. If you do start the server as root, then it is normal

for the parent process to remain running as root.<P>



Special note: Use of this directive in &lt;VirtualHost&gt; requires a

properly configured <A HREF="../suexec.html">suEXEC wrapper</A>.

When used inside a &lt;VirtualHost&gt; in this manner, only the user

that CGIs are run as is affected.  Non-CGI requests are still processed

with the user specified in the main User directive.<P>

Special note: Use of this directive in &lt;VirtualHost&gt; is no longer

supported.  To configure your server for <A HREF="mod_suexec.html">

suexec</A> use <A HREF="mod_suexec.html#suexecusergroup">SuexecUserGroup</A>.



SECURITY: Don't set User (or <A HREF="#group">Group</A>) to

<CODE>root</CODE> unless you know exactly what you are doing, and what the