Apache2
suexec.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
24 #ifndef _SUEXEC_H
25 #define _SUEXEC_H
26 
27 /*
28  * Include ap_config_layout so we can work out where the default htdocsdir
29  * and logsdir are.
30  */
31 #include "ap_config_layout.h"
32 
33 /*
34  * HTTPD_USER -- Define as the username under which Apache normally
35  * runs. This is the only user allowed to execute
36  * this program.
37  */
38 #ifndef AP_HTTPD_USER
39 #define AP_HTTPD_USER "www"
40 #endif
41 
42 /*
43  * UID_MIN -- Define this as the lowest UID allowed to be a target user
44  * for suEXEC. For most systems, 500 or 100 is common.
45  */
46 #ifndef AP_UID_MIN
47 #define AP_UID_MIN 100
48 #endif
49 
50 /*
51  * GID_MIN -- Define this as the lowest GID allowed to be a target group
52  * for suEXEC. For most systems, 100 is common.
53  */
54 #ifndef AP_GID_MIN
55 #define AP_GID_MIN 100
56 #endif
57 
58 /*
59  * USERDIR_SUFFIX -- Define to be the subdirectory under users'
60  * home directories where suEXEC access should
61  * be allowed. All executables under this directory
62  * will be executable by suEXEC as the user so
63  * they should be "safe" programs. If you are
64  * using a "simple" UserDir directive (ie. one
65  * without a "*" in it) this should be set to
66  * the same value. suEXEC will not work properly
67  * in cases where the UserDir directive points to
68  * a location that is not the same as the user's
69  * home directory as referenced in the passwd file.
70  *
71  * If you have VirtualHosts with a different
72  * UserDir for each, you will need to define them to
73  * all reside in one parent directory; then name that
74  * parent directory here. IF THIS IS NOT DEFINED
75  * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
76  * See the suEXEC documentation for more detailed
77  * information.
78  */
79 #ifndef AP_USERDIR_SUFFIX
80 #define AP_USERDIR_SUFFIX "public_html"
81 #endif
82 
83 /*
84  * LOG_EXEC -- Define this as a filename if you want all suEXEC
85  * transactions and errors logged for auditing and
86  * debugging purposes.
87  */
88 #ifndef AP_LOG_EXEC
89 #define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */
90 #endif
91 
92 /*
93  * DOC_ROOT -- Define as the DocumentRoot set for Apache. This
94  * will be the only hierarchy (aside from UserDirs)
95  * that can be used for suEXEC behavior.
96  */
97 #ifndef AP_DOC_ROOT
98 #define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR
99 #endif
100 
101 /*
102  * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
103  *
104  */
105 #ifndef AP_SAFE_PATH
106 #define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
107 #endif
108 
109 #endif /* _SUEXEC_H */
Apache Config Layout.