Getting ready for suexec in Apache

[Donboy]

I plan to have several virtual hosts on my RH9 machine and I want to make sure that they have suexec enabled for Apache so that when a CGI script is run, it is writing files as their username/group instead of apache:apache.

Apache came loaded on the box when I installed RH9, and to my understanding I have to rebuild Apache to enable suexec. When I run apachectl -l I get...

core.c
prefork.c
http_core.c
mod_so.c

So this tells me that suexec isn't in there. So now I need some source code for this so I can rebuild. When I run apachectl -v it says "Server version: Apache/2.0.40" so I managed to find a src RPM for Apache 2.0.40-21.5. Is this good enough????

Now on to the hard stuff...

I need to know what options I will need in order to enable suexec and being sure to include the options I have already.

I posted a similar message on "another" site and got no answer in a full week. Thanks in advance for any help.

 

[Donboy]

PS: I think these are good for me (unless there are any glaring problems) so I just need to know what else to add to ensure that my other compile options are OK for the stuff I had built in already.

I don't want any uid/gid less than 508:508 to have access.

./configure --server-uid=apache \
--server-gid=apache \
--suexec-docroot=/home \
--enable-suexec \
--suexec-caller=apache \
--suexec-logfile=/var/log/apache/suexec_log \
--suexec-userdir=public_html \ (do I even need this if I'm not using them?)
--suexec-uidmin=508 \
--suexec-gidmin=508 \
--suexec-safepath=/usr/local/bin:/usr/bin:/bin

 

[siberian]

core, prefork and http_core have to be there or apache won't do anything.

This should be fine.

 

[Donboy]

Ok, here's what I ended up doing...

I decided that to help eliminate some confusion, I would install a fresh copy of apache in a new directory and just remove the old one later. I have installed the new copy using (pretty much) the config options above. Some of the config options I tried to use are no longer recognized, so those were removed.

But anyway... now when I do a apachectl -l I get a whole bunch of modules complied in...

Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_setenvif.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_suexec.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c

WOW! That's a lot! I didn't ask for all of these. I guess these are getting complied in by default now. How can I compile without all of this extra stuff? I guess I have to use --disable options for each one I don't want??

Now, on to the main problem...

First thing... PHP isn't being recognized. When I open a PHP script in the browser, it shows me the raw code. Looking at my old config file, I can't see any place where the PHP modules are being called. I pretty much duplicated the virtual host stanzas from my old config file, modifying it as needed, so I'm pretty sure all of that's good.

Second... my SSL configs aren't happening either. I pretty much copied the virtual host stuff that was in my old ssl.conf and added it to the new. However, it's still not calling my pages using

https://.

If I remove the "s" it will open the page, but without SSL. The error message returned in the browser is the ol' windows standard "Page cannot be displayed" message and I get nothing in the logs whatsover. Is there something I need to do to tell apache to look at my ssl.conf file? It's like it's not being read.

There must be something simple I'm overlooking.