diff options
| author | Joe Orton <jorton@apache.org> | 2012-05-24 00:29:03 +0200 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2012-05-24 00:29:03 +0200 |
| commit | f467e61903a38cd6a37be8563d508d6a53abecb1 (patch) | |
| tree | aa143bf79076df4c9a2d8c7e24f09853d1afa927 /docs/manual/suexec.xml | |
| parent | suexec: Support use of setgid/setuid capability bits on Linux, a (diff) | |
| download | apache2-f467e61903a38cd6a37be8563d508d6a53abecb1.tar.xz apache2-f467e61903a38cd6a37be8563d508d6a53abecb1.zip | |
* docs/manual/: Commit XML for suexec changes + re-transform; thanks to nd@.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1342078 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
| -rw-r--r-- | docs/manual/suexec.xml | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/docs/manual/suexec.xml b/docs/manual/suexec.xml index f78f598f3c..b089e3f1fa 100644 --- a/docs/manual/suexec.xml +++ b/docs/manual/suexec.xml @@ -359,6 +359,21 @@ together with the <code>--enable-suexec</code> option to let APACI accept your request for using the suEXEC feature.</dd> + <dt><code>--enable-suexec-capabilities</code></dt> + + <dd><strong>Linux specific:</strong> Normally, + the <code>suexec</code> binary is installed "setuid/setgid + root", which allows it to run with the full privileges of the + root user. If this option is used, the <code>suexec</code> + binary will instead be installed with only the setuid/setgid + "capability" bits set, which is the subset of full root + priviliges required for suexec operation. Note that + the <code>suexec</code> binary may not be able to write to a log + file in this mode; it is recommended that the + <code>--with-suexec-syslog --without-suexec-logfile</code> + options are used in conjunction with this mode, so that syslog + logging is used instead.</dd> + <dt><code>--with-suexec-bin=<em>PATH</em></code></dt> <dd>The path to the <code>suexec</code> binary must be hard-coded @@ -423,6 +438,12 @@ "<code>suexec_log</code>" and located in your standard logfile directory (<code>--logfiledir</code>).</dd> + <dt><code>--with-suexec-syslog</code></dt> + + <dd>If defined, suexec will log notices and errors to syslog + instead of a logfile. This option must be combined + with <code>--without-suexec-logfile</code>.</dd> + <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt> <dd>Define a safe PATH environment to pass to CGI @@ -544,9 +565,12 @@ Group webgroup <p>The suEXEC wrapper will write log information to the file defined with the <code>--with-suexec-logfile</code> - option as indicated above. If you feel you have configured and - installed the wrapper properly, have a look at this log and the - error_log for the server to see where you may have gone astray.</p> + option as indicated above, or to syslog if <code>--with-suexec-syslog</code> + is used. If you feel you have configured and + installed the wrapper properly, have a look at the log and the + error_log for the server to see where you may have gone astray. + The output of <code>"suexec -V"</code> will show the options + used to compile suexec, if using a binary distribution.</p> </section> |