From f467e61903a38cd6a37be8563d508d6a53abecb1 Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Wed, 23 May 2012 22:29:03 +0000
Subject: * docs/manual/: Commit XML for suexec changes + re-transform; thanks
 to nd@.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1342078 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/suexec.xml | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

(limited to 'docs/manual/suexec.xml')

diff --git a/docs/manual/suexec.xml b/docs/manual/suexec.xml
index f78f598f3c..b089e3f1fa 100644
--- a/docs/manual/suexec.xml
+++ b/docs/manual/suexec.xml
@@ -359,6 +359,21 @@
       together with the <code>--enable-suexec</code> option to let
       APACI accept your request for using the suEXEC feature.</dd>
 
+      <dt><code>--enable-suexec-capabilities</code></dt>
+
+      <dd><strong>Linux specific:</strong> Normally,
+      the <code>suexec</code> binary is installed "setuid/setgid
+      root", which allows it to run with the full privileges of the
+      root user.  If this option is used, the <code>suexec</code>
+      binary will instead be installed with only the setuid/setgid
+      "capability" bits set, which is the subset of full root
+      priviliges required for suexec operation.  Note that
+      the <code>suexec</code> binary may not be able to write to a log
+      file in this mode; it is recommended that the
+      <code>--with-suexec-syslog --without-suexec-logfile</code>
+      options are used in conjunction with this mode, so that syslog
+      logging is used instead.</dd>
+
       <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
 
       <dd>The path to the <code>suexec</code> binary must be hard-coded
@@ -423,6 +438,12 @@
       "<code>suexec_log</code>" and located in your standard logfile
       directory (<code>--logfiledir</code>).</dd>
 
+      <dt><code>--with-suexec-syslog</code></dt>
+
+      <dd>If defined, suexec will log notices and errors to syslog
+      instead of a logfile.  This option must be combined
+      with <code>--without-suexec-logfile</code>.</dd>
+
       <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
 
       <dd>Define a safe PATH environment to pass to CGI
@@ -544,9 +565,12 @@ Group webgroup
 
     <p>The suEXEC wrapper will write log information
     to the file defined with the <code>--with-suexec-logfile</code>
-    option as indicated above. If you feel you have configured and
-    installed the wrapper properly, have a look at this log and the
-    error_log for the server to see where you may have gone astray.</p>
+    option as indicated above, or to syslog if <code>--with-suexec-syslog</code>
+    is used. If you feel you have configured and
+    installed the wrapper properly, have a look at the log and the
+    error_log for the server to see where you may have gone astray. 
+    The output of <code>"suexec -V"</code> will show the options
+    used to compile suexec, if using a binary distribution.</p>
 
 </section>
 
-- 
cgit v1.2.3