Menu
▾
▴
Re: [webmin-l] Virtualmin and multiple apache suexec-docroot
|
From: Christophe C. <chr...@pu...> - 2003-12-03 09:14:34
|
Joe Cooper wrote:
> I disagree. ;-)
In fact I agree with you. Perhaps you read my post too fast, or
more probably I'm not writing in plain 'cleartext' english ;-)
(Sorry if my English looks like 'encrypted', I'm not a native speaker :)
> There is a reason the suexec-docroot option exists, and making it /
> nullifies that reason. Security is important on a virtual hosting
> system...
I agree totally, that's why I wrote this
>> A simple work around is to use this ./configure option
>> " --with-suexec-docroot=/home \ "
>> I think its better than simply use / as docroot.
ie I prefer using /home and not / as suexec docroot, just because
using / seems stupid to me (it nullify suexec tests).
And, in my case, /home/sites/sitexyz will be my virtual hosts,
so I must use a common ancestor dir, like /home/sites or /home.
> Besides...if you're rebuilding anyway, what difference does it make to
> you whether you do:
>
> --with-suexec-docroot=/var/www,/home
That was my point (see my two previous mails). It does compile, but
doesnt work for me : the suexec source code in Apache (1.3.26) I got
from Debian uses only ONE root for suexec, not two or more.
So I got an error in suexec log (when running the Apache I build)
"emerg: cannot get docroot information (/var/www,/home)"
which comes from this suexec src code:
if (((chdir(DOC_ROOT)) != 0) ||
((getcwd(dwd, AP_MAXPATH)) == NULL) ||
((chdir(cwd)) != 0)) {
log_err("emerg: cannot get docroot information (%s)\n",
DOC_ROOT);
exit(113);
The chdir() syscall doesnt like '/var/www,/home' as argument.
> or
>
> --with-suexec-docroot=/
Like you, I don't want to use / for suexec root. But, after some
googling, I saw some people telling to do so because of
the "only ONE root" problem I got too. As I didnt like that idea,
I suggested that the virtualmin doc be upgraded.
Perhaps to say that using '/home/' alone solve the problem,
and that using '/' is not an option. What do you think of this?
> They're both an extra step that is somewhat of a nuisance, but typing a
> few extra characters isn't going to kill you.
I dont mind typing chars (I dont use the stupid mouse very often
in xterms or in ssh :)
Are you using a special version of the src code of Apache or suexec,
which really allow more than ONE docroot for suexec ?
I'd like to stick with Apache 1.3 versions (not the 2.x).
Perhaps you know of a patch to apply to the suexec src code
included in src code of Apache 1.3.26?
Thanks in advance
Christophe
|