From: Christophe C. <chr...@pu...> - 2003-12-03 09:14:34
|
Joe Cooper wrote: > I disagree. ;-) In fact I agree with you. Perhaps you read my post too fast, or more probably I'm not writing in plain 'cleartext' english ;-) (Sorry if my English looks like 'encrypted', I'm not a native speaker :) > There is a reason the suexec-docroot option exists, and making it / > nullifies that reason. Security is important on a virtual hosting > system... I agree totally, that's why I wrote this >> A simple work around is to use this ./configure option >> " --with-suexec-docroot=/home \ " >> I think its better than simply use / as docroot. ie I prefer using /home and not / as suexec docroot, just because using / seems stupid to me (it nullify suexec tests). And, in my case, /home/sites/sitexyz will be my virtual hosts, so I must use a common ancestor dir, like /home/sites or /home. > Besides...if you're rebuilding anyway, what difference does it make to > you whether you do: > > --with-suexec-docroot=/var/www,/home That was my point (see my two previous mails). It does compile, but doesnt work for me : the suexec source code in Apache (1.3.26) I got from Debian uses only ONE root for suexec, not two or more. So I got an error in suexec log (when running the Apache I build) "emerg: cannot get docroot information (/var/www,/home)" which comes from this suexec src code: if (((chdir(DOC_ROOT)) != 0) || ((getcwd(dwd, AP_MAXPATH)) == NULL) || ((chdir(cwd)) != 0)) { log_err("emerg: cannot get docroot information (%s)\n", DOC_ROOT); exit(113); The chdir() syscall doesnt like '/var/www,/home' as argument. > or > > --with-suexec-docroot=/ Like you, I don't want to use / for suexec root. But, after some googling, I saw some people telling to do so because of the "only ONE root" problem I got too. As I didnt like that idea, I suggested that the virtualmin doc be upgraded. Perhaps to say that using '/home/' alone solve the problem, and that using '/' is not an option. What do you think of this? > They're both an extra step that is somewhat of a nuisance, but typing a > few extra characters isn't going to kill you. I dont mind typing chars (I dont use the stupid mouse very often in xterms or in ssh :) Are you using a special version of the src code of Apache or suexec, which really allow more than ONE docroot for suexec ? I'd like to stick with Apache 1.3 versions (not the 2.x). Perhaps you know of a patch to apply to the suexec src code included in src code of Apache 1.3.26? Thanks in advance Christophe |