Rev 2 | Go to most recent revision | Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
1 | madcat | 1 | --- suexec.8.orig 2011-07-12 10:38:14.000000000 +0200 |
2 | +++ suexec.8 2011-07-12 11:33:24.000000000 +0200 |
||
3 | @@ -43,8 +43,12 @@ If suexec is called by a user with name |
||
4 | suexec will abort. By creating several config files, you can allow several |
||
5 | different apache run users to use suexec. |
||
6 | .PP |
||
7 | -The first line in the file is used as the document root (/var/www in the |
||
8 | -standard suexec) and the second line in the file is used as the suffix that is |
||
9 | +The first line in the file is used as the start (the root) of the chroot |
||
10 | +jail environment. If you don't want to use a chroot jail you must put |
||
11 | +"nochroot" on the first line: the chroot command will be ignored. |
||
12 | +.PP |
||
13 | +The second line in the file is used as the document root (/var/www in the |
||
14 | +standard suexec) and the third line in the file is used as the suffix that is |
||
15 | appended to users' home directories (public_html in standard suexec). |
||
16 | .PP |
||
17 | If any of the lines is commented out (with #), suexec will refuse the |
||
18 | --- suexec-custom.c.orig 2011-07-12 10:38:14.000000000 +0200 |
||
19 | +++ suexec-custom.c 2011-07-12 11:32:59.000000000 +0200 |
||
20 | @@ -288,6 +288,7 @@ int main(int argc, char *argv[]) |
||
21 | struct stat dir_info; /* directory info holder */ |
||
22 | struct stat prg_info; /* program info holder */ |
||
23 | int cwdh; /* handle to cwd */ |
||
24 | + char *suexec_chroot = NULL; |
||
25 | char *suexec_docroot = NULL; |
||
26 | char *suexec_userdir_suffix = NULL; |
||
27 | char *filename = NULL; |
||
28 | @@ -382,9 +383,10 @@ int main(int argc, char *argv[]) |
||
29 | * If not, error out. |
||
30 | */ |
||
31 | filename = malloc(AP_MAXPATH+1); |
||
32 | + suexec_chroot = malloc(AP_MAXPATH+1); |
||
33 | suexec_docroot = malloc(AP_MAXPATH+1); |
||
34 | suexec_userdir_suffix = malloc(AP_MAXPATH+1); |
||
35 | - if (!filename || !suexec_docroot || !suexec_userdir_suffix) { |
||
36 | + if (!filename || !suexec_chroot || !suexec_docroot || !suexec_userdir_suffix) { |
||
37 | log_err("malloc failed\n"); |
||
38 | exit(120); |
||
39 | } |
||
40 | @@ -399,6 +401,11 @@ int main(int argc, char *argv[]) |
||
41 | exit(123); |
||
42 | } |
||
43 | |||
44 | + if (!read_line(suexec_chroot, configfile)) { |
||
45 | + log_err("Could not read chroot from %s\n", filename); |
||
46 | + exit(300); |
||
47 | + } |
||
48 | + |
||
49 | if (!read_line(suexec_docroot, configfile)) { |
||
50 | log_err("Could not read docroot from %s\n", filename); |
||
51 | exit(124); |
||
52 | @@ -527,6 +534,15 @@ int main(int argc, char *argv[]) |
||
53 | exit(108); |
||
54 | } |
||
55 | |||
56 | + getcwd(cwd, AP_MAXPATH); |
||
57 | + if (strcmp(suexec_chroot, "nochroot")) { |
||
58 | + if (chroot(suexec_chroot)!=0) { |
||
59 | + log_err("chroot on %s failed!\n", suexec_chroot); |
||
60 | + exit(301); |
||
61 | + }; |
||
62 | + }; |
||
63 | + chdir(cwd); |
||
64 | + |
||
65 | /* |
||
66 | * Change UID/GID here so that the following tests work over NFS. |
||
67 | * |