|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/**
|
|
Packit |
90a5c9 |
* @file suexec.h
|
|
Packit |
90a5c9 |
* @brief user-definable variables for the suexec wrapper code.
|
|
Packit |
90a5c9 |
* (See README.configure on how to customize these variables.)
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifndef _SUEXEC_H
|
|
Packit |
90a5c9 |
#define _SUEXEC_H
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Include ap_config_layout so we can work out where the default htdocsdir
|
|
Packit |
90a5c9 |
* and logsdir are.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#include "ap_config_layout.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* HTTPD_USER -- Define as the username under which Apache normally
|
|
Packit |
90a5c9 |
* runs. This is the only user allowed to execute
|
|
Packit |
90a5c9 |
* this program.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_HTTPD_USER
|
|
Packit |
90a5c9 |
#define AP_HTTPD_USER "www"
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* UID_MIN -- Define this as the lowest UID allowed to be a target user
|
|
Packit |
90a5c9 |
* for suEXEC. For most systems, 500 or 100 is common.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_UID_MIN
|
|
Packit |
90a5c9 |
#define AP_UID_MIN 100
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* GID_MIN -- Define this as the lowest GID allowed to be a target group
|
|
Packit |
90a5c9 |
* for suEXEC. For most systems, 100 is common.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_GID_MIN
|
|
Packit |
90a5c9 |
#define AP_GID_MIN 100
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* USERDIR_SUFFIX -- Define to be the subdirectory under users'
|
|
Packit |
90a5c9 |
* home directories where suEXEC access should
|
|
Packit |
90a5c9 |
* be allowed. All executables under this directory
|
|
Packit |
90a5c9 |
* will be executable by suEXEC as the user so
|
|
Packit |
90a5c9 |
* they should be "safe" programs. If you are
|
|
Packit |
90a5c9 |
* using a "simple" UserDir directive (ie. one
|
|
Packit |
90a5c9 |
* without a "*" in it) this should be set to
|
|
Packit |
90a5c9 |
* the same value. suEXEC will not work properly
|
|
Packit |
90a5c9 |
* in cases where the UserDir directive points to
|
|
Packit |
90a5c9 |
* a location that is not the same as the user's
|
|
Packit |
90a5c9 |
* home directory as referenced in the passwd file.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* If you have VirtualHosts with a different
|
|
Packit |
90a5c9 |
* UserDir for each, you will need to define them to
|
|
Packit |
90a5c9 |
* all reside in one parent directory; then name that
|
|
Packit |
90a5c9 |
* parent directory here. IF THIS IS NOT DEFINED
|
|
Packit |
90a5c9 |
* PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
|
|
Packit |
90a5c9 |
* See the suEXEC documentation for more detailed
|
|
Packit |
90a5c9 |
* information.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_USERDIR_SUFFIX
|
|
Packit |
90a5c9 |
#define AP_USERDIR_SUFFIX "public_html"
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* LOG_EXEC -- Define this as a filename if you want all suEXEC
|
|
Packit |
90a5c9 |
* transactions and errors logged for auditing and
|
|
Packit |
90a5c9 |
* debugging purposes.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_LOG_EXEC
|
|
Packit |
90a5c9 |
#define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* DOC_ROOT -- Define as the DocumentRoot set for Apache. This
|
|
Packit |
90a5c9 |
* will be the only hierarchy (aside from UserDirs)
|
|
Packit |
90a5c9 |
* that can be used for suEXEC behavior.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_DOC_ROOT
|
|
Packit |
90a5c9 |
#define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifndef AP_SAFE_PATH
|
|
Packit |
90a5c9 |
#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#endif /* _SUEXEC_H */
|