NetBSD Problem Report #42107

From www@NetBSD.org  Mon Sep 21 20:02:26 2009
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id A507963BFE3
	for <gnats-bugs@gnats.netbsd.org>; Mon, 21 Sep 2009 20:02:26 +0000 (UTC)
Message-Id: <20090921200226.79C2863B877@www.NetBSD.org>
Date: Mon, 21 Sep 2009 20:02:26 +0000 (UTC)
From: dl@xiqit.de
Reply-To: dl@xiqit.de
To: gnats-bugs@NetBSD.org
Subject: www/apache22 : Add support for mod_mysuexec in pkgsrc
X-Send-Pr-Version: www-1.0

>Number:         42107
>Category:       pkg
>Synopsis:       www/apache22 : Add support for mod_mysuexec in pkgsrc
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 21 20:05:00 +0000 2009
>Closed-Date:    
>Last-Modified:  Sun Sep 09 21:20:59 +0000 2012
>Originator:     Damian Lubosch
>Release:        NetBSD 5.0
>Organization:
>Environment:
NetBSD pauli.xiqit.de 5.0 NetBSD 5.0 (XEN3_DOM0) #0: Sun Apr 26 06:40:06 UTC 2009  builds@b6.netbsd.org:/home/builds/ab/netbsd-5-0-RELEASE/amd64/200904260229Z-obj/home/builds/ab/netbsd-5-0-RELEASE/src/sys/arch/amd64/compile/XEN3_DOM0 amd64

>Description:
It is possible to have Apache-suexec functionality in a virtual-domains environment within the Apache installation. e.g. the isp hosts webseite for domain www.example.net in /home/example.net/www the suexec ensures that example.net is in /home and its docroot is in www/
First, you have to compile apache with mk.conf:

PKG_OPTIONS.apache+=suexec
APACHE_SUEXEC_DOCROOT=/home

The new thing would be:
APACHE_SUEXEC_USERDIR="www"


Second you need mod_mysuexec.c and mod_suexec.h from http://alain.knaff.lu/howto/PhpSuexec/ 

Therefore, it would be nice to have the last quoted line in /usr/pkgsrc/www/apache22/options.mk: 

APACHE_SUEXEC_CONFIGURE_ARGS+=                                          \
        --with-suexec-bin=${PREFIX}/sbin/suexec                         \
        --with-suexec-caller=${APACHE_USER}                             \
        --with-suexec-safepath='${APACHE_SUEXEC_PATH:Q}'                \
        --with-suexec-docroot=${APACHE_SUEXEC_DOCROOT:Q}                \
        --with-suexec-logfile=${APACHE_SUEXEC_LOGFILE:Q}                \
        --with-suexec-userdir=${APACHE_SUEXEC_USERDIR:Q}

(I hope the syntax for the last line is correct to read the information from mk.conf, I just used www there, to make it work)

Without the suexec-configure-option (here for www) " --with-suexec-userdir=www ", suexec denies access to /home/*/www 


>How-To-Repeat:

>Fix:
I do not know if this is diff-ed correctly - I hope so.

pauli# diff -u options.mk options.mk.new                                       
--- options.mk  2009-09-21 21:53:08.000000000 +0200
+++ options.mk.new      2009-09-21 21:52:51.000000000 +0200
@@ -30,7 +30,8 @@
        --with-suexec-caller=${APACHE_USER}                             \
        --with-suexec-safepath='${APACHE_SUEXEC_PATH:Q}'                \
        --with-suexec-docroot=${APACHE_SUEXEC_DOCROOT:Q}                \
-       --with-suexec-logfile=${APACHE_SUEXEC_LOGFILE:Q}                
+       --with-suexec-logfile=${APACHE_SUEXEC_LOGFILE:Q}                \
+       --with-suexec-userdir=www

 APACHE_MODULES+=        suexec
 CONFIGURE_ARGS+=        ${APACHE_SUEXEC_CONFIGURE_ARGS:M--with-suexec-*}

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 22 May 2011 17:27:41 +0000
State-Changed-Why:
I don't understand what you're trying to do. The default suexec setup in
apache22 supports user dirs already - that's most of the point of suexec.
Can you clarify?


State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 09 Sep 2012 21:01:24 +0000
State-Changed-Why:
The submitter's mail has started bouncing.


State-Changed-From-To: closed->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 09 Sep 2012 21:20:59 +0000
State-Changed-Why:
ok, we think this is actually asking for a way to specify the suexec
userdir, which appears to currently not be possible.



>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.