Site Navigation

Date:      Sat, 28 Nov 1998 14:26:38 -0600 (CST)
From:      hetzels@westbend.net
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   ports/8883: Apache13-FP Update: The user that suexec expects and the server runs as are not the same.
Message-ID:  <199811282026.OAA00469@www.westbend.net>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         8883
>Category:       ports
>Synopsis:       Suexec expects the server to be running as HTTPD_USER.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 28 12:30:00 PST 1998
>Last-Modified:
>Originator:     Scot W. Hetzel
>Organization:
West Bend Internet
>Release:        FreeBSD 2.2.7-STABLE i386
>Environment:


>Description:

The httpd.conf has the User directive set to user "nobody", but the suexec
program expects the server to be run as user "www".  Even if a different user
is specified for the suexec user, the httpd.conf file is not updated.  Without
these two user names being in sync, the suexec program will not execute.

>How-To-Repeat:

1. Untar the apache v1.3.3 sources.
2. execute ./configure --enable-suexec --suexec-caller=<any user id but nobody>
3. build and install the apache server.
4. check the User directive in the installed httpd.conf file.

>Fix:

The attached fix adds a conf_user variable to the Makefile.tmpl and configure
script.  The configure script also checks if suexec is enabled, and changes
conf_user to the same value as suexec_caller.

updated files (patches/patch-a[a-b]

diff -ruN apache13-fp.orig/patches/patch-aa apache13-fp/patches/patch-aa
--- apache13-fp.orig/patches/patch-aa	Mon Nov  9 19:56:00 1998
+++ apache13-fp/patches/patch-aa	Sat Nov 28 11:33:31 1998
@@ -1,5 +1,27 @@
-*** configure.orig	Thu Sep 17 12:07:53 1998
---- configure	Thu Sep 24 03:57:33 1998
+*** configure.orig	Thu Sep 17 03:07:53 1998
+--- configure	Sat Nov 28 11:33:04 1998
+***************
+*** 810,815 ****
+--- 810,816 ----
+  ##
+  ##  determine special configuration parameters
+  ##
++ conf_user="nobody"
+  conf_group="#-1"
+  conf_port="80"
+  conf_serveradmin="you@your.address"
+***************
+*** 828,833 ****
+--- 829,837 ----
+      conf_serveradmin="`$aux/buildinfo.sh -n %u@%h%d`"
+      conf_servername="`$aux/buildinfo.sh -n %h%d`"
+  fi
++ if [ ".$suexec" = .1 ]; then
++     conf_user="$suexec_caller"
++ fi
+   
+  ##
+  ##  determine prefix-relative paths for directories
 ***************
 *** 870,877 ****
       echo "       DEFAULT_PIDLOG: ${runtimedir_relative}httpd.pid"
@@ -10,7 +32,7 @@
       echo "    TYPES_CONFIG_FILE: ${sysconfdir_relative}mime.types"
       echo "   SERVER_CONFIG_FILE: ${sysconfdir_relative}httpd.conf"
       echo "   ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf"
---- 870,877 ----
+--- 874,881 ----
       echo "       DEFAULT_PIDLOG: ${runtimedir_relative}httpd.pid"
       echo "   DEFAULT_SCOREBOARD: ${runtimedir_relative}httpd.scoreboard"
       echo "     DEFAULT_LOCKFILE: ${runtimedir_relative}httpd.lock"
@@ -20,6 +42,16 @@
       echo "   SERVER_CONFIG_FILE: ${sysconfdir_relative}httpd.conf"
       echo "   ACCESS_CONFIG_FILE: ${sysconfdir_relative}access.conf"
 ***************
+*** 912,917 ****
+--- 916,922 ----
+  -e "s%@suexec_uidmin@%$suexec_uidmin%g" \
+  -e "s%@suexec_gidmin@%$suexec_gidmin%g" \
+  -e "s%@suexec_safepath@%$suexec_safepath%g" \
++ -e "s%@conf_user@%$conf_user%g" \
+  -e "s%@conf_group@%$conf_group%g" \
+  -e "s%@conf_port@%$conf_port%g" \
+  -e "s%@conf_serveradmin@%$conf_serveradmin%g" \
+***************
 *** 935,942 ****
   echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}httpd.pid\"'" >>$src/apaci
   echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}httpd.scoreboard\"'" >>$src/apaci
@@ -29,7 +61,7 @@
   echo "echo '-DTYPES_CONFIG_FILE=\"${sysconfdir_relative}mime.types\"'" >>$src/apaci
   echo "echo '-DSERVER_CONFIG_FILE=\"${sysconfdir_relative}httpd.conf\"'" >>$src/apaci
   echo "echo '-DACCESS_CONFIG_FILE=\"${sysconfdir_relative}access.conf\"'" >>$src/apaci
---- 935,942 ----
+--- 940,947 ----
   echo "echo '-DDEFAULT_PIDLOG=\"${runtimedir_relative}httpd.pid\"'" >>$src/apaci
   echo "echo '-DDEFAULT_SCOREBOARD=\"${runtimedir_relative}httpd.scoreboard\"'" >>$src/apaci
   echo "echo '-DDEFAULT_LOCKFILE=\"${runtimedir_relative}httpd.lock\"'" >>$src/apaci
diff -ruN apache13-fp.orig/patches/patch-ab apache13-fp/patches/patch-ab
--- apache13-fp.orig/patches/patch-ab	Tue Nov 24 21:57:02 1998
+++ apache13-fp/patches/patch-ab	Sat Nov 28 11:03:29 1998
@@ -1,5 +1,5 @@
 *** Makefile.tmpl.orig	Sat Sep 19 07:41:48 1998
---- Makefile.tmpl	Wed Oct 14 19:07:18 1998
+--- Makefile.tmpl	Sat Nov 28 10:30:01 1998
 ***************
 *** 107,112 ****
 --- 107,113 ----
@@ -11,6 +11,16 @@
   libexecdir_relative   = @libexecdir_relative@
   
 ***************
+*** 119,124 ****
+--- 120,126 ----
+  suexec_safepath = @suexec_safepath@
+  
+  #   some substituted configuration parameters
++ conf_user	 = @conf_user@
+  conf_group       = @conf_group@
+  conf_port        = @conf_port@
+  conf_serveradmin = @conf_serveradmin@
+***************
 *** 166,173 ****
   			-DUID_MIN=$(suexec_uidmin) \
   			-DGID_MIN=$(suexec_gidmin) \
@@ -20,7 +30,7 @@
   			-DSAFE_PATH=\"$(suexec_safepath)\" \
   		' \
   		suexec; \
---- 167,174 ----
+--- 168,175 ----
   			-DUID_MIN=$(suexec_uidmin) \
   			-DGID_MIN=$(suexec_gidmin) \
   			-DUSERDIR_SUFFIX=\"$(suexec_userdir)\" \
@@ -40,7 +50,7 @@
   	$(MKDIR) $(root)$(includedir)
   	$(MKDIR) $(root)$(runtimedir)
   	$(MKDIR) $(root)$(logfiledir)
---- 225,233 ----
+--- 226,234 ----
   	$(MKDIR) $(root)$(mandir)/man1
   	$(MKDIR) $(root)$(mandir)/man8
   	$(MKDIR) $(root)$(sysconfdir)
@@ -77,7 +87,7 @@
   	fi
   	@echo "Copying tree $(TOP)/icons/ -> $(root)$(datadir)/icons/"; \
   	(cd $(TOP)/icons/ && $(TAR) cf - *) |\
---- 341,372 ----
+--- 342,373 ----
   #   icons and distributed CGI scripts.
   install-data:
   	@echo "===> [data: Installing initial data files]"
@@ -111,7 +121,7 @@
   	@echo "Copying tree $(TOP)/icons/ -> $(root)$(datadir)/icons/"; \
   	(cd $(TOP)/icons/ && $(TAR) cf - *) |\
 ***************
-*** 378,395 ****
+*** 378,397 ****
   		 echo ""; \
   		 cat $(TOP)/conf/$${conf}-dist ) |\
   		 sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \
@@ -130,7 +140,9 @@
   			-e 's;conf/magic;$(sysconfdir)/magic;' \
   			-e 's;conf/mime.types;$(sysconfdir)/mime.types;' \
   			-e 's;Group #-1;Group $(conf_group);' \
---- 386,405 ----
+  			-e 's;Port 80;Port $(conf_port);' \
+  			-e 's;ServerAdmin you@your.address;ServerAdmin $(conf_serveradmin);' \
+--- 387,409 ----
   		 echo ""; \
   		 cat $(TOP)/conf/$${conf}-dist ) |\
   		 sed -e '/# LoadModule/r $(TOP)/$(SRC)/.apaci.install.conf' \
@@ -150,4 +162,7 @@
 ! 			-e 's;logs/agent_log;$(logfiledir)/httpd-agent.log;' \
   			-e 's;conf/magic;$(sysconfdir)/magic;' \
   			-e 's;conf/mime.types;$(sysconfdir)/mime.types;' \
++ 			-e 's;User nobody;User $(conf_user);' \
   			-e 's;Group #-1;Group $(conf_group);' \
+  			-e 's;Port 80;Port $(conf_port);' \
+  			-e 's;ServerAdmin you@your.address;ServerAdmin $(conf_serveradmin);' \
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811282026.OAA00469>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact