DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th May 2010
rtwingfield rtwingfield is offline
Real Name: Ron Wingfield
Port Guard
 
Join Date: Oct 2008
Location: Little Rock, AR USA
Posts: 36
Default Missing suEXEC

I have both Apache 2.0 and 2.2 installed on separate systems. I cannot find suEXEC on either system . . .e.g., /usr/local/apache2/bin/suexec. I'm surprised that it's missing? Additionally, there is no mention of suexec in the httpd.conf file. Is this something that needs to be downloaded separately from the Ports? If so, then I'm not finding it? This is a first time need-to-know regarding suexec . . .I just expected it to be there.

Thanks,
RW
Reply With Quote
  #2   (View Single Post)  
Old 9th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Did you select the SUEXEC option? It's off by default.
You can either re-run the configuration by using # make config, or you can use
# make install -DWITH_SUEXEC.
The end results are the same.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 9th May 2010
rtwingfield rtwingfield is offline
Real Name: Ron Wingfield
Port Guard
 
Join Date: Oct 2008
Location: Little Rock, AR USA
Posts: 36
Default

First, thanks for your suggestions.

Perhaps I should ask, "how IS the suEXEC option selected or otherwise turned on? In the (as distributed) httpd.conf file(s), there is no reference to a "LoadModule suexec_module libexec/apache/mod_suexec.so", . . .should there be? (BTW, I do have LoadModules, userdir_module and rewrite_module in the mix.)

As I previously mentioned, I cannot find a binary object for suEXEC on either system . . .e.g., /usr/local/apache2/bin/suexec. (not found with # find / -name suexec -print)

I don't recall a prompt option when I created either v2.0 or 2.2 for optioning suEXEC. When you suggest, "You can either re-run the configuration by using # make config, or you can use
# make install -DWITH_SUEXEC.
", are you implying that (had I known at the time) make install -DWITH_SUEXEC will "automagically" create the (e.g.) ./bin/suexec object, and "turn on" suexec?
Reply With Quote
  #4   (View Single Post)  
Old 9th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

The suexec binary isn't installed because you didn't select the option when you installed the port. So no amount of tinkering with httpd.conf will fix that.

Deinstall the apache port(s), and reinstall them with suexec enabled (Using make config or -DWITH_SUEXEC as mentioned above).
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #5   (View Single Post)  
Old 9th May 2010
rtwingfield rtwingfield is offline
Real Name: Ron Wingfield
Port Guard
 
Join Date: Oct 2008
Location: Little Rock, AR USA
Posts: 36
Default

Ah, yes. Actually, in the interim, I've finally Googled into this url: http://docstore.mik.ua/orelly/linux/apache/ch04_07.htm. It's chapter 4.7. suEXEC on Unix from Apache: The Definitive Guide, Ben Laurie and Peter Laurie, ISBN 1-56592-528-9, Second Edition , published February 1999.

suEXEC is discussed as a subtopic under the CGI. It's interesting to note the authors' comment: "The documentation says that suEXEC is quite deliberately complicated so that "it will only be installed by users determined to use it.". (I find this annoying because my disdain for MS/Windoze is predicated upon the obvious that Microsoft goes to such great lengths to protect the user from him/her self . . .but I digress.)

Admittedly, when I installed Apache (originally, v1.3 and upgraded to v2.0) and later v2.2 on a new box, suEXEC was not on my mind as a needed feature. The entire ./support directory with suexec.h and suexec.c "never made it" into my production environment. In fact, I've found the (forgotten about ) associated version support directories and contents parked in the following directories:
/usr/home/rtwingfield/Apache-2.0.63/httpd-2.0.63/support/suexec.h
and
/usr/ports/www/apache22/work/httpd-2.2.4/support/suexec.h (however, this was not exported to the new box.)
I haven't worked through a working solution . . .yet, but I will share (i.e., post) the solution when I'm successful.

OTTF,
RW

Last edited by rtwingfield; 9th May 2010 at 05:38 PM. Reason: grammar and punctuation
Reply With Quote
  #6   (View Single Post)  
Old 9th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Did you try reinstalling the port with the WITH_SUEXEC option? It looks like you are making things unnecessarily complicated.

A complete solution is probably just one line away:
# cd /usr/ports/www/apache22 && make build deinstall install clean -DWITH_SUEXEC
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #7   (View Single Post)  
Old 11th May 2010
rtwingfield rtwingfield is offline
Real Name: Ron Wingfield
Port Guard
 
Join Date: Oct 2008
Location: Little Rock, AR USA
Posts: 36
Default

I have tried the "make build deinstall install clean -DWITH_SUEXEC" and the suexec (binary) module is not created or incorporated in the mix.

I have found a /usr/ports/www/apache22/Makefile.options file that contains a list of enable switches for various mods. The last two mods address SUEXEC and CGID. These two were defaulted to OFF, and I have changed the same to ON (as follows):

OPTIONS+= \
AUTH_BASIC "Enable mod_auth_basic" ON \
~
~ (et.al.)
~
SSL "Enable mod_ssl" ON \
SUEXEC "Enable mod_suexec" ON \
CGID "Enable mod_cgid" ON \


Apparently (from what I've read), the Makefile.options file is a repository for specifying inclusion of various mods such as SUEXEC, in a list, rather than having to specify (for example) -DWITH_SUEXEC on the submitted command line. (QUESTION: Regarding the latter scenario, what is the significance of the -D . . .I can't find any help or man information regarding the switch(s).)

It appears that the make process is ignoring the directives in the Makefile.options file. QUESTION: How is the make process instructed to use the Makefile.options file. Makefile.doc contains the following comment:
## Available knobs:
## WITHOUT_APACHE_OPTIONS:
## Don't use OPTIONS and will allow you to use
## those knobs directly to select modules.
## Knobs with (*) are working only if
## WITHOUT_APACHE_OPTIONS is defined.
QUESTIONS: Is "WITHOUT_APACHE_OPTIONS" to be specified somewhere as WITH or WITHOUT? If so, then what is the command syntax?

I can't find a clear read of the purpose of, or otherwise how to use knobs (The last time I wrote a major project Makefile was late 1980's or early '90's . . .and that was on SVR3 AT&T Unix running on a NCR Motoroloa 68000 processor); regardless, "knobs is knew" to me . Googling around, all I can find is tutorials on how to write Makefiles . . .not how to specify syntax for using, i.e., including the Makefile.options file.
Reply With Quote
  #8   (View Single Post)  
Old 11th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

hmm, the apache port behaves in mysterious ways, appearently the -DWITH_SUEXEC option has no effect (!!).
However, using # make config and selecting the SUEXEC option works (tested).

You can view currently selected optins with # make showconfig.

Also make sure you run a make clean after changing options. This clears out the build tree, the FreeBSD port system remembers which build targets have been competed and skips those if you use the same build tree again, which can be a problem if you change options.

Quote:
I have found a /usr/ports/www/apache22/Makefile.options file that contains a list of enable switches for various mods. The last two mods address SUEXEC and CGID. These two were defaulted to OFF, and I have changed the same to ON (as follows):
You should use # make config for that instead of hacking the Makefile. It does exactly the same thing and saves the options in /var/db/ports/apache22/options

Quote:
(QUESTION: Regarding the latter scenario, what is the significance of the -D . . .I can't find any help or man information regarding the switch(s).)
From make(1):
Code:
     -D variable
             Define variable to be 1, in the global context.
It's the same as using WITH_SUEXEC=yes
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #9   (View Single Post)  
Old 13th May 2010
rtwingfield rtwingfield is offline
Real Name: Ron Wingfield
Port Guard
 
Join Date: Oct 2008
Location: Little Rock, AR USA
Posts: 36
Default

Yes! Thanks to your suggestion:
Quote:
using # make config and selecting the SUEXEC option works (tested)
. . . .does work for me, too. I must confess that "make config" was off my radar. (I'm an old command-line unix user.)

FYI, I've moved on to implementing Apache v2.2's httpd.conf file with the ./extra/includes. (My current httpd.conf evolved from v1.3 and is running on a v2.0 platform.) I'm moving slowly with this while looking for subtle nuances, new features, etc. in the v22 distribution examples. Notably, the eleven .conf files. For anyone interested, I've attached a PDF object relationship chart of configuration objects (rather simple, but this sort of chart helps me keep things sorted ).
Attached Files
File Type: pdf v22_httpd.conf.pdf (6.3 KB, 89 views)

Last edited by rtwingfield; 14th May 2010 at 07:35 PM. Reason: Updated attached PDF.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
powersurge - missing mbr? knasbas OpenBSD General 12 6th December 2009 09:59 PM
sys.tar.gz missing from 3rd CD in 4.5? thirdm OpenBSD Installation and Upgrading 0 5th May 2009 03:25 PM
Disk space gone missing EricM FreeBSD General 0 26th February 2009 02:25 AM
Update from 6.3 to 7.0 (libs missing etc.) Calderon FreeBSD Installation and Upgrading 16 17th May 2008 09:03 PM


All times are GMT. The time now is 11:02 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick