00001 /* Copyright 1999-2004 The Apache Software Foundation 00002 * 00003 * Licensed under the Apache License, Version 2.0 (the "License"); 00004 * you may not use this file except in compliance with the License. 00005 * You may obtain a copy of the License at 00006 * 00007 * http://www.apache.org/licenses/LICENSE-2.0 00008 * 00009 * Unless required by applicable law or agreed to in writing, software 00010 * distributed under the License is distributed on an "AS IS" BASIS, 00011 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00012 * See the License for the specific language governing permissions and 00013 * limitations under the License. 00014 */ 00015 00016 /* 00017 * suexec.h -- user-definable variables for the suexec wrapper code. 00018 * (See README.configure on how to customize these variables.) 00019 */ 00020 00021 00022 #ifndef _SUEXEC_H 00023 #define _SUEXEC_H 00024 00025 /* 00026 * Include ap_config_layout so we can work out where the default htdocsdir 00027 * and logsdir are. 00028 */ 00029 #include "ap_config_layout.h" 00030 00031 /* 00032 * HTTPD_USER -- Define as the username under which Apache normally 00033 * runs. This is the only user allowed to execute 00034 * this program. 00035 */ 00036 #ifndef AP_HTTPD_USER 00037 #define AP_HTTPD_USER "apache" 00038 #endif 00039 00040 /* 00041 * HTTPD_GROUP -- Define as the group under which Apache normally 00042 * runs. This is the only user allowed to execute 00043 * this program. 00044 */ 00045 #ifndef AP_HTTPD_GROUP 00046 #define AP_HTTPD_GROUP "apache" 00047 #endif 00048 00049 /* 00050 * UID_MIN -- Define this as the lowest UID allowed to be a target user 00051 * for suEXEC. For most systems, 500 or 100 is common, but 00052 * 99 will include user nobody on RedHat Linux systems. 00053 */ 00054 #ifdef AP_UID_MIN 00055 #undef AP_UID_MIN 00056 #endif 00057 #define AP_UID_MIN 99 00058 00059 /* 00060 * GID_MIN -- Define this as the lowest GID allowed to be a target group 00061 * for suEXEC. For most systems, 100 is common, but 99 will 00062 * include group nobody on RedHat Linux systems. 00063 */ 00064 #ifdef AP_GID_MIN 00065 #undef AP_GID_MIN 00066 #endif 00067 #define AP_GID_MIN 99 00068 00069 /* 00070 * USERDIR_SUFFIX -- Define to be the subdirectory under users' 00071 * home directories where suEXEC access should 00072 * be allowed. All executables under this directory 00073 * will be executable by suEXEC as the user so 00074 * they should be "safe" programs. If you are 00075 * using a "simple" UserDir directive (ie. one 00076 * without a "*" in it) this should be set to 00077 * the same value. suEXEC will not work properly 00078 * in cases where the UserDir directive points to 00079 * a location that is not the same as the user's 00080 * home directory as referenced in the passwd file. 00081 * 00082 * If you have VirtualHosts with a different 00083 * UserDir for each, you will need to define them to 00084 * all reside in one parent directory; then name that 00085 * parent directory here. IF THIS IS NOT DEFINED 00086 * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK! 00087 * See the suEXEC documentation for more detailed 00088 * information. 00089 */ 00090 #ifndef AP_USERDIR_SUFFIX 00091 #define AP_USERDIR_SUFFIX "public_html" 00092 #endif 00093 00094 /* 00095 * LOG_EXEC -- Define this as a filename if you want all suEXEC 00096 * transactions and errors logged for auditing and 00097 * debugging purposes. 00098 */ 00099 #ifndef AP_LOG_EXEC 00100 #define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */ 00101 #endif 00102 00103 /* 00104 * DOC_ROOT -- Define as the DocumentRoot set for Apache. This 00105 * will be the only hierarchy (aside from UserDirs) 00106 * that can be used for suEXEC behavior. 00107 */ 00108 #ifndef AP_DOC_ROOT 00109 #define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR 00110 #endif 00111 00112 /* 00113 * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables. 00114 * 00115 */ 00116 #ifndef AP_SAFE_PATH 00117 #define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin" 00118 #endif 00119 00120 /* 00121 * GRST_EXECMAPDIR -- Location of the gridmapdir-style directory of lock files 00122 * 00123 */ 00124 #define GRST_EXECMAPDIR "/var/www/execmapdir" 00125 00126 #endif /* _SUEXEC_H */