alt-suexec

Navigation:  Additional Packages >

alt-suexec

Previous pageReturn to chapter overviewNext page

What is alt-suexec package needed for?

 

If you use standard httpd from our repository, but your users' sites do not match standard Apache location of /var/www, then you should use alt-suexec.

alt-suexec package brings suEXEC binaries pre-compiled for specific locations, like /home.

 

How to switch suEXEC with alt-suexec

 

Based on httpd 2.2 basic for 6 and httpd 2.4 basic for CloudLinux 7, the package brings to server a set of suEXECs with different DOCUMENT ROOTs and MIN_UID/MIN_GID parameters. The first set of suEXECs is listed by such modes:

 

# switch_suexec -l

USE_HOME - DOCUMENT ROOT /home/ MIN_UID 500 MIN_GID 100 CALLER apache

USE_WWW - DOCUMENT ROOT /var/www/ MIN_UID 500 MIN_GID 100 CALLER apache

 

The package also brings its own utility for installing specific suEXEC:

 

# switch_suexec -h

 

-l

list of available suexec

-u

update suexec according to /etc/sysconfig/alt-suexec

-s

set new suexec and install it

-p

set new suexec path and install it

-o

set new suexec owners and install it

-r

restore native apache suexec

 

There are two ways to set up new suEXEC binary:

 

1) via config file /etc/sysconfig/alt-suexec

2) via utility switch_suexec

 

Here are the examples of how to set up suEXEC with DOC_ROOT = "/home":

 

1.

 

1) add string "USE_HOME" to /etc/sysconfig/alt-suexec

2) run the command switch_suexec -u

 

2.

 

1) switch_suexec -sUSE_HOME

 

Result of both methods:

 

# cat /etc/sysconfig/alt-suexec

USE_HOME

 

Here is standard suEXEC for CloudLinux 6 clean server:

 

# /usr/sbin/suexec -V

-D AP_DOC_ROOT="/var/www"

-D AP_GID_MIN=100

-D AP_HTTPD_USER="apache"

-D AP_LOG_EXEC="/var/log/httpd/suexec.log"

-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"

-D AP_UID_MIN=500

-D AP_USERDIR_SUFFIX="public_html"

-D AP_SAFE_DIRECTORY="/usr/local/safe-bin"

 

Here is output of new suEXEC after USE_HOME installtion:

 

# /usr/sbin/suexec -V

-D AP_DOC_ROOT="/home/"

-D AP_GID_MIN=100

-D AP_HTTPD_USER="apache"

-D AP_LOG_EXEC="/var/log/httpd/suexec.log"

-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"

-D AP_UID_MIN=500

-D AP_USERDIR_SUFFIX="public_html"

-D AP_SAFE_DIRECTORY="/usr/local/safe-bin"

 

Description of other switch_suexec parameters:

 

-p

if suexec binary file will be placed not in standard way /usr/sbin - specify this new path with p-option

-o

if suexec binary file not owned by root:apache - specify new owner with o-option

 

For most cases -p and -o options for standard Apache are useless.

 

Correct suEXEC will be restored even after httpd update or reinstall.

 

List of pre-built suEXEC binary files stored without suid bit and not executable.

 

How to install alt-suexec?

 

For installation run the command:

 

yum install alt-suexec --enablerepo=cloudlinux-updates-testing

 

New suexec with custom parameters

 

If you need suEXEC with custom parameters absent in current set of alt-suexec, please submit a ticket on https://helpdesk.cloudlinux.com/ and we will add new suEXEC with needed parameters.