Hello list,
I've added an extra option to mod_fcgid to turn off the suexec stuff. It's
useful if you want to run the apache as non-root user and you need the speed
of mod_fcgid.
The default value is - of course - 0. The configuration line is very simple:
[...Other Fcgid options...]
FcgidDisableSuexecCheck 1
[...]
Comments are welcome. Please feel free to include this patch in the next
release.
--
So long... Erik
diff -ru mod_fcgid-2.3.5-orig/modules/fcgid/fcgid_conf.c mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/fcgid_conf.c
--- mod_fcgid-2.3.5-orig/modules/fcgid/fcgid_conf.c 2009-12-15 15:53:55.000000000 +0100
+++ mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/fcgid_conf.c 2010-05-29 15:34:16.965067874 +0200
@@ -56,6 +56,7 @@
#define DEFAULT_MAX_MEM_REQUEST_LEN (1024*64) /* 64k */
#define DEFAULT_WRAPPER_KEY "ALL"
#define WRAPPER_FLAG_VIRTUAL "virtual"
+#define DEFAULT_DISABLE_SUEXEC_CHECK 0
void *create_fcgid_server_config(apr_pool_t * p, server_rec * s)
{
@@ -93,6 +94,7 @@
config->busy_timeout = DEFAULT_BUSY_TIMEOUT;
config->idle_timeout = DEFAULT_IDLE_TIMEOUT;
config->proc_lifetime = DEFAULT_PROC_LIFETIME;
+ config->disable_suexec_check = DEFAULT_DISABLE_SUEXEC_CHECK;
return config;
}
@@ -1098,3 +1100,23 @@
cmdopts->cmdenv = NULL;
}
+
+const char *set_disable_suexec_check(cmd_parms * cmd, void *dummy,
+ int arg)
+{
+ fcgid_server_conf *config =
+ ap_get_module_config(cmd->server->module_config, &fcgid_module);;
+
+ config->disable_suexec_check = arg;
+ return NULL;
+}
+
+int get_disable_suexec_check(server_rec * s)
+{
+ fcgid_server_conf *config =
+ ap_get_module_config(s->module_config, &fcgid_module);
+
+ return config ? config->disable_suexec_check : DEFAULT_DISABLE_SUEXEC_CHECK;
+}
+
+
diff -ru mod_fcgid-2.3.5-orig/modules/fcgid/fcgid_conf.h mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/fcgid_conf.h
--- mod_fcgid-2.3.5-orig/modules/fcgid/fcgid_conf.h 2010-01-21 18:46:49.000000000 +0100
+++ mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/fcgid_conf.h 2010-05-29 15:39:28.473063753 +0200
@@ -104,6 +104,7 @@
int idle_timeout_set;
int proc_lifetime;
int proc_lifetime_set;
+ int disable_suexec_check;
} fcgid_server_conf;
typedef struct {
@@ -261,6 +262,10 @@
void get_cmd_options(request_rec *r, const char *cmdpath,
fcgid_cmd_options *cmdopts, fcgid_cmd_env *cmdenv);
+const char *set_disable_suexec_check(cmd_parms * cmd, void *dummy,
+ int arg);
+int get_disable_suexec_check(server_rec * s);
+
AP_MODULE_DECLARE_DATA extern module fcgid_module;
#endif
diff -ru mod_fcgid-2.3.5-orig/modules/fcgid/fcgid_pm_unix.c mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/fcgid_pm_unix.c
--- mod_fcgid-2.3.5-orig/modules/fcgid/fcgid_pm_unix.c 2010-01-20 19:49:19.000000000 +0100
+++ mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/fcgid_pm_unix.c 2010-05-29 15:34:15.941063604 +0200
@@ -247,7 +247,7 @@
}
/* if running as root, switch to configured user */
- if (ap_unixd_config.suexec_enabled) {
+ if (!get_disable_suexec_check(main_server) && unixd_config.suexec_enabled) {
if (getuid() != 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, main_server,
"mod_fcgid: current user is not root while suexec is enabled, exiting now");
diff -ru mod_fcgid-2.3.5-orig/modules/fcgid/mod_fcgid.c mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/mod_fcgid.c
--- mod_fcgid-2.3.5-orig/modules/fcgid/mod_fcgid.c 2010-01-21 16:12:25.000000000 +0100
+++ mod_fcgid-2.3.5-disable_suexec_check/modules/fcgid/mod_fcgid.c 2010-05-29 21:05:12.769813719 +0200
@@ -957,6 +957,10 @@
AP_INIT_TAKE1("ZombieScanInterval", set_zombie_scan_interval, NULL,
RSRC_CONF,
"Deprecated - Use 'FcgidZombieScanInterval' instead"),
+ AP_INIT_FLAG("FcgidDisableSuexecCheck",
+ set_disable_suexec_check, NULL,
+ RSRC_CONF,
+ "Set 1, if you want to disable the suexec check (default = 0)"),
{NULL}
};
