Michael Olson wrote: > Adam Chlipala <[EMAIL PROTECTED]> writes: > > >> On fyodor, we have a suexec binary that I compiled manually with a >> broader suexec root that contains all user home directories. This >> is a pretty small program, and the only change needed is to a string >> macro definition in one place. That means that, especially sticking >> with Debian stable and its infrequent updates, it is quite >> reasonable to compile a new suexec every time the underlying package >> source version increases. >> > > Even better, let's go with a custom-compiled Apache Debian package > which contains this modified suexec binary -- I'll re-get the source > and apply the change each time our version of Apache changes. Where > can I find the changed source code? > The change is tiny. It's better to call it configuration than a patch. You just need to modify the macro AP_DOC_ROOT in apache2-2.0.54/upstream/tarballs/httpd-2.0.54/support/suexec.h
The file path comes from what I get when I run apt-get source apache2. I think changing the macro's value to "/" will allow suexec anywhere. "/afs/hcoop.net/usr" is probably the right choice for mire. Can anyone think of something we'll want to suexec that will live outside that tree? This tiny change only affects the suexec binary, so it's not clear to me that it's worth recompiling the whole package. > I'm not sure that we want an suexec-free apache instance, especially > on mire. > I was only suggesting it for deleuze, where we can get by without different security domains for different dynamic content generators. _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
