Re: [BugDB] Can't run httpd as non root user with EAPI (PR#196)

[modssl-bugdb]

On Wed, Oct 06, 1999, [EMAIL PROTECTED] wrote:

> > > When apache is compiled with EAPI support and use the MM library,
> > > it is now impossible to start httpd as a non root user because 
> > > the path to the EAPI_MM_CORE_PATH is not runtime configurable. It
> > > is a compile time only option, and if the path specified at compile
> > > time is root writable only, no user can start an httpd process without
> > > recompiling.
> > 
> > Not quite correct. It's a path relative to the server root. So when you start
> > Apache under a user which hasn't access to the compiled-in server root you
> > have to start it with "httpd -d /other/serverroot/" and then the paths become
> > /other/serverroot/logs/mm.*". I would like when the path can be configured
> > with a directive, doubt me. But it cannot be done. Because the shared memory
> > pools have to be available _before_ directives are parsed (to allow modules to
> > store the directive information already into shared memory). That's why I
> > wasn't able and will not be able to implement a "SharedMemoryPath /path/to/mm"
> > directive. Sorry, it's a chicken and egg problem which cannot be solved better
> > IMHO than with "httpd -d".
> 
> But please, could you atleast follow the runtimedir from the layout setup.
> I just got hit by this problem too when trying to make a Debian binary
> package. Now I manually have to patch it to change the default logs/mm 
> dir which is hardcoded in the source.

You don't have to patch the code, of course. Just use
CFLAGS='-DEAPI_MM_CORE_PATH=\"/foo/bar/quux\"' when building.  Additionally
it's not correct that the stuff is hard-coded and should use runtimedir. IT
DOES USE RUNTIMEDIR and the default is adjusted by APACI, of course (from
configure): 

echo "echo '-DEAPI_MM_CORE_PATH=\"${runtimedir_relative}${thetarget}.mm\"'" 
>>$src/apaci

>From mod_ssl 2.4.6 a `httpd -V' will even show you the compiled in path now.
So, sorry, I still have to ask what I should change here.... ?

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]