suexec(8)
NAME
suexec - Switch User For Exec
SYNOPSIS
suexec -V This is a customized version that can be configured with config files in /etc/apache2/suexec. No other synopsis for usage, because this program is otherwise only used internally by the Apache HTTP server.
DESCRIPTION
suexec is the "wrapper" support program for the suexec behaviour for
the Apache HTTP server. It is run from within the server automatically
to switch the user when an external program has to be run under a different user. For more information about suexec in general, see the
online document `Apache suexec Support' on the HTTP server project's
Web site at http://httpd.apache.org/docs/suexec.html .
This version of suexec reads a config file on every execution. Therefore it is a bit slower than the standard suexec version from the
apache2-suexec package.
CONFIGURATION
If suexec is called by a user with name 'username', it will look into
/etc/apache2/suexec/username for configuration. If the file does not
exist, suexec will abort. By creating several config files, you can
allow several different apache run users to use suexec.
The first line in the file is used as the document root (/var/www in
the standard suexec) and the second line in the file is used as the
suffix that is appended to users' home directories (public_html in
standard suexec).
If any of the lines is commented out (with #), suexec will refuse the
corresponding type of request. It is recommended to comment out the
userdir suffix if you don't need it.
SECURITY
Do not set the document root to a path that includes users' home directories (like /home or /var) or directories where users can mount removable media. Doing so would create local security issues. Suexec does
not allow to set the document root to the root directory / .
OPTIONS
- -V Display the list of compile-time settings used when suexec was
- built. No other action is taken.
FILES
/etc/apache2/suexec/www-data
SEE ALSO
- apache2(8), /usr/share/doc/apache2.2-common/README.Debian.gz