Chip 2004 November

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2004 November / CMCD1104.ISO / Software / Complet / Apache / apache_2.0.52-win32-x86-no_ssl.msi / Data.Cab / F277750_suexec.xml.ko < prev next >

Wrap

Extensible Markup Language | 2004-07-09 | 19KB | 527 lines

<?xml version="1.0" encoding="EUC-KR" ?> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>   <manualpage metafile="suexec.xml.meta"> <title>suEXEC ┴÷┐°</title> <summary> suEXEC ▒Γ┤╔└║ ╛╞╞──í░í CGI┐═ SSI ╟┴╖╬▒╫╖Ñ└╗ └Ñ╝¡╣÷╕ª ╜╟╟α╟╤ ╗τ┐δ└┌ ID░í ╛╞┤╤ ┤┘╕Ñ ╗τ┐δ└┌ ID╖╬ ╜╟╟α╟╧╡╡╖╧ ╟╤┤┘. ║╕┼δ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╧╕Θ └Ñ╝¡╣÷╕ª ╜╟╟α╟╤ ╗τ┐δ└┌┐═ ░░└║ ╗τ┐δ└┌╖╬ ╜╟╟α╟╤┤┘. └╠ ▒Γ┤╔└╗ └√└²╚≈ ╗τ┐δ╟╧╕Θ ╗τ┐δ└┌░í ┴≈┴ó CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╗ ░│╣▀╟╧░φ ╜╟╟α╟╥╢º ╣▀╗²╟╥ ╝÷ └╓┤┬ ║╕╛╚└º╟Φ└╗ ╗≤┤τ╚≈ ┴┘└╧ ╝÷ └╓┤┘. ▒╫╖»│¬ suEXEC░í ║╬└√└²╟╧░╘ ╝│┴ñ╡╟╕Θ ╕╣└║ ╣«┴ª┐═ ──╟╗┼═┐í ╗⌡╖╬┐ε ║╕╛╚ ╟π┴í└╗ ╕╕╡Θ ╝÷ └╓┤┘. ╕╕╛α setuid root ╟┴╖╬▒╫╖Ñ░· └╠╖▒ ╟┴╖╬▒╫╖Ñ└╟ ║╕╛╚ ╣«┴ª┐í ╗²╝╥╟╧┤┘╕Θ suEXEC╕ª ╗τ┐δ╟╧┴÷╛╩▒µ ┴°╜╔└╕╖╬ ╣┘╢⌡┤┘. </summary> <section id="before"><title>╜├└█╟╧▒Γ └ⁿ┐í</title> ╜├└█╟╧▒Γ └ⁿ┐í ┐∞╝▒ ╛╞╞──í▒╫╖∞░· └╠ ╣«╝¡└╟ ░í┴ñ└╗ ╣α╚∙┤┘. ╕╒└· setuid┐═ setgid ▒Γ┤╔└╠ ░í┤╔╟╤ └»┤╨╜║╖∙ ┐ε┐╡├╝┴ª╕ª ╗τ┐δ╟╤┤┘░φ ░í┴ñ╟╤┤┘. ╕≡╡τ ╕φ╖╔╛ε ┐╣╡Θ╡╡ ░░└║ ░í┴ñ└╗ ╟╤┤┘. suEXEC╕ª ┴÷┐°╟╧┤┬ ┤┘╕Ñ ╟├╖í╞√└╗ ╗τ┐δ╟╧┤┘╕Θ ╝│┴ñ└╠ ┤┘╕ª ╝÷ └╓┤┘. ╡╬╣°┬░, ┤τ╜┼└╠ ──╟╗┼═ ║╕╛╚└╟ ▒Γ║╗ ░││Σ░· ░ⁿ╕«┐í └═╝≈╟╧┤┘░φ ░í┴ñ╟╤┤┘. ┐⌐▒Γ┐í┤┬ setuid/setgid ▒Γ┤╔░· └╠╡Θ└╠ ╜├╜║┼█░· ║╕╛╚┐í ╣╠─í┤┬ ┐⌐╖» ┐╡╟Γ┐í ┤δ╟╤ └╠╟╪░í ╞≈╟╘╡╚┤┘. ╝╝╣°┬░, suEXEC ─┌╡σ└╟ ╝÷┴ñ╟╧┴÷╛╩└║ ╣÷└ⁿ└╗ ╗τ┐δ╟╤┤┘░φ ░í┴ñ╟╤┤┘. ░│╣▀└┌┐═ ┐⌐╖» ║ú┼╕┼╫╜║┼═╡Θ└║ suEXEC┐═ ░ⁿ╖├╡╚ ╕≡╡τ ─┌╡σ╕ª ┴╢╜╔╜║╖┤░╘ ┴╢╗τ╟╧░φ ░╦╗τ╟▀┤┘. ─┌╡σ╕ª ░ú┤▄╟╧░╘ ╟╧░φ ╚«╜╟╟╤ ╛╚└ⁿ└╗ ║╕└σ╟╧▒Γ└º╟╪ ╕≡╡τ ┴╓└╟╕ª ▒Γ┐∩┐┤┤┘. └╠ ─┌╡σ╕ª ╝÷┴ñ╟╧╕Θ ┐╣╗≤─í╕°╟╤ ╣«┴ª┐═ ╗⌡╖╬┐ε ║╕╛╚ └º╟Φ└╠ ╣▀╗²╟╥ ╝÷ └╓┤┘. ║╕╛╚ ╟┴╖╬▒╫╖í╣╓┐í ┤δ╟╪ ╕┼┐∞ └▀ ╛╦░φ ─┌╡σ╕ª ╗∞╞∞║╕▒Γ└º╟╪ ╛╞╞──í▒╫╖∞░· └█╛≈└╗ ░°└»╟╥ └╟╗τ░í ╛°┤┘╕Θ suEXEC ─┌╡σ╕ª ╝÷┴ñ╟╧┴÷╛╩▒µ ░¡╖┬╚≈ ▒╟╟╤┤┘. │╫╣°┬░└╠└┌ ╕╢┴÷╕╖└╕╖╬, ╛╞╞──í▒╫╖∞└║ suEXEC╕ª ╛╞╞──í ▒Γ║╗╝│─í┐í ╞≈╟╘╟╧┴÷ ╛╩▒Γ╖╬ ░ß┴ñ╟▀┤┘. ░ß▒╣ ░ⁿ╕«└┌░í ┴╓└╟╕ª ▒Γ┐∩┐⌐╝¡ suEXEC╕ª ╝│┴ñ╟╪╛▀ ╟╤┤┘. suEXEC└╟ ┐⌐╖» ╝│┴ñ└╗ └▀ ░φ╖┴╟╤╚─ ░ⁿ╕«└┌┤┬ └╧╣▌└√└╬ ╝│─í╣µ╣²└╗ suEXEC╕ª ╝│─í╟╥ ╝÷ └╓┤┘. suEXEC ▒Γ┤╔└╗ ╗τ┐δ╟╧┤┬ ╜├╜║┼█└╟ ║╕╛╚└╗ ├Ñ└╙┴÷┤┬ ░ⁿ╕«└┌┤┬ └╠ ╝│┴ñ░¬╡Θ└╗ ┴╓└╟└╓░╘ ╗∞╞∞║╕░φ ┴÷┴ñ╟╪╛▀ ╟╤┤┘. └╠╖▒ ╗≤╝╝╟╤ ░·┴ñ└║ suEXEC╕ª ╗τ┐δ╟╥╕╕┼¡ ┴╓└╟└╓░φ ┤▄╚ú╟╤ ╗τ╢≈╕╕└╠ suEXEC╕ª ╗τ┐δ╟╧╡╡╖╧ ╛╞╞──í▒╫╖∞└╠ ┐°╟╧▒Γ ╢º╣«└╠┤┘. ╛╞┴≈╡╡ ╗τ┐δ╟╧▒µ ┐°╟╧┤┬░í? ▒╫╖▒░í? ┴┴┤┘. └╠┴ª ╜├└█╟╧└┌! </section> <section id="model"><title>suEXEC ║╕╛╚╕≡╡¿</title> suEXEC╕ª ▒╕╝║╟╧░φ ╝│─í╟╧▒Γ └ⁿ┐í ┐∞╕«┤┬ ║╕╛╚╕≡╡¿└╗ ╕╒└· ╝│╕φ╟╤┤┘. └╠╕ª ┼δ╟╪ ┴ñ╚«╚≈ suEXEC ╛╚┐í╝¡┤┬ ╣½╜╝ └╧└╠ └╧╛ε│¬╕τ ╜├╜║┼█└╟ ║╕╛╚└╗ └º╟╪ ╣½╛∙└╗ ┴╢╜╔╟╪╛▀ ╟╥┴÷ ┤⌡ └▀ └╠╟╪╟╥ ╝÷ └╓┤┘. suEXEC┤┬ ╛╞╞──í └Ñ╝¡╣÷░í ║╬╕ú┤┬ setuid "wrapper" ╟┴╖╬▒╫╖Ñ└╗ ▒Γ╣▌└╕╖╬ ╟╤┤┘. └╠ wrapper┤┬ ░ⁿ╕«└┌░í ┴╓╝¡╣÷┐═ ┤┘╕Ñ userid╖╬ ╜╟╟α╟╧╡╡╖╧ ╝│┴ñ╟╤ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ┐í HTTP ┐Σ├╗└╠ ┐└╕Θ ║╥╕░┤┘. └╠╖▒ ┐Σ├╗└╠ ┐└╕Θ ╛╞╞──í┤┬ suEXEC wrapper┐í░╘ ╟┴╖╬▒╫╖Ñ╕φ░· ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╗τ┐δ└┌┐═ ▒╫╖∞ ID╕ª ┴ª░°╟╤┤┘. ▒╫╖»╕Θ wrapper┤┬ ┤┘└╜ ░·┴ñ└╗ ┼δ╟╪ ╝║░°░· ╜╟╞╨╕ª ░ß┴ñ╟╤┤┘. └╠ ┴╢░╟┴▀ ╟╧│¬╢≤╡╡ ╜╟╞╨╟╧╕Θ ╟┴╖╬▒╫╖Ñ└║ ╜╟╞╨╖╬ ▒Γ╖╧╡╟░φ ┐└╖∙╕ª │╗╕τ ┴╛╖ß╟╤┤┘. ╜╟╞╨╟╧┴÷ ╛╩└╕╕Θ ░·┴ñ└╗ ░Φ╝╙╟╤┤┘: <ol> <li> wrapper╕ª ╜╟╟α╟╧┤┬ ╗τ┐δ└┌░í ╜├╜║┼█└╟ ┴ñ╗≤└√└╬ ╗τ┐δ└┌└╬░í? wrapper╕ª ╜╟╟α╟╧┤┬ ╗τ┐δ└┌░í ╜╟┴ª╖╬ ╜├╜║┼█└╟ ╗τ┐δ└┌└╬┴÷ ╚«└╬╟╤┤┘. </li> <li> └√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«╖╬ wrapper╕ª ╜╟╟α╟╧┤┬░í? wrapper┤┬ └√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«░í └╓╛ε╛▀╕╕ ╜╟╟α╡╚┤┘. ╛╞╞──í └Ñ╝¡╣÷░í └╠ ░│╝÷╕ª ╛╚┤┘. wrapper░í └√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«╕ª ╣▐┴÷╕°╟╧╕Θ ╟╪┼╖╡╟╛·░┼│¬ ╛╞╞──í└╟ suEXEC┐í ╣║░í ╣«┴ª░í └╓┤┬ ░═└╠┤┘. </li> <li> └╠ ╗τ┐δ└┌░í wrapper╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╡╟╛·│¬? └╠ ╗τ┐δ└┌░í wrapper╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╡╟╛·│¬? ┐└┴≈ ╟╤ ╗τ┐δ└┌(╛╞╞──í ╗τ┐δ└┌)╕╕└╠ └╠ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┘. </li> <li> ┴÷┴ñ╟╤ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╠ ╛╚└ⁿ╟╧┴÷╛╩└║ ░Φ├■┬ⁿ┴╢╕ª ░í┴÷┤┬░í? ┴÷┴ñ╟╤ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╠ '/'╖╬ ╜├└█╟╧░┼│¬ ╡▐┬ⁿ┴╢ '..'└╗ ░í┴÷┤┬░í? └╠╡Θ└╗ ╗τ┐δ╟╥ ╝÷ ╛°┤┘. ┴÷┴ñ╟╤ CGI/SSI ╟┴╖╬▒╫╖Ñ└║ suEXEC ╣«╝¡ root (╛╞╖í <code>--with-suexec-docroot=DIR</code> ┬ⁿ░φ) │╗┐í └╓╛ε╛▀ ╟╤┤┘. </li> <li> ┴÷┴ñ╟╤ ╗τ┐δ└┌╕φ└╠ └»╚┐╟╤░í? ┴÷┴ñ╟╤ ╗τ┐δ└┌░í ┴╕└τ╟╧┤┬░í? </li> <li> ┴÷┴ñ╟╤ ▒╫╖∞╕φ└╠ └»╚┐╟╤░í? ┴÷┴ñ╟╤ ▒╫╖∞└╠ ┴╕└τ╟╧┤┬░í? </li> <li> ┴÷┴ñ╟╤ ╗τ┐δ└┌░í superuser░í ╛╞┤╤░í? ╟÷└τ suEXEC┤┬ <code>root</code>░í CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ ╛°╡╡╖╧ ╟╤┤┘. </li> <li> ┴÷┴ñ╟╤ userid░í ├╓╝╥ ID ╝²└┌║╕┤┘ ┼½░í? ╝│┴ñ┐í╝¡ ├╓╝╥ ╗τ┐δ└┌ ID ╝²└┌╕ª ┴÷┴ñ╟╤┤┘. ▒╫╖í╝¡ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ userid└╟ ├╓╝╥─í╕ª ┴÷┴ñ╟╥ ╝÷ └╓┤┘. "╜├╜║┼█┐δ" ░Φ┴ñ└╗ ┴ª┐▄╟╥╢º └»┐δ╟╧┤┘. </li> <li> ┴÷┴ñ╟╤ ▒╫╖∞└╠ superuser ▒╫╖∞└╠ ╛╞┤╤░í? ╟÷└τ suEXEC┤┬ <code>root</code> ▒╫╖∞└╠ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ ╛°╡╡╖╧ ╟╤┤┘. </li> <li> ┴÷┴ñ╟╤ groupid░í ├╓╝╥ ID ╝²└┌║╕┤┘ ┼½░í? ╝│┴ñ┐í╝¡ ├╓╝╥ ▒╫╖∞ ID ╝²└┌╕ª ┴÷┴ñ╟╤┤┘. ▒╫╖í╝¡ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ groupid└╟ ├╓╝╥─í╕ª ┴÷┴ñ╟╥ ╝÷ └╓┤┘. "╜├╜║┼█┐δ" ▒╫╖∞└╗ ┴ª┐▄╟╥╢º └»┐δ╟╧┤┘. </li> <li> wrapper░í ╝║░°└√└╕╖╬ ┴÷┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞└╠ ╡╔ ╝÷ └╓┤┬░í? └╠ ┤▄░Φ┐í╝¡ ╟┴╖╬▒╫╖Ñ└║ setuid┐═ setgid ╚ú├Γ└╗ ╟╧┐⌐ ┴÷┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞└╠ ╡╚┤┘. ╢╟, ▒╫╖∞ ┴ó▒┘╕±╖╧└║ ╗τ┐δ└┌░í ╟╪┤τ╡╚ ╕≡╡τ ▒╫╖∞└╕╖╬ ├╩▒Γ╚¡╡╚┤┘. </li> <li> CGI/SSI ╟┴╖╬▒╫╖Ñ└╠ └╓┤┬ ╡≡╖║┼Σ╕«╖╬ ╡≡╖║┼Σ╕«╕ª ║»░µ╟╥ ╝÷ └╓┤┬░í? ╡≡╖║┼Σ╕«░í ┴╕└τ╟╧┴÷ ╛╩┤┘╕Θ ╞─└╧└╠ └╓└╗ ╝÷ ╛°┤┘. └╠░≈└╕╖╬ ╡≡╖║┼Σ╕«╕ª ║»░µ╟╥ ╝÷ ╛°┤┘╕Θ ╡≡╖║┼Σ╕«┤┬ ┴╕└τ╟╧┴÷ ╛╩└╗ ░═└╠┤┘. </li> <li> ╡≡╖║┼Σ╕«░í ╛╞╞──í └Ñ░°░ú ╛╚┐í └╓┤┬░í? ╝¡╣÷└╟ └╧╣▌└√└╬ ║╬║╨└╗ ┐Σ├╗╟╥ ░µ┐∞ ┐Σ├╗╟╧┤┬ ╡≡╖║┼Σ╕«░í suEXEC ╣«╝¡ root ╛╞╖í └╓┤┬░í? UserDir└╗ ┐Σ├╗╟╥ ░µ┐∞ ┐Σ├╗╟╧┤┬ ╡≡╖║┼Σ╕«░í suEXEC userdir╖╬ ╝│┴ñ╟╤ (<a href="#install">suEXEC ╝│┴ñ ┐╔╝╟</a> ┬ⁿ░φ) ╡≡╖║┼Σ╕« ╛╞╖í┐í └╓┤┬░í? </li> <li> ┤┘╕Ñ ┤⌐▒╕╡╡ ╡≡╖║┼Σ╕«┐í ╛▓▒Γ▒╟╟╤└╠ ╛°┤┬░í? ╡≡╖║┼Σ╕«╕ª ┤┘╕Ñ ╗τ╢≈┐í░╘ ┐¡╛ε╡╬▒µ ┐°╟╧┴÷╛╩┤┬┤┘. ┐└┴≈ ╝╥└»└┌╕╕└╠ ╡≡╖║┼Σ╕« │╗┐δ└╗ ║»░µ╟╥ ╝÷ └╓┤┘. </li> <li> ┴÷┴ñ╟╤ CGI/SSI ╟┴╖╬▒╫╖Ñ└╠ ┴╕└τ╟╧┤┬░í? ┴╕└τ╟╧┴÷╛╩┤┘╕Θ ╜╟╟α╟╥ ╝÷╡╡ ╛°┤┘. </li> <li> ┤┘╕Ñ ┤⌐▒╕╡╡ ┴÷┴ñ╟╤ CGI/SSI ╟┴╖╬▒╫╖Ñ┐í ╛▓▒Γ▒╟╟╤└╠ ╛°┤┬░í? ╝╥└»└┌┐▄ ┤⌐▒╕╡╡ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ║»░µ╟╧▒µ ┐°╟╧┴÷╛╩┤┬┤┘. </li> <li> ┴÷┴ñ╟╤ CGI/SSI ╟┴╖╬▒╫╖Ñ└╠ setuid│¬ setgid░í ╛╞┤╤░í? ┐∞╕«┤┬ ╟┴╖╬▒╫╖Ñ└╠ ┤┘╜├ UID/GID╕ª ║»░µ╟╧▒µ ┐°╟╧┴÷╛╩┤┬┤┘. </li> <li> ┴÷┴ñ╟╤ ╗τ┐δ└┌/▒╫╖∞└╠ ╟┴╖╬▒╫╖Ñ└╟ ╗τ┐δ└┌/▒╫╖∞░· ░░└║░í? ╗τ┐δ└┌░í ╞─└╧└╟ ╝╥└»└┌└╬░í? </li> <li> ╛╚└ⁿ╟╤ ╡┐└█└╗ └º╟╪ ╟┴╖╬╝╝╜║└╟ ╚»░µ║»╝÷╕ª ├╗╝╥╟╥ ╝÷ └╓┤┬░í? suEXEC┤┬ (╝│┴ñ┐í╝¡ ┴ñ└╟╟╤) ╛╚└ⁿ╟╤ ╜╟╟α PATH╕ª └Γ░φ, (└╠░═╡╡ ╝│┴ñ┐í╝¡ ┴ñ└╟) ╛╚└ⁿ╟╤ ╚»░µ║»╝÷ ╕±╖╧┐í ┐¡░┼╡╚ ║»╝÷╕╕ │▓▒Γ░φ ╟┴╖╬╝╝╜║└╟ ╚»░µ║»╝÷╕ª ┴÷┐ε┤┘. </li> <li> ╝║░°└√└╕╖╬ ┴÷┴ñ╟╤ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬░í? ┐⌐▒Γ╝¡ suEXEC░í │í│¬░φ ┴÷┴ñ╟╤ CGI/SSI ╟┴╖╬▒╫╖Ñ└╠ ╜├└█╟╤┤┘. </li> </ol> └╠░═└╠ suEXEC wrapper ║╕╛╚╕≡╡¿└╟ ╟Ñ┴╪ ╡┐└█└╠┤┘. ┤┘╝╥ ╛÷░▌╟╧░φ CGI/SSI ╝│░Φ┐í ╗⌡╖╬┐ε ┴ª╟╤└╠ ╡╟┴÷╕╕, ║╕╛╚└╗ ┐░╡╬┐í ╡╬░φ ╟╤┤▄░Φ╛┐ ┴╢╜╔╜║╖┤░╘ ╕╕╡Θ╛ε┴│┤┘. └╠ ║╕╛╚ ╕≡╡¿└╠ ╝¡╣÷ ╝│┴ñ┐í ╛ε╢▓ ┴ª╟╤└╗ ┴╓┤┬┴÷┐═ └√└²╟╤ suEXEC ╝│┴ñ└╕╖╬ ╛ε╢▓ ║╕╛╚ └º╟Φ└╗ ╟╟╟╥ ╝÷ └╓┤┬┴÷┐í ┤δ╟╪ └╠ ╣«╝¡└╟ <a href="#jabberwock">"┤┘╜├ ╟╤╣° ┴╢╜╔╟╧╢≤"</a> └²└╗ ┬ⁿ░φ╟╧╢≤. </section> <section id="install"><title>suEXEC ▒╕╝║░· ╝│─í</title> └╠┴ª └τ╣╠└╓┤┬ │╗┐δ└╠ ╜├└█╟╤┤┘. suEXEC ▒╕╝║ ┐╔╝╟ <dl> <dt><code>--enable-suexec</code></dt> <dd>└╠ ┐╔╝╟└║ ▒Γ║╗└√└╕╖╬ ╝│─í╡╟░┼│¬ ╚░╝║╚¡╡╟┴÷╛╩┤┬ suEXEC ▒Γ┤╔└╗ ╚░╝║╚¡╟╤┤┘. APACI░í suEXEC╕ª ╣▐╛╞╡Θ└╠╖┴╕Θ <code>--enable-suexec</code> ┐╔╝╟┐▄┐í <code>--with-suexec-xxxxx</code> ┐╔╝╟└╠ ├╓╝╥╟╤ ╟╤░│ ╟╩┐Σ╟╧┤┘.</dd> <dt><code>--with-suexec-bin=PATH</code></dt> <dd><code>suexec</code> ╣┘└╠│╩╕« ░µ╖╬┤┬ ║╕╛╚╗≤ └╠└»╖╬ ╝¡╣÷┐í ▒Γ╖╧╡╟╛▀ ╟╤┤┘. ░µ╖╬ ▒Γ║╗░¬└╗ ╣½╜├╟╧╖┴╕Θ └╠ ┐╔╝╟└╗ ╗τ┐δ╟╤┤┘. ┐╣╕ª ╡Θ╛ε <code>--with-suexec-bin=/usr/sbin/suexec</code></dd> <dt><code>--with-suexec-caller=UID</code></dt> <dd>║╕┼δ ╛╞╞──í╕ª ╜╟╟α╟╧┤┬ <a href="mod/mpm_common.html#user">╗τ┐δ└┌╕φ</a>. ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ └»└╧╟╤ ╗τ┐δ└┌┤┘.</dd> <dt><code>--with-suexec-userdir=DIR</code></dt> <dd>suEXEC ┴ó▒┘└╠ ╟π┐δ╡╟┤┬ ╗τ┐δ└┌ ╚¿╡≡╖║┼Σ╕«└╟ ╟╧└º╡≡╖║┼Σ╕«╕ª ┴÷┴ñ╟╤┤┘. └╠ ╡≡╖║┼Σ╕«┐í └╓┤┬ ╕≡╡τ ╜╟╟α╞─└╧└╗ ╗τ┐δ└┌└╟ suEXEC╖╬ ╜╟╟α╣╟╖╬, ╕≡╡τ ╟┴╖╬▒╫╖Ñ└╠ "╛╚└ⁿ╟╪╛▀" ╟╤┤┘. (┐╣╕ª ╡Θ╛ε, ░¬┐í "*"└╠ ╛°┤┬) "░ú┤▄╟╤" UserDir ┴÷╜├╛ε╕ª ╗τ┐δ╟╤┤┘╕Θ ░░└║ ░¬└╗ ╝│┴ñ╟╪╛▀ ╟╤┤┘. UserDir ┴÷╜├╛ε░í passwd ╞─└╧┐í │¬┐┬ ╗τ┐δ└┌ ╚¿╡≡╖║┼Σ╕«┐═ ┤┘╕ú╕Θ suEXEC┤┬ ┴ñ╗≤└√└╕╖╬ └█╡┐╟╧┴÷ ╛╩┤┬┤┘. ▒Γ║╗░¬└║ "public_html"└╠┤┘. ░í╗≤╚ú╜║╞«╡Θ└╠ ░ó░ó ┤┘╕Ñ UserDir└╗ ╗τ┐δ╟╤┤┘╕Θ ╕≡╡╬ ╟╤ ║╬╕≡ ╡≡╖║┼Σ╕« ╛╚┐í └╓╡╡╖╧ ┴ñ└╟╟╪╛▀ ╟╧░φ, ▒╫ ║╬╕≡ ╡≡╖║┼Σ╕«╕φ└╗ ┐⌐▒Γ └√┤┬┤┘. └╠╖╕░╘ ┴ñ└╟╟╧┴÷ ╛╩└╕╕Θ, "~userdir" cgi ┐Σ├╗└╠ └█╡┐╟╧┴÷ ╛╩┤┬┤┘!</dd> <dt><code>--with-suexec-docroot=DIR</code></dt> <dd>╛╞╞──í└╟ DocumentRoot╕ª ┴ñ└╟╟╤┤┘. └╠┤┬ suEXEC░í ╗τ┐δ╟╥ ╝÷ └╓┤┬ (UserDirs└╗ ┴ª┐▄╟╤) └»└╧╟╤ ░°░ú└╠┤┘. ▒Γ║╗ ╡≡╖║┼Σ╕«┤┬ <code>--datadir</code> ░¬┐í "/htdocs"└╗ ║┘└╬ ░═└╠┤┘. ┐╣╕ª ╡Θ╛ε "<code>--datadir=/home/apache</code>"╖╬ ▒╕╝║╟▀┤┘╕Θ suEXEC wrapper┤┬ document root╖╬ "/home/apache/htdocs" ╡≡╖║┼Σ╕«╕ª ╗τ┐δ╟╤┤┘.</dd> <dt><code>--with-suexec-uidmin=UID</code></dt> <dd>suEXEC┐í╝¡ ┴÷┴ñ░í┤╔╟╤ ╗τ┐δ└┌└╟ ├╓╝╥ UID╕ª ┴ñ└╟╟╤┤┘. ┤δ║╬║╨└╟ ╜├╜║┼█┐í╝¡ 500└╠│¬ 100└╠ └√└²╟╧┤┘. ▒Γ║╗░¬└║ 100└╠┤┘.</dd> <dt><code>--with-suexec-gidmin=GID</code></dt> <dd>suEXEC┐í╝¡ ┴÷┴ñ░í┤╔╟╤ ▒╫╖∞└╟ ├╓╝╥ GID╕ª ┴ñ└╟╟╤┤┘. ┤δ║╬║╨└╟ ╜├╜║┼█┐í╝¡ 100└╠ └√└²╟╧╣╟╖╬ └╠ ░¬└╠ ▒Γ║╗░¬└╠┤┘.</dd> <dt><code>--with-suexec-logfile=FILE</code></dt> <dd>╕≡╡τ suEXEC └█╡┐░· ┐└╖∙╕ª (░¿╜├│¬ ╡≡╣÷▒δ ╕±└√┐í └»┐δ╟╤) ▒Γ╖╧╟╥ ╖╬▒╫╞─└╧╕φ└╗ ┴÷┴ñ╟╤┤┘. ▒Γ║╗└√└╕╖╬ ╖╬▒╫╞─└╧└╟ └╠╕º└║ "suexec_log"└╠░φ ╟Ñ┴╪ ╖╬▒╫╞─└╧ ╡≡╖║┼Σ╕«┐í (<code>--logfiledir</code>) └º─í╟╤┤┘.</dd> <dt><code>--with-suexec-safepath=PATH</code></dt> <dd>CGI ╜╟╟α╞─└╧┐í │╤░▄┴· ╛╚└ⁿ╟╤ PATH ╚»░µ║»╝÷╕ª ┴ñ└╟╟╤┤┘. ▒Γ║╗░¬└║ "/usr/local/bin:/usr/bin:/bin"└╠┤┘.</dd> </dl> suEXEC wrapper╕ª ──╞─└╧╟╧░φ ╝│─í╟╧▒Γ <code>--enable-suexec</code> ┐╔╝╟└╕╖╬ suEXEC ▒Γ┤╔└╗ ░í┤╔╟╧░╘╟╤ ░µ┐∞ <code>make</code> ╕φ╖╔╛ε╕ª ╜╟╟α╟╧╕Θ <code>suexec</code> ╜╟╟α╞─└╧└╠ (╛╞╞──í┐═ ╟╘▓▓) └┌╡┐└╕╖╬ ╕╕╡Θ╛ε┴°┤┘. ╕≡╡τ░═└╗ ──╞─└╧╟╤ ╚─ <code>make install</code> ╕φ╖╔╛ε╕ª ╜╟╟α╟╧┐⌐ ╝│─í╟╥ ╝÷ └╓┤┘. ╣┘└╠│╩╕«╞─└╧ <code>suexec</code>┤┬ <code>--sbindir</code> ┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤ ╡≡╖║┼Σ╕«┐í ╝│─í╡╚┤┘. ▒Γ║╗ └º─í┤┬ "/usr/local/apache2/sbin/suexec"└╠┤┘. ╝│─í ░·┴ñ┐í root ▒╟╟╤└╠ ╟╩┐Σ╟╘└╗ ┴╓└╟╟╧╢≤. wrapper░í ╗τ┐δ└┌ ID╕ª ╝│┴ñ╟╧▒Γ└º╟╪╝¡┤┬ ╝╥└»└┌░í <code>root</code>└╠░φ ╞─└╧╕≡╡σ╖╬ setuserid ╜╟╟α║±╞«░í ╝│┴ñ╡╟╛▀ ╟╤┤┘. ╞φ┴²┴⌡└√└╬ ▒╟╟╤╝│┴ñ suEXEC wrapper┤┬ └┌╜┼└╗ ╜╟╟α╟╤ ╗τ┐δ└┌░í ▒╕╝║ ┐╔╝╟ <code>--with-suexec-caller</code>╖╬ ┴÷┴ñ╟╤ ┐├╣┘╕Ñ ╗τ┐δ└┌└╬┴÷ ╚«└╬└╗ ╟╧┴÷╕╕, └╠ ░╦╗τ └╠└ⁿ┐í suEXEC░í ╗τ┐δ╟╧┤┬ ╜├╜║┼█╚ú├Γ ╚ñ└║ ╢≤└╠║Ω╖»╕« ╟╘╝÷░í ┴╢└█╡╟╛·└╗ ╝÷ └╓┤┘. └╠╕ª ┤δ║±╟╧╕τ └╧╣▌└√└╕╖╬ ┴┴└║ ╜└░ⁿ└╠╣╟╖╬ ┐└┴≈ ╛╞╞──í╕ª ╜╟╟α╟╧┤┬ ▒╫╖∞╕╕└╠ suEXEC╕ª ╜╟╟α╟╥ ╝÷ └╓╡╡╖╧ ╞─└╧╜├╜║┼█ ▒╟╟╤└╗ ┴÷┴ñ╟╪╛▀ ╟╤┤┘. ┐╣╕ª ╡Θ╛ε, └Ñ╝¡╣÷╕ª ┤┘└╜░· ░░└╠ ╝│┴ñ╟╧░φ: <example> User www Group webgroup </example> <code>suexec</code>╕ª "/usr/local/apache2/sbin/suexec"┐í ╝│─í╟╧┐┤┤┘╕Θ, ┤┘└╜└╗ ╜╟╟α╟╪╛▀ ╟╤┤┘: <example> chgrp webgroup /usr/local/apache2/bin/suexec chmod 4750 /usr/local/apache2/bin/suexec </example> ▒╫╖»╕Θ ┐└┴≈ ╛╞╞──í╕ª ╜╟╟α╟╧┤┬ ▒╫╖∞╕╕└╠ suEXEC wrapper╕ª ╜╟╟α╟╥ ╝÷ └╓┤┘. </section> <section id="enable"><title>suEXEC ┼░░φ ▓⌠▒Γ</title> ╛╞╞──í┤┬ ╜├└█╟╥╢º <code>--sbindir</code> ┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤ ╡≡╖║┼Σ╕«┐í╝¡ <code>suexec</code> ╞─└╧└╗ (▒Γ║╗░¬ "/usr/local/apache2/sbin/suexec") ├ú┤┬┤┘. ╛╞╞──í░í ┴ñ╗≤└√└╕╖╬ ▒╕╝║╡╚ suEXEC wrapper╕ª ╣▀░▀╟╧╕Θ ┐└╖∙ ╖╬▒╫(error log)┐í ┤┘└╜░· ░░└╠ ├Γ╖┬╟╤┤┘: <example> [notice] suEXEC mechanism enabled (wrapper: /path/to/suexec) </example> ╝¡╣÷ ╜├└█┴▀┐í └╠╖▒ ╣«▒╕╕ª ╛°┤┘╕Θ ╝¡╣÷┤┬ ▒Γ┤δ╟╤ └σ╝╥┐í╝¡ wrapper ╟┴╖╬▒╫╖Ñ└╗ ├ú┴÷ ╕°╟▀░┼│¬, ╜╟╟α╞─└╧└╠ setuid root╖╬ ╝│─í╡╟┴÷╛╩╛╥▒Γ ╢º╣«└╧ ░═└╠┤┘. ├│└╜└╕╖╬ suEXEC ▒Γ┤╔└╗ ╗τ┐δ╟╧░φ ╜═░φ └╠╣╠ ╛╞╞──í ╝¡╣÷░í ╜╟╟α┴▀└╠╢≤╕Θ, ╛╞╞──í╕ª ┴╫└╠░φ ┤┘╜├ ╜├└█╟╪╛▀ ╟╤┤┘. ░ú┤▄╚≈ HUP└╠│¬ USR1 ╜├▒╫│╬╖╬ └τ╜├└█╟╧┤┬ ░═└╕╖╬┤┬ ├µ║╨╟╧┴÷ ╛╩┤┘. suEXEC╕ª ╛╚╗τ┐δ╟╧╖┴╕Θ <code>suexec</code> ╞─└╧└╗ ┴÷┐ε╚─ ╛╞╞──í╕ª ┴╫└╠░φ └τ╜├└█╟╪╛▀ ╟╤┤┘. </section> <section id="usage"><title>suEXEC ╗τ┐δ╟╧▒Γ</title> CGI ╟┴╖╬▒╫╖Ñ ┐Σ├╗└╟ ░µ┐∞ <directive module="mod_suexec">SuexecUserGroup</directive> ┴÷╜├╛ε╕ª ╗τ┐δ╟╤ ░í╗≤╚ú╜║╞«┐í ┐Σ├╗└╗ ╟╧┐┤░┼│¬ <module>mod_userdir</module>└╠ ┐Σ├╗└╗ ├│╕«╟╧┤┬ ░µ┐∞┐í╕╕ suEXEC wrapper╕ª ╚ú├Γ╟╤┤┘. ░í╗≤╚ú╜║╞«: suEXEC wrapper╕ª ╗τ┐δ╟╧┤┬ ╟╤░í┴÷ ╣µ╣²└║ <directive module="core">VirtualHost</directive> ┴ñ└╟┐í <directive module="mod_suexec">SuexecUserGroup</directive> ┴÷╜├╛ε╕ª ╗τ┐δ╟╧┤┬ ░═└╠┤┘. └╠ ┴÷╜├╛ε╕ª ┴╓╝¡╣÷ ╗τ┐δ└┌ ID┐═ ┤┘╕ú░╘ ╝│┴ñ╟╧╕Θ CGI └┌┐°└╟ ╕≡╡τ ┐Σ├╗└╠ <directive module="core" type="section">VirtualHost</directive>┐í╝¡ ┴÷┴ñ╟╤ User┐═ Group└╕╖╬ ╜╟╟α╡╚┤┘. └╠ ┴÷╜├╛ε╡Θ└╠ <directive module="core" type="section">VirtualHost</directive>┐í ╛°└╕╕Θ ┴╓╝¡╣÷ userid╕ª ╗τ┐δ╟╤┤┘. ╗τ┐δ└┌ ╡≡╖║┼Σ╕«: <module>mod_userdir</module>└╠ ┐Σ├╗└╗ ├│╕«╟╤┤┘╕Θ suEXEC wrapper╕ª ╚ú├Γ╟╧┐⌐, ┐Σ├╗╟╤ ╗τ┐δ└┌ ╡≡╖║┼Σ╕«┐í ╟╪┤τ╟╧┤┬ ╗τ┐δ└┌ ID╖╬ CGI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╤┤┘. └╠ ▒Γ┤╔└╠ ╡┐└█╟╧╖┴╕Θ ╗τ┐δ└┌ ID╖╬ CGI╕ª ╜╟╟α╟╥ ╝÷ └╓░φ ╜║┼⌐╕│╞«░í └º└╟ <a href="#model">║╕╛╚ ░╦╗τ</a> ╟╫╕±└╗ ╕╕┴╖╟╪╛▀ ╟╤┤┘. <a href="#install">▒╕╝║ ┐╔╝╟</a> <code>--with-suexec-userdir</code>└╗ ┬ⁿ░φ╟╧╢≤. </section> <section id="debug"><title>suEXEC ╡≡╣÷▒δ╟╧▒Γ</title> suEXEC wrapper┤┬ ╖╬▒╫ ┴ñ║╕╕ª └º┐í╝¡ ┤┘╖Θ <code>--with-suexec-logfile</code> ┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤ ╞─└╧┐í ╛┤┤┘. wrapper╕ª ┐├╣┘╖╬ ▒╕╝║╟╧░φ ╝│─í╟▀┤┘╕Θ ╛ε╡≡╝¡ └▀╕°╡╟╛·┤┬┴÷ └╠ ╖╬▒╫╞─└╧┐═ ╝¡╣÷└╟ error_log╕ª ╗∞╞∞║┴╢≤. </section> <section id="jabberwock"><title>┤┘╜├ ╟╤╣° ┴╢╜╔╟╧╢≤: ░µ░φ┐═ ┐╣┴ª</title> ┴╓└╟! └╠ ╝╜╝╟└║ ┐╧└ⁿ╟╧┴÷ ╛╩└╗ ╝÷ └╓┤┘. ╛╞╞──í▒╫╖∞└╟ <a href="http://httpd.apache.org/docs-2.0/suexec.html">┐┬╢≤└╬ ╣«╝¡</a>┐í╝¡ └╠ ╣«╝¡└╟ ├╓╜┼╞╟└╗ ┬ⁿ░φ╟╧╢≤. wrapper░í ╝¡╣÷ ╝│┴ñ└╗ ┴ª╛α╟╧┤┬ ╕ε░í┴÷ ╚∩╣╠╖╬┐ε ┴í└╠ └╓┤┘. suEXEC┐═ ░ⁿ╖├╡╚ "╣÷▒╫"╕ª ║╕░φ╟╧▒Γ └ⁿ┐í └╠╡Θ└╗ ╗∞╞∞║╕▒µ ╣┘╢⌡┤┘. <ul> <li>suEXEC ┴ª╛α ╗τ╟╫</li> <li> ╡≡╖║┼Σ╕« ▒╕┴╢ ┴ª╟╤ ║╕╛╚░· ╚┐└▓╝║└╗ └º╟╪ ╕≡╡τ suEXEC ┐Σ├╗└║ ░í╗≤╚ú╜║╞«└╟ ░µ┐∞ ├╓╗≤└º document root ╚ñ└║ userdir ┐Σ├╗└╟ ░µ┐∞ ├╓╗≤└º ░│└╬ document root ╛╚┐í╝¡ ╣▀╗²╟╪╛▀ ╟╤┤┘. ┐╣╕ª ╡Θ╛ε, ░í╗≤╚ú╜║╞« │╫░│╕ª ╝│┴ñ╟▀┤┘╕Θ ░í╗≤╚ú╜║╞«┐í╝¡ suEXEC╕ª └╠┐δ╟╧▒Γ└º╟╪ ░í╗≤╚ú╜║╞«└╟ document root╕ª ┴╓ ╛╞╞──í ╣«╝¡ ░Φ├■▒╕┴╢ ╣█┐í ╝│┴ñ╟╥ ╟╩┐Σ░í └╓┤┘. (┐╣┴ª┤┬ ┤┘└╜┐í.) </li> <li> suEXEC└╟ PATH ╚»░µ║»╝÷ ║»░µ╟╧╕Θ └º╟Φ╟╥ ╝÷ └╓┤┘. ┐⌐▒Γ┐í ╞≈╟╘╟╧┤┬ ╕≡╡τ ░µ╖╬░í ╣╧└╗ ╝÷ └╓┤┬ ╡≡╖║┼Σ╕«└╬┴÷ ╚«└╬╟╧╢≤. └╠ ┴÷▒╕╗≤└╟ ┤⌐▒║░í░í ▒╫░≈┐í └╓┤┬ ╞«╖╬└╠╕±╕╢╕ª ╜╟╟α╟╧▒µ ┐°╟╧┴÷ ╛╩└╗ ░═└╠┤┘. </li> <li> suEXEC ─┌╡σ ╝÷┴ñ╟╧▒Γ ╣▌║╣╟╪╝¡ ╕╗╟╧┴÷╕╕, ┤τ╜┼└╠ ╣½╛∙└╗ ╟╧┤┬┴÷ ╕≡╕ú░φ ╜├╡╡╟╤┤┘╕Θ ┼½ ╣«┴ª░í ╣▀╗²╟╥ ╝÷ └╓┤┘. ╛ε╢▓ ░µ┐∞┐í╡╡ ╝÷┴ñ╟╧┴÷╕╢╢≤. </li> </ul> </section> </manualpage>