home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World 2004 May
/
PCWorld_2004-05_cd.bin
/
komunikace
/
apache
/
apache_2.0.48-win32-x86-no_ssl.msi
/
Data.Cab
/
F252277_suexec.xml.ko
< prev
next >
Wrap
Extensible Markup Language
|
2003-05-10
|
17KB
|
482 lines
<?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
<!-- English revision: 1.3.2.3 -->
<manualpage metafile="suexec.xml.meta">
<title>suEXEC ┴÷┐°</title>
<summary>
<p><strong>suEXEC</strong> ▒Γ┤╔└║ ╛╞╞──í░í <strong>CGI</strong>┐═
<strong>SSI</strong> ╟┴╖╬▒╫╖Ñ└╗ └Ñ╝¡╣÷╕ª ╜╟╟α╟╤ ╗τ┐δ└┌ ID░í
╛╞┤╤ ┤┘╕Ñ ╗τ┐δ└┌ ID╖╬ ╜╟╟α╟╧╡╡╖╧ ╟╤┤┘. ║╕┼δ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╗
╜╟╟α╟╧╕Θ └Ñ╝¡╣÷╕ª ╜╟╟α╟╤ ╗τ┐δ└┌┐═ ░░└║ ╗τ┐δ└┌╖╬ ╜╟╟α╟╤┤┘.</p>
<p>└╠ ▒Γ┤╔└╗ └√└²╚≈ ╗τ┐δ╟╧╕Θ ╗τ┐δ└┌░í ┴≈┴ó CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╗
░│╣▀╟╧░φ ╜╟╟α╟╥╢º ╣▀╗²╟╥ ╝÷ └╓┤┬ ║╕╛╚└º╟Φ└╗ ╗≤┤τ╚≈ ┴┘└╧
╝÷ └╓┤┘. ▒╫╖»│¬ suEXEC░í ║╬└√└²╟╧░╘ ╝│┴ñ╡╟╕Θ ╕╣└║ ╣«┴ª┐═
──╟╗┼═┐í ╗⌡╖╬┐ε ║╕╛╚ ╟π┴í└╗ ╕╕╡Θ ╝÷ └╓┤┘. ╕╕╛α setuid root
╟┴╖╬▒╫╖Ñ░· └╠╖▒ ╟┴╖╬▒╫╖Ñ└╟ ║╕╛╚ ╣«┴ª┐í ╗²╝╥╟╧┤┘╕Θ suEXEC╕ª
╗τ┐δ╟╧┴÷╛╩▒µ ┴°╜╔└╕╖╬ ╣┘╢⌡┤┘.</p>
</summary>
<section id="before"><title>╜├└█╟╧▒Γ └ⁿ┐í</title>
<p>╜├└█╟╧▒Γ └ⁿ┐í ┐∞╝▒ ╛╞╞──í▒╫╖∞░· └╠ ╣«╝¡└╟ ░í┴ñ└╗ ╣α╚∙┤┘.</p>
<p>╕╒└· <strong>setuid</strong>┐═ <strong>setgid</strong>
▒Γ┤╔└╠ ░í┤╔╟╤ └»┤╨╜║╖∙ ┐ε┐╡├╝┴ª╕ª ╗τ┐δ╟╤┤┘░φ ░í┴ñ╟╤┤┘. ╕≡╡τ
╕φ╖╔╛ε ┐╣╡Θ╡╡ ░░└║ ░í┴ñ└╗ ╟╤┤┘. suEXEC╕ª ┴÷┐°╟╧┤┬ ┤┘╕Ñ ╟├╖í╞√└╗
╗τ┐δ╟╧┤┘╕Θ ╝│┴ñ└╠ ┤┘╕ª ╝÷ └╓┤┘.</p>
<p>╡╬╣°┬░, ┤τ╜┼└╠ ──╟╗┼═ ║╕╛╚└╟ ▒Γ║╗ ░││Σ░· ░ⁿ╕«┐í └═╝≈╟╧┤┘░φ
░í┴ñ╟╤┤┘. ┐⌐▒Γ┐í┤┬ <strong>setuid/setgid</strong> ▒Γ┤╔░·
└╠╡Θ└╠ ╜├╜║┼█░· ║╕╛╚┐í ╣╠─í┤┬ ┐⌐╖» ┐╡╟Γ┐í ┤δ╟╤ └╠╟╪░í ╞≈╟╘╡╚┤┘.</p>
<p>╝╝╣°┬░, suEXEC ─┌╡σ└╟ <strong>╝÷┴ñ╟╧┴÷╛╩└║</strong>
╣÷└ⁿ└╗ ╗τ┐δ╟╤┤┘░φ ░í┴ñ╟╤┤┘. ░│╣▀└┌┐═ ┐⌐╖» ║ú┼╕┼╫╜║┼═╡Θ└║
suEXEC┐═ ░ⁿ╖├╡╚ ╕≡╡τ ─┌╡σ╕ª ┴╢╜╔╜║╖┤░╘ ┴╢╗τ╟╧░φ ░╦╗τ╟▀┤┘.
─┌╡σ╕ª ░ú┤▄╟╧░╘ ╟╧░φ ╚«╜╟╟╤ ╛╚└ⁿ└╗ ║╕└σ╟╧▒Γ└º╟╪ ╕≡╡τ ┴╓└╟╕ª
▒Γ┐∩┐┤┤┘. └╠ ─┌╡σ╕ª ╝÷┴ñ╟╧╕Θ ┐╣╗≤─í╕°╟╤ ╣«┴ª┐═ ╗⌡╖╬┐ε ║╕╛╚
└º╟Φ└╠ ╣▀╗²╟╥ ╝÷ └╓┤┘. ║╕╛╚ ╟┴╖╬▒╫╖í╣╓┐í ┤δ╟╪ ╕┼┐∞ └▀ ╛╦░φ
─┌╡σ╕ª ╗∞╞∞║╕▒Γ└º╟╪ ╛╞╞──í▒╫╖∞░· └█╛≈└╗ ░°└»╟╥ └╟╗τ░í ╛°┤┘╕Θ
suEXEC ─┌╡σ╕ª ╝÷┴ñ╟╧┴÷╛╩▒µ <strong>░¡╖┬╚≈</strong> ▒╟╟╤┤┘.</p>
<p>│╫╣°┬░└╠└┌ ╕╢┴÷╕╖└╕╖╬, ╛╞╞──í▒╫╖∞└║ suEXEC╕ª ╛╞╞──í
▒Γ║╗╝│─í┐í ╞≈╟╘╟╧┴÷ <strong>╛╩▒Γ╖╬</strong> ░ß┴ñ╟▀┤┘. ░ß▒╣
░ⁿ╕«└┌░í ┴╓└╟╕ª ▒Γ┐∩┐⌐╝¡ suEXEC╕ª ╝│┴ñ╟╪╛▀ ╟╤┤┘. suEXEC└╟
┐⌐╖» ╝│┴ñ└╗ └▀ ░φ╖┴╟╤╚─ ░ⁿ╕«└┌┤┬ └╧╣▌└√└╬ ╝│─í╣µ╣²└╗ suEXEC╕ª
╝│─í╟╥ ╝÷ └╓┤┘. suEXEC ▒Γ┤╔└╗ ╗τ┐δ╟╧┤┬ ╜├╜║┼█└╟ ║╕╛╚└╗ ├Ñ└╙┴÷┤┬
░ⁿ╕«└┌┤┬ └╠ ╝│┴ñ░¬╡Θ└╗ ┴╓└╟└╓░╘ ╗∞╞∞║╕░φ ┴÷┴ñ╟╪╛▀ ╟╤┤┘.
└╠╖▒ ╗≤╝╝╟╤ ░·┴ñ└║ suEXEC╕ª ╗τ┐δ╟╥╕╕┼¡ ┴╓└╟└╓░φ ┤▄╚ú╟╤
╗τ╢≈╕╕└╠ suEXEC╕ª ╗τ┐δ╟╧╡╡╖╧ ╛╞╞──í▒╫╖∞└╠ ┐°╟╧▒Γ ╢º╣«└╠┤┘.</p>
<p>╛╞┴≈╡╡ ╗τ┐δ╟╧▒µ ┐°╟╧┤┬░í? ▒╫╖▒░í? ┴┴┤┘. └╠┴ª ╜├└█╟╧└┌!</p>
</section>
<section id="model"><title>suEXEC ║╕╛╚╕≡╡¿</title>
<p>suEXEC╕ª ▒╕╝║╟╧░φ ╝│─í╟╧▒Γ └ⁿ┐í ┐∞╕«┤┬ ║╕╛╚╕≡╡¿└╗ ╕╒└·
╝│╕φ╟╤┤┘. └╠╕ª ┼δ╟╪ ┴ñ╚«╚≈ suEXEC ╛╚┐í╝¡┤┬ ╣½╜╝ └╧└╠ └╧╛ε│¬╕τ
╜├╜║┼█└╟ ║╕╛╚└╗ └º╟╪ ╣½╛∙└╗ ┴╢╜╔╟╪╛▀ ╟╥┴÷ ┤⌡ └▀ └╠╟╪╟╥ ╝÷
└╓┤┘.</p>
<p><strong>suEXEC</strong>┤┬ ╛╞╞──í └Ñ╝¡╣÷░í ║╬╕ú┤┬ setuid
"wrapper" ╟┴╖╬▒╫╖Ñ└╗ ▒Γ╣▌└╕╖╬ ╟╤┤┘. └╠ wrapper┤┬ ░ⁿ╕«└┌░í
┴╓╝¡╣÷┐═ ┤┘╕Ñ userid╖╬ ╜╟╟α╟╧╡╡╖╧ ╝│┴ñ╟╤ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ┐í
HTTP ┐Σ├╗└╠ ┐└╕Θ ║╥╕░┤┘. └╠╖▒ ┐Σ├╗└╠ ┐└╕Θ ╛╞╞──í┤┬ suEXEC
wrapper┐í░╘ ╟┴╖╬▒╫╖Ñ╕φ░· ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╗τ┐δ└┌┐═ ▒╫╖∞
ID╕ª ┴ª░°╟╤┤┘.</p>
<p>▒╫╖»╕Θ wrapper┤┬ ┤┘└╜ ░·┴ñ└╗ ┼δ╟╪ ╝║░°░· ╜╟╞╨╕ª ░ß┴ñ╟╤┤┘.
└╠ ┴╢░╟┴▀ ╟╧│¬╢≤╡╡ ╜╟╞╨╟╧╕Θ ╟┴╖╬▒╫╖Ñ└║ ╜╟╞╨╖╬ ▒Γ╖╧╡╟░φ ┐└╖∙╕ª
│╗╕τ ┴╛╖ß╟╤┤┘. ╜╟╞╨╟╧┴÷ ╛╩└╕╕Θ ░·┴ñ└╗ ░Φ╝╙╟╤┤┘:</p>
<ol>
<li>
<strong>└√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«╖╬ wrapper╕ª ╜╟╟α╟╧┤┬░í?</strong>
<p class="indent">
wrapper┤┬ └√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«░í └╓╛ε╛▀╕╕ ╜╟╟α╡╚┤┘.
╛╞╞──í └Ñ╝¡╣÷░í └╠ ░│╝÷╕ª ╛╚┤┘. wrapper░í └√└²╟╤ ╝÷└╟
╛╞▒╘╕╒╞«╕ª ╣▐┴÷╕°╟╧╕Θ ╟╪┼╖╡╟╛·░┼│¬ ╛╞╞──í└╟ suEXEC┐í
╣║░í ╣«┴ª░í └╓┤┬ ░═└╠┤┘.
</p>
</li>
<li>
<strong>wrapper╕ª ╜╟╟α╟╧┤┬ ╗τ┐δ└┌░í ╜├╜║┼█└╟ ┴ñ╗≤└√└╬
╗τ┐δ└┌└╬░í?</strong>
<p class="indent">
wrapper╕ª ╜╟╟α╟╧┤┬ ╗τ┐δ└┌░í ╜╟┴ª╖╬ ╜├╜║┼█└╟ ╗τ┐δ└┌└╬┴÷
╚«└╬╟╤┤┘.
</p>
</li>
<li>
<strong>└╠ ╗τ┐δ└┌░í wrapper╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╡╟╛·│¬?</strong>
<p class="indent">
└╠ ╗τ┐δ└┌░í wrapper╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╡╟╛·│¬? ┐└┴≈
╟╤ ╗τ┐δ└┌(╛╞╞──í ╗τ┐δ└┌)╕╕└╠ └╠ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥
╝÷ └╓┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ ╛╚└ⁿ╟╧┴÷╛╩└║ ░Φ├■┬ⁿ┴╢╕ª ░í┴÷┤┬░í?</strong>
<p class="indent">
┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ '/'╖╬ ╜├└█╟╧░┼│¬ ╡▐┬ⁿ┴╢ '..'└╗ ░í┴÷┤┬░í?
└╠╡Θ└╗ ╗τ┐δ╟╥ ╝÷ ╛°┤┘. ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└║ ╛╞╞──í └Ñ░°░ú│╗┐í
└╓╛ε╛▀ ╟╤┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ╗τ┐δ└┌╕φ└╠ └»╚┐╟╤░í?</strong>
<p class="indent">
┴÷┴ñ╟╤ ╗τ┐δ└┌░í ┴╕└τ╟╧┤┬░í?
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ▒╫╖∞╕φ└╠ └»╚┐╟╤░í?</strong>
<p class="indent">
┴÷┴ñ╟╤ ▒╫╖∞└╠ ┴╕└τ╟╧┤┬░í?
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ╗τ┐δ└┌░í superuser░í <em>╛╞┤╤░í</em>?</strong>
<p class="indent">
╟÷└τ suEXEC┤┬ 'root'░í CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷
╛°╡╡╖╧ ╟╤┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ userid░í ├╓╝╥ ID ╝²└┌║╕┤┘ <em>┼½░í</em>?</strong>
<p class="indent">
╝│┴ñ┐í╝¡ ├╓╝╥ ╗τ┐δ└┌ ID ╝²└┌╕ª ┴÷┴ñ╟╤┤┘. ▒╫╖í╝¡ CGI/SSI
╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ userid└╟ ├╓╝╥─í╕ª ┴÷┴ñ╟╥
╝÷ └╓┤┘. "╜├╜║┼█┐δ" ░Φ┴ñ└╗ ┴ª┐▄╟╥╢º └»┐δ╟╧┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ▒╫╖∞└╠ superuser ▒╫╖∞└╠ <em>╛╞┤╤░í</em>?</strong>
<p class="indent">
╟÷└τ suEXEC┤┬ 'root' ▒╫╖∞└╠ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥
╝÷ ╛°╡╡╖╧ ╟╤┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ groupid░í ├╓╝╥ ID ╝²└┌║╕┤┘ <em>┼½░í</em>?</strong>
<p class="indent">
╝│┴ñ┐í╝¡ ├╓╝╥ ▒╫╖∞ ID ╝²└┌╕ª ┴÷┴ñ╟╤┤┘. ▒╫╖í╝¡ CGI/SSI
╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ groupid└╟ ├╓╝╥─í╕ª ┴÷┴ñ╟╥
╝÷ └╓┤┘. "╜├╜║┼█┐δ" ▒╫╖∞└╗ ┴ª┐▄╟╥╢º └»┐δ╟╧┤┘.
</p>
</li>
<li>
<strong>wrapper░í ╝║░°└√└╕╖╬ ┴÷┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞└╠
╡╔ ╝÷ └╓┤┬░í?</strong>
<p class="indent">
└╠ ┤▄░Φ┐í╝¡ ╟┴╖╬▒╫╖Ñ└║ setuid┐═ setgid ╚ú├Γ└╗ ╟╧┐⌐
┴÷┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞└╠ ╡╚┤┘. ╢╟, ▒╫╖∞ ┴ó▒┘╕±╖╧└║
╗τ┐δ└┌░í ╟╪┤τ╡╚ ╕≡╡τ ▒╫╖∞└╕╖╬ ├╩▒Γ╚¡╡╚┤┘.
</p>
</li>
<li>
<strong>╟┴╖╬▒╫╖Ñ└╠ └╓┤┬ ╡≡╖║┼Σ╕«░í ┴╕└τ╟╧│¬?</strong>
<p class="indent">
┴╕└τ╟╧┴÷ ╛╩┤┘╕Θ ╞─└╧└╠ └╓└╗ ╝÷ ╛°┤┘.
</p>
</li>
<li>
<strong>╡≡╖║┼Σ╕«░í ╛╞╞──í └Ñ░°░ú ╛╚┐í └╓┤┬░í?</strong>
<p class="indent">
╝¡╣÷└╟ └╧╣▌└√└╬ ║╬║╨└╗ ┐Σ├╗╟╥ ░µ┐∞ ┐Σ├╗╟╧┤┬ ╡≡╖║┼Σ╕«░í
╝¡╣÷└╟ ╣«╝¡ root ╛╞╖í └╓┤┬░í? UserDir└╗ ┐Σ├╗╟╥ ░µ┐∞
┐Σ├╗╟╧┤┬ ╡≡╖║┼Σ╕«░í ╗τ┐δ└┌ ╣«╝¡ root ╛╞╖í └╓┤┬░í?
</p>
</li>
<li>
<strong>┤┘╕Ñ ┤⌐▒╕╡╡ ╡≡╖║┼Σ╕«┐í ╛▓▒Γ▒╟╟╤└╠ <em>╛°┤┬░í</em>?</strong>
<p class="indent">
╡≡╖║┼Σ╕«╕ª ┤┘╕Ñ ╗τ╢≈┐í░╘ ┐¡╛ε╡╬▒µ ┐°╟╧┴÷╛╩┤┬┤┘. ┐└┴≈
╝╥└»└┌╕╕└╠ ╡≡╖║┼Σ╕« │╗┐δ└╗ ║»░µ╟╥ ╝÷ └╓┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ ┴╕└τ╟╧┤┬░í?</strong>
<p class="indent">
┴╕└τ╟╧┴÷╛╩┤┘╕Θ ╜╟╟α╟╥ ╝÷╡╡ ╛°┤┘.
</p>
</li>
<li>
<strong>┤┘╕Ñ ┤⌐▒╕╡╡ ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ┐í ╛▓▒Γ▒╟╟╤└╠
<em>╛°┤┬░í</em>?</strong>
<p class="indent">
╝╥└»└┌┐▄ ┤⌐▒╕╡╡ ╟┴╖╬▒╫╖Ñ└╗ ║»░µ╟╧▒µ ┐°╟╧┴÷╛╩┤┬┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ setuid│¬ setgid░í <em>╛╞┤╤░í</em>?</strong>
<p class="indent">
┐∞╕«┤┬ ╟┴╖╬▒╫╖Ñ└╠ ┤┘╜├ UID/GID╕ª ║»░µ╟╧▒µ ┐°╟╧┴÷╛╩┤┬┤┘.
</p>
</li>
<li>
<strong>┴÷┴ñ╟╤ ╗τ┐δ└┌/▒╫╖∞└╠ ╟┴╖╬▒╫╖Ñ└╟ ╗τ┐δ└┌/▒╫╖∞░· ░░└║░í?</strong>
<p class="indent">
╗τ┐δ└┌░í ╞─└╧└╟ ╝╥└»└┌└╬░í?
</p>
</li>
<li>
<strong>╛╚└ⁿ╟╤ ╡┐└█└╗ └º╟╪ ╟┴╖╬╝╝╜║└╟ ╚»░µ║»╝÷╕ª ├╗╝╥╟╥
╝÷ └╓┤┬░í?</strong>
<p class="indent">
suEXEC┤┬ (╝│┴ñ┐í╝¡ ┴ñ└╟╟╤) ╛╚└ⁿ╟╤ ╜╟╟α PATH╕ª └Γ░φ,
(└╠░═╡╡ ╝│┴ñ┐í╝¡ ┴ñ└╟) ╛╚└ⁿ╟╤ ╚»░µ║»╝÷ ╕±╖╧┐í ┐¡░┼╡╚
║»╝÷╕╕ │▓▒Γ░φ ╟┴╖╬╝╝╜║└╟ ╚»░µ║»╝÷╕ª ┴÷┐ε┤┘.
</p>
</li>
<li>
<strong>╝║░°└√└╕╖╬ ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬░í?</strong>
<p class="indent">
┐⌐▒Γ╝¡ suEXEC░í │í│¬░φ ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ ╜├└█╟╤┤┘.
</p>
</li>
</ol>
<p>└╠░═└╠ suEXEC wrapper ║╕╛╚╕≡╡¿└╟ ╟Ñ┴╪ ╡┐└█└╠┤┘. ┤┘╝╥
╛÷░▌╟╧░φ CGI/SSI ╝│░Φ┐í ╗⌡╖╬┐ε ┴ª╟╤└╠ ╡╟┴÷╕╕, ║╕╛╚└╗ ┐░╡╬┐í
╡╬░φ ╟╤┤▄░Φ╛┐ ┴╢╜╔╜║╖┤░╘ ╕╕╡Θ╛ε┴│┤┘.</p>
<p>└╠ ║╕╛╚ ╕≡╡¿└╠ ╝¡╣÷ ╝│┴ñ┐í ╛ε╢▓ ┴ª╟╤└╗ ┴╓┤┬┴÷┐═ └√└²╟╤
suEXEC ╝│┴ñ└╕╖╬ ╛ε╢▓ ║╕╛╚ └º╟Φ└╗ ╟╟╟╥ ╝÷ └╓┤┬┴÷┐í ┤δ╟╪ └╠
╣«╝¡└╟ <a href="#jabberwock">"┤┘╜├ ╟╤╣° ┴╢╜╔╟╧╢≤"</a> └²└╗
┬ⁿ░φ╟╧╢≤.</p>
</section>
<section id="install"><title>suEXEC ▒╕╝║░· ╝│─í</title>
<p>└╠┴ª └τ╣╠└╓┤┬ │╗┐δ└╠ ╜├└█╟╤┤┘.</p>
<p><strong>suEXEC ▒╕╝║ ┐╔╝╟</strong><br />
</p>
<dl>
<dt><code>--enable-suexec</code></dt>
<dd>└╠ ┐╔╝╟└║ ▒Γ║╗└√└╕╖╬ ╝│─í╡╟░┼│¬ ╚░╝║╚¡╡╟┴÷╛╩┤┬ suEXEC
▒Γ┤╔└╗ ╚░╝║╚¡╟╤┤┘. APACI░í suEXEC╕ª ╣▐╛╞╡Θ└╠╖┴╕Θ
--enable-suexec ┐╔╝╟┐▄┐í --with-suexec-xxxxx ┐╔╝╟└╠ ├╓╝╥╟╤
╟╤░│ ╟╩┐Σ╟╧┤┘.</dd>
<dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
<dd>suexec ╣┘└╠│╩╕« ░µ╖╬┤┬ ║╕╛╚╗≤ └╠└»╖╬ ╝¡╣÷┐í ▒Γ╖╧╡╟╛▀
╟╤┤┘. ░µ╖╬ ▒Γ║╗░¬└╗ ╣½╜├╟╧╖┴╕Θ └╠ ┐╔╝╟└╗ ╗τ┐δ╟╤┤┘. <em>┐╣╕ª
╡Θ╛ε</em> <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
<dt><code>--with-suexec-caller=<em>UID</em></code></dt>
<dd>║╕┼δ ╛╞╞──í╕ª ╜╟╟α╟╧┤┬ <a
href="mod/mpm_common.html#user">╗τ┐δ└┌╕φ</a>. ╟┴╖╬▒╫╖Ñ└╗
╜╟╟α╟╥ ╝÷ └╓┤┬ └»└╧╟╤ ╗τ┐δ└┌┤┘.</dd>
<dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
<dd>suEXEC ┴ó▒┘└╠ ╟π┐δ╡╟┤┬ ╗τ┐δ└┌ ╚¿╡≡╖║┼Σ╕«└╟ ╟╧└º╡≡╖║┼Σ╕«╕ª
┴÷┴ñ╟╤┤┘. └╠ ╡≡╖║┼Σ╕«┐í └╓┤┬ ╕≡╡τ ╜╟╟α╞─└╧└╗ ╗τ┐δ└┌└╟
suEXEC╖╬ ╜╟╟α╣╟╖╬, ╕≡╡τ ╟┴╖╬▒╫╖Ñ└╠ "╛╚└ⁿ╟╪╛▀" ╟╤┤┘. (┐╣╕ª
╡Θ╛ε, ░¬┐í "*"└╠ ╛°┤┬) "░ú┤▄╟╤" UserDir ┴÷╜├╛ε╕ª ╗τ┐δ╟╤┤┘╕Θ
░░└║ ░¬└╗ ╝│┴ñ╟╪╛▀ ╟╤┤┘. UserDir ┴÷╜├╛ε░í passwd ╞─└╧┐í
│¬┐┬ ╗τ┐δ└┌ ╚¿╡≡╖║┼Σ╕«┐═ ┤┘╕ú╕Θ suEXEC┤┬ ┴ñ╗≤└√└╕╖╬
└█╡┐╟╧┴÷ ╛╩┤┬┤┘. ▒Γ║╗░¬└║ "public_html"└╠┤┘.<br />
░í╗≤╚ú╜║╞«╡Θ└╠ ░ó░ó ┤┘╕Ñ UserDir└╗ ╗τ┐δ╟╤┤┘╕Θ ╕≡╡╬ ╟╤
║╬╕≡ ╡≡╖║┼Σ╕« ╛╚┐í └╓╡╡╖╧ ┴ñ└╟╟╪╛▀ ╟╧░φ, ▒╫ ║╬╕≡ ╡≡╖║┼Σ╕«╕φ└╗
┐⌐▒Γ └√┤┬┤┘. <strong>└╠╖╕░╘ ┴ñ└╟╟╧┴÷ ╛╩└╕╕Θ, "~userdir"
cgi ┐Σ├╗└╠ └█╡┐╟╧┴÷ ╛╩┤┬┤┘!</strong></dd>
<dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
<dd>╛╞╞──í└╟ DocumentRoot╕ª ┴ñ└╟╟╤┤┘. └╠┤┬ suEXEC░í ╗τ┐δ╟╥
╝÷ └╓┤┬ (UserDirs└╗ ┴ª┐▄╟╤) └»└╧╟╤ ░°░ú└╠┤┘. ▒Γ║╗ ╡≡╖║┼Σ╕«┤┬
--datadir ░¬┐í "/htdocs"└╗ ║┘└╬ ░═└╠┤┘. <em>┐╣╕ª ╡Θ╛ε</em>
"<code>--datadir=/home/apache</code>"╖╬ ▒╕╝║╟▀┤┘╕Θ suEXEC
wrapper┤┬ document root╖╬ "/home/apache/htdocs" ╡≡╖║┼Σ╕«╕ª
╗τ┐δ╟╤┤┘.</dd>
<dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
<dd>suEXEC┐í╝¡ ┴÷┴ñ░í┤╔╟╤ ╗τ┐δ└┌└╟ ├╓╝╥ UID╕ª ┴ñ└╟╟╤┤┘.
┤δ║╬║╨└╟ ╜├╜║┼█┐í╝¡ 500└╠│¬ 100└╠ └√└²╟╧┤┘. ▒Γ║╗░¬└║
100└╠┤┘.</dd>
<dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
<dd>suEXEC┐í╝¡ ┴÷┴ñ░í┤╔╟╤ ▒╫╖∞└╟ ├╓╝╥ GID╕ª ┴ñ└╟╟╤┤┘.
┤δ║╬║╨└╟ ╜├╜║┼█┐í╝¡ 100└╠ └√└²╟╧╣╟╖╬ └╠ ░¬└╠ ▒Γ║╗░¬└╠┤┘.</dd>
<dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
<dd>╕≡╡τ suEXEC └█╡┐░· ┐└╖∙╕ª (░¿╜├│¬ ╡≡╣÷▒δ ╕±└√┐í └»┐δ╟╤)
▒Γ╖╧╟╥ ╖╬▒╫╞─└╧╕φ└╗ ┴÷┴ñ╟╤┤┘. ▒Γ║╗└√└╕╖╬ ╖╬▒╫╞─└╧└╟ └╠╕º└║
"suexec_log"└╠░φ ╟Ñ┴╪ ╖╬▒╫╞─└╧ ╡≡╖║┼Σ╕«┐í (--logfiledir)
└º─í╟╤┤┘.</dd>
<dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
<dd>CGI ╜╟╟α╞─└╧┐í │╤░▄┴· ╛╚└ⁿ╟╤ PATH ╚»░µ║»╝÷╕ª ┴ñ└╟╟╤┤┘.
▒Γ║╗░¬└║ "/usr/local/bin:/usr/bin:/bin"└╠┤┘.</dd>
</dl>
<p><strong>suEXEC ▒╕╝║└╗ ┴í░╦╟╧╢≤</strong><br />
suEXEC wrapper╕ª ──╞─└╧╟╧░φ ╝│─í╟╧▒Γ └ⁿ┐í --layout ┐╔╝╟└╗
╗τ┐δ╟╧┐⌐ ╝│┴ñ└╗ ┴í░╦╟╥ ╝÷ └╓┤┘.<br />
├Γ╖┬┐╣:</p>
<example>
suEXEC setup:<br />
suexec binary: /usr/local/apache/sbin/suexec<br />
document root: /usr/local/apache/share/htdocs<br />
userdir suffix: public_html<br />
logfile: /usr/local/apache/var/log/suexec_log<br />
safe path: /usr/local/bin:/usr/bin:/bin<br />
caller ID: www<br />
minimum user ID: 100<br />
minimum group ID: 100<br />
</example>
<p><strong>suEXEC wrapper╕ª ──╞─└╧╟╧░φ ╝│─í╟╧▒Γ</strong><br />
--enable-suexec ┐╔╝╟└╕╖╬ suEXEC ▒Γ┤╔└╗ ░í┤╔╟╧░╘╟╤ ░µ┐∞
"make" ╕φ╖╔╛ε╕ª ╜╟╟α╟╧╕Θ suexec ╜╟╟α╞─└╧└╠ (╛╞╞──í┐═ ╟╘▓▓)
└┌╡┐└╕╖╬ ╕╕╡Θ╛ε┴°┤┘.<br />
╕≡╡τ░═└╗ ──╞─└╧╟╤ ╚─ "make install" ╕φ╖╔╛ε╕ª ╜╟╟α╟╧┐⌐ ╝│─í╟╥
╝÷ └╓┤┘. ╣┘└╠│╩╕«╞─└╧ "suexec"┤┬ --sbindir ┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤
╡≡╖║┼Σ╕«┐í ╝│─í╡╚┤┘. ▒Γ║╗ └º─í┤┬
"/usr/local/apache/sbin/suexec"└╠┤┘.<br />
╝│─í ░·┴ñ┐í <strong><em>root ▒╟╟╤</em></strong>└╠ ╟╩┐Σ╟╘└╗
┴╓└╟╟╧╢≤. wrapper░í ╗τ┐δ└┌ ID╕ª ╝│┴ñ╟╧▒Γ└º╟╪╝¡┤┬ ╝╥└»└┌░í
<code><em>root</em></code>└╠░φ ╞─└╧╕≡╡σ╖╬ setuserid ╜╟╟α║±╞«░í
╝│┴ñ╡╟╛▀ ╟╤┤┘.</p>
</section>
<section id="enable"><title>suEXEC ┼░░φ ▓⌠▒Γ</title>
<p>╛╞╞──í┤┬ ╜├└█╟╥╢º "sbin" ╡≡╖║┼Σ╕«┐í╝¡ "suexec" ╞─└╧└╗
(▒Γ║╗░¬ "/usr/local/apache/sbin/suexec") ├ú┤┬┤┘. ╛╞╞──í░í
┴ñ╗≤└√└╕╖╬ ▒╕╝║╡╚ suEXEC wrapper╕ª ╣▀░▀╟╧╕Θ error log┐í
┤┘└╜░· ░░└╠ ├Γ╖┬╟╤┤┘:</p>
<example>
[notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
</example>
<p>╝¡╣÷ ╜├└█┴▀┐í └╠╖▒ ╣«▒╕╕ª ╛°┤┘╕Θ ╝¡╣÷┤┬ ▒Γ┤δ╟╤ └σ╝╥┐í╝¡
wrapper ╟┴╖╬▒╫╖Ñ└╗ ├ú┴÷ ╕°╟▀░┼│¬, ╜╟╟α╞─└╧└╠ <em>setuid
root</em>╖╬ ╝│─í╡╟┴÷╛╩╛╥▒Γ ╢º╣«└╧ ░═└╠┤┘.</p>
<p>├│└╜└╕╖╬ suEXEC ▒Γ┤╔└╗ ╗τ┐δ╟╧░φ ╜═░φ └╠╣╠ ╛╞╞──í ╝¡╣÷░í
╜╟╟α┴▀└╠╢≤╕Θ, ╛╞╞──í╕ª ┴╫└╠░φ ┤┘╜├ ╜├└█╟╪╛▀ ╟╤┤┘. ░ú┤▄╚≈
HUP└╠│¬ USR1 ╜├▒╫│╬╖╬ └τ╜├└█╟╧┤┬ ░═└╕╖╬┤┬ ├µ║╨╟╧┴÷ ╛╩┤┘. </p>
<p>suEXEC╕ª ╛╚╗τ┐δ╟╧╖┴╕Θ "suexec" ╞─└╧└╗ ┴÷┐ε╚─ ╛╞╞──í╕ª
┴╫└╠░φ └τ╜├└█╟╪╛▀ ╟╤┤┘. </p>
</section>
<section id="usage"><title>suEXEC ╗τ┐δ╟╧▒Γ</title>
<p><strong>░í╗≤╚ú╜║╞«:</strong><br /> suEXEC wrapper╕ª
╗τ┐δ╟╧┤┬ ╟╤░í┴÷ ╣µ╣²└║ <directive
module="core">VirtualHost</directive> ┴ñ└╟┐í <directive
module="mod_suexec">SuexecUserGroup</directive> ┴÷╜├╛ε╕ª
╗τ┐δ╟╧┤┬ ░═└╠┤┘. └╠ ┴÷╜├╛ε╕ª ┴╓╝¡╣÷ ╗τ┐δ└┌ ID┐═ ┤┘╕ú░╘
╝│┴ñ╟╧╕Θ CGI └┌┐°└╟ ╕≡╡τ ┐Σ├╗└╠ <directive
module="core" type="section">VirtualHost</directive>┐í╝¡
┴÷┴ñ╟╤ <em>User</em>┐═ <em>Group</em>└╕╖╬ ╜╟╟α╡╚┤┘. └╠
┴÷╜├╛ε╡Θ└╠ <directive module="core"
type="section">VirtualHost</directive>┐í ╛°└╕╕Θ ┴╓╝¡╣÷
userid╕ª ╗τ┐δ╟╤┤┘.</p>
<p><strong>╗τ┐δ└┌ ╡≡╖║┼Σ╕«:</strong><br />
suEXEC wrapper┤┬ CGI ╟┴╖╬▒╫╖Ñ└╗ ┐Σ├╗└╗ ╣▐└║ ╗τ┐δ└┌░í ╜╟╟α╟╧╡╡╖╧
╟╥ ╝÷ └╓┤┘. └╠╕ª └º╟╪ ╜╟╟α╟╧▒µ ┐°╟╧┤┬ ╗τ┐δ└┌ ID ╛╒┐í
"<strong><code>~</code></strong>" ╣«└┌╕ª ║┘└╠╕Θ ╡╚┤┘. ╜╟╟α└╗
└º╟╪ ╟╪┤τ ╗τ┐δ└┌┤┬ CGI╕ª ╜╟╟α╟╥ ╝÷ └╓╛ε╛▀ ╟╧░φ, ╜║┼⌐╕│╞«░í
└º└╟ <a href="#model">║╕╛╚ ░╦╗τ</a> ╟╫╕±└╗ ╕╕┴╖╟╪╛▀ ╟╤┤┘.</p>
</section>
<section id="debug"><title>suEXEC ╡≡╣÷▒δ╟╧▒Γ</title>
<p>suEXEC wrapper┤┬ ╖╬▒╫ ┴ñ║╕╕ª └º┐í╝¡ ┤┘╖Θ --with-suexec-logfile
┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤ ╞─└╧┐í ╛┤┤┘. wrapper╕ª ┐├╣┘╖╬ ▒╕╝║╟╧░φ ╝│─í╟▀┤┘╕Θ
╛ε╡≡╝¡ └▀╕°╡╟╛·┤┬┴÷ └╠ ╖╬▒╫╞─└╧┐═ ╝¡╣÷└╟ error_log╕ª ╗∞╞∞║┴╢≤.</p>
</section>
<section id="jabberwock"><title>┤┘╜├ ╟╤╣° ┴╢╜╔╟╧╢≤: ░µ░φ┐═ ┐╣┴ª</title>
<p><strong>┴╓└╟!</strong> └╠ ╝╜╝╟└║ ┐╧└ⁿ╟╧┴÷ ╛╩└╗ ╝÷ └╓┤┘.
╛╞╞──í▒╫╖∞└╟ <a
href="http://httpd.apache.org/docs-2.0/suexec.html">┐┬╢≤└╬
╣«╝¡</a>┐í╝¡ └╠ ╣«╝¡└╟ ├╓╜┼╞╟└╗ ┬ⁿ░φ╟╧╢≤.</p>
<p>wrapper░í ╝¡╣÷ ╝│┴ñ└╗ ┴ª╛α╟╧┤┬ ╕ε░í┴÷ ╚∩╣╠╖╬┐ε ┴í└╠ └╓┤┘.
suEXEC┐═ ░ⁿ╖├╡╚ "╣÷▒╫"╕ª ║╕░φ╟╧▒Γ └ⁿ┐í └╠╡Θ└╗ ╗∞╞∞║╕▒µ ╣┘╢⌡┤┘.</p>
<ul>
<li><strong>suEXEC ┴ª╛α ╗τ╟╫</strong></li>
<li>
╡≡╖║┼Σ╕« ▒╕┴╢ ┴ª╟╤
<p class="indent">
║╕╛╚░· ╚┐└▓╝║└╗ └º╟╪ ╕≡╡τ suexec ┐Σ├╗└║ ░í╗≤╚ú╜║╞«└╟
░µ┐∞ ├╓╗≤└º document root ╚ñ└║ userdir ┐Σ├╗└╟ ░µ┐∞
├╓╗≤└º ░│└╬ document root ╛╚┐í╝¡ ╣▀╗²╟╪╛▀ ╟╤┤┘. ┐╣╕ª
╡Θ╛ε, ░í╗≤╚ú╜║╞« │╫░│╕ª ╝│┴ñ╟▀┤┘╕Θ ░í╗≤╚ú╜║╞«┐í╝¡
suEXEC╕ª └╠┐δ╟╧▒Γ└º╟╪ ░í╗≤╚ú╜║╞«└╟ document root╕ª
┴╓ ╛╞╞──í ╣«╝¡ ░Φ├■▒╕┴╢ ╣█┐í ╝│┴ñ╟╥ ╟╩┐Σ░í └╓┤┘.
(┐╣┴ª┤┬ ┤┘└╜┐í.)
</p>
</li>
<li>
suEXEC└╟ PATH ╚»░µ║»╝÷
<p class="indent">
║»░µ╟╧╕Θ └º╟Φ╟╥ ╝÷ └╓┤┘. ┐⌐▒Γ┐í ╞≈╟╘╟╧┤┬ ╕≡╡τ ░µ╖╬░í
<strong>╣╧└╗ ╝÷ └╓┤┬</strong> ╡≡╖║┼Σ╕«└╬┴÷ ╚«└╬╟╧╢≤.
└╠ ┴÷▒╕╗≤└╟ ┤⌐▒║░í░í ▒╫░≈┐í └╓┤┬ ╞«╖╬└╠╕±╕╢╕ª ╜╟╟α╟╧▒µ
┐°╟╧┴÷ ╛╩└╗ ░═└╠┤┘.
</p>
</li>
<li>
suEXEC ─┌╡σ ╝÷┴ñ╟╧▒Γ
<p class="indent">
╣▌║╣╟╪╝¡ ╕╗╟╧┴÷╕╕, ┤τ╜┼└╠ ╣½╛∙└╗ ╟╧┤┬┴÷ ╕≡╕ú░φ ╜├╡╡╟╤┤┘╕Θ
<strong>┼½ ╣«┴ª</strong>░í ╣▀╗²╟╥ ╝÷ └╓┤┘. ╛ε╢▓ ░µ┐∞┐í╡╡
╝÷┴ñ╟╧┴÷╕╢╢≤.
</p>
</li>
</ul>
</section>
</manualpage>