home *** CD-ROM | disk | FTP | other *** search
/ PC World 2004 May / PCWorld_2004-05_cd.bin / komunikace / apache / apache_2.0.48-win32-x86-no_ssl.msi / Data.Cab / F252277_suexec.xml.ko < prev    next >
Extensible Markup Language  |  2003-05-10  |  17KB  |  482 lines

  1. <?xml version="1.0" encoding="EUC-KR" ?>
  2. <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
  3. <?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
  4. <!-- English revision: 1.3.2.3 -->
  5.  
  6. <manualpage metafile="suexec.xml.meta">
  7.  
  8.   <title>suEXEC ┴÷┐°</title>
  9.  
  10.   <summary>
  11.     <p><strong>suEXEC</strong> ▒Γ┤╔└║ ╛╞╞──í░í <strong>CGI</strong>┐═
  12.     <strong>SSI</strong> ╟┴╖╬▒╫╖Ñ└╗ └Ñ╝¡╣÷╕ª ╜╟╟α╟╤ ╗τ┐δ└┌ ID░í
  13.     ╛╞┤╤ ┤┘╕Ñ ╗τ┐δ└┌ ID╖╬ ╜╟╟α╟╧╡╡╖╧ ╟╤┤┘. ║╕┼δ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╗
  14.     ╜╟╟α╟╧╕Θ └Ñ╝¡╣÷╕ª ╜╟╟α╟╤ ╗τ┐δ└┌┐═ ░░└║ ╗τ┐δ└┌╖╬ ╜╟╟α╟╤┤┘.</p>
  15.  
  16.     <p>└╠ ▒Γ┤╔└╗ └√└²╚≈ ╗τ┐δ╟╧╕Θ ╗τ┐δ└┌░í ┴≈┴ó CGI│¬ SSI ╟┴╖╬▒╫╖Ñ└╗
  17.     ░│╣▀╟╧░φ ╜╟╟α╟╥╢º ╣▀╗²╟╥ ╝÷ └╓┤┬ ║╕╛╚└º╟Φ└╗ ╗≤┤τ╚≈ ┴┘└╧
  18.     ╝÷ └╓┤┘. ▒╫╖»│¬ suEXEC░í ║╬└√└²╟╧░╘ ╝│┴ñ╡╟╕Θ ╕╣└║ ╣«┴ª┐═
  19.     ──╟╗┼═┐í ╗⌡╖╬┐ε ║╕╛╚ ╟π┴í└╗ ╕╕╡Θ ╝÷ └╓┤┘. ╕╕╛α setuid root
  20.     ╟┴╖╬▒╫╖Ñ░· └╠╖▒ ╟┴╖╬▒╫╖Ñ└╟ ║╕╛╚ ╣«┴ª┐í ╗²╝╥╟╧┤┘╕Θ suEXEC╕ª
  21.     ╗τ┐δ╟╧┴÷╛╩▒µ ┴°╜╔└╕╖╬ ╣┘╢⌡┤┘.</p>
  22.   </summary>
  23.  
  24. <section id="before"><title>╜├└█╟╧▒Γ └ⁿ┐í</title>
  25.  
  26.     <p>╜├└█╟╧▒Γ └ⁿ┐í ┐∞╝▒ ╛╞╞──í▒╫╖∞░· └╠ ╣«╝¡└╟ ░í┴ñ└╗ ╣α╚∙┤┘.</p>
  27.  
  28.     <p>╕╒└· <strong>setuid</strong>┐═ <strong>setgid</strong>
  29.     ▒Γ┤╔└╠ ░í┤╔╟╤ └»┤╨╜║╖∙ ┐ε┐╡├╝┴ª╕ª ╗τ┐δ╟╤┤┘░φ ░í┴ñ╟╤┤┘. ╕≡╡τ
  30.     ╕φ╖╔╛ε ┐╣╡Θ╡╡ ░░└║ ░í┴ñ└╗ ╟╤┤┘. suEXEC╕ª ┴÷┐°╟╧┤┬ ┤┘╕Ñ ╟├╖í╞√└╗
  31.     ╗τ┐δ╟╧┤┘╕Θ ╝│┴ñ└╠ ┤┘╕ª ╝÷ └╓┤┘.</p>
  32.  
  33.     <p>╡╬╣°┬░, ┤τ╜┼└╠ ──╟╗┼═ ║╕╛╚└╟ ▒Γ║╗ ░││Σ░· ░ⁿ╕«┐í └═╝≈╟╧┤┘░φ
  34.     ░í┴ñ╟╤┤┘. ┐⌐▒Γ┐í┤┬ <strong>setuid/setgid</strong> ▒Γ┤╔░·
  35.     └╠╡Θ└╠ ╜├╜║┼█░· ║╕╛╚┐í ╣╠─í┤┬ ┐⌐╖» ┐╡╟Γ┐í ┤δ╟╤ └╠╟╪░í ╞≈╟╘╡╚┤┘.</p>
  36.  
  37.     <p>╝╝╣°┬░, suEXEC ─┌╡σ└╟ <strong>╝÷┴ñ╟╧┴÷╛╩└║</strong>
  38.     ╣÷└ⁿ└╗ ╗τ┐δ╟╤┤┘░φ ░í┴ñ╟╤┤┘. ░│╣▀└┌┐═ ┐⌐╖» ║ú┼╕┼╫╜║┼═╡Θ└║
  39.     suEXEC┐═ ░ⁿ╖├╡╚ ╕≡╡τ ─┌╡σ╕ª ┴╢╜╔╜║╖┤░╘ ┴╢╗τ╟╧░φ ░╦╗τ╟▀┤┘.
  40.     ─┌╡σ╕ª ░ú┤▄╟╧░╘ ╟╧░φ ╚«╜╟╟╤ ╛╚└ⁿ└╗ ║╕└σ╟╧▒Γ└º╟╪ ╕≡╡τ ┴╓└╟╕ª
  41.     ▒Γ┐∩┐┤┤┘. └╠ ─┌╡σ╕ª ╝÷┴ñ╟╧╕Θ ┐╣╗≤─í╕°╟╤ ╣«┴ª┐═ ╗⌡╖╬┐ε ║╕╛╚
  42.     └º╟Φ└╠ ╣▀╗²╟╥ ╝÷ └╓┤┘. ║╕╛╚ ╟┴╖╬▒╫╖í╣╓┐í ┤δ╟╪ ╕┼┐∞ └▀ ╛╦░φ
  43.     ─┌╡σ╕ª ╗∞╞∞║╕▒Γ└º╟╪ ╛╞╞──í▒╫╖∞░· └█╛≈└╗ ░°└»╟╥ └╟╗τ░í ╛°┤┘╕Θ
  44.     suEXEC ─┌╡σ╕ª ╝÷┴ñ╟╧┴÷╛╩▒µ <strong>░¡╖┬╚≈</strong> ▒╟╟╤┤┘.</p>
  45.  
  46.     <p>│╫╣°┬░└╠└┌ ╕╢┴÷╕╖└╕╖╬, ╛╞╞──í▒╫╖∞└║ suEXEC╕ª ╛╞╞──í
  47.     ▒Γ║╗╝│─í┐í ╞≈╟╘╟╧┴÷ <strong>╛╩▒Γ╖╬</strong> ░ß┴ñ╟▀┤┘. ░ß▒╣
  48.     ░ⁿ╕«└┌░í ┴╓└╟╕ª ▒Γ┐∩┐⌐╝¡ suEXEC╕ª ╝│┴ñ╟╪╛▀ ╟╤┤┘. suEXEC└╟
  49.     ┐⌐╖» ╝│┴ñ└╗ └▀ ░φ╖┴╟╤╚─ ░ⁿ╕«└┌┤┬ └╧╣▌└√└╬ ╝│─í╣µ╣²└╗ suEXEC╕ª
  50.     ╝│─í╟╥ ╝÷ └╓┤┘. suEXEC ▒Γ┤╔└╗ ╗τ┐δ╟╧┤┬ ╜├╜║┼█└╟ ║╕╛╚└╗ ├Ñ└╙┴÷┤┬
  51.     ░ⁿ╕«└┌┤┬ └╠ ╝│┴ñ░¬╡Θ└╗ ┴╓└╟└╓░╘ ╗∞╞∞║╕░φ ┴÷┴ñ╟╪╛▀ ╟╤┤┘.
  52.     └╠╖▒ ╗≤╝╝╟╤ ░·┴ñ└║ suEXEC╕ª ╗τ┐δ╟╥╕╕┼¡ ┴╓└╟└╓░φ ┤▄╚ú╟╤ 
  53.     ╗τ╢≈╕╕└╠ suEXEC╕ª ╗τ┐δ╟╧╡╡╖╧ ╛╞╞──í▒╫╖∞└╠ ┐°╟╧▒Γ ╢º╣«└╠┤┘.</p>
  54.  
  55.     <p>╛╞┴≈╡╡ ╗τ┐δ╟╧▒µ ┐°╟╧┤┬░í? ▒╫╖▒░í? ┴┴┤┘. └╠┴ª ╜├└█╟╧└┌!</p>
  56. </section>
  57.  
  58. <section id="model"><title>suEXEC ║╕╛╚╕≡╡¿</title>
  59.  
  60.     <p>suEXEC╕ª ▒╕╝║╟╧░φ ╝│─í╟╧▒Γ └ⁿ┐í ┐∞╕«┤┬ ║╕╛╚╕≡╡¿└╗ ╕╒└·
  61.     ╝│╕φ╟╤┤┘. └╠╕ª ┼δ╟╪ ┴ñ╚«╚≈ suEXEC ╛╚┐í╝¡┤┬ ╣½╜╝ └╧└╠ └╧╛ε│¬╕τ
  62.     ╜├╜║┼█└╟ ║╕╛╚└╗ └º╟╪ ╣½╛∙└╗ ┴╢╜╔╟╪╛▀ ╟╥┴÷ ┤⌡ └▀ └╠╟╪╟╥ ╝÷
  63.     └╓┤┘.</p>
  64.  
  65.     <p><strong>suEXEC</strong>┤┬ ╛╞╞──í └Ñ╝¡╣÷░í ║╬╕ú┤┬ setuid
  66.     "wrapper" ╟┴╖╬▒╫╖Ñ└╗ ▒Γ╣▌└╕╖╬ ╟╤┤┘. └╠ wrapper┤┬ ░ⁿ╕«└┌░í
  67.     ┴╓╝¡╣÷┐═ ┤┘╕Ñ userid╖╬ ╜╟╟α╟╧╡╡╖╧ ╝│┴ñ╟╤ CGI│¬ SSI ╟┴╖╬▒╫╖Ñ┐í
  68.     HTTP ┐Σ├╗└╠ ┐└╕Θ ║╥╕░┤┘. └╠╖▒ ┐Σ├╗└╠ ┐└╕Θ ╛╞╞──í┤┬ suEXEC
  69.     wrapper┐í░╘ ╟┴╖╬▒╫╖Ñ╕φ░· ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╗τ┐δ└┌┐═ ▒╫╖∞
  70.     ID╕ª ┴ª░°╟╤┤┘.</p>
  71.  
  72.     <p>▒╫╖»╕Θ wrapper┤┬ ┤┘└╜ ░·┴ñ└╗ ┼δ╟╪ ╝║░°░· ╜╟╞╨╕ª ░ß┴ñ╟╤┤┘.
  73.     └╠ ┴╢░╟┴▀ ╟╧│¬╢≤╡╡ ╜╟╞╨╟╧╕Θ ╟┴╖╬▒╫╖Ñ└║ ╜╟╞╨╖╬ ▒Γ╖╧╡╟░φ ┐└╖∙╕ª
  74.     │╗╕τ ┴╛╖ß╟╤┤┘. ╜╟╞╨╟╧┴÷ ╛╩└╕╕Θ ░·┴ñ└╗ ░Φ╝╙╟╤┤┘:</p>
  75.  
  76.     <ol>
  77.       <li>
  78.         <strong>└√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«╖╬ wrapper╕ª ╜╟╟α╟╧┤┬░í?</strong>
  79.  
  80.         <p class="indent">
  81.           wrapper┤┬ └√└²╟╤ ╝÷└╟ ╛╞▒╘╕╒╞«░í └╓╛ε╛▀╕╕ ╜╟╟α╡╚┤┘.
  82.           ╛╞╞──í └Ñ╝¡╣÷░í └╠ ░│╝÷╕ª ╛╚┤┘. wrapper░í └√└²╟╤ ╝÷└╟
  83.           ╛╞▒╘╕╒╞«╕ª ╣▐┴÷╕°╟╧╕Θ ╟╪┼╖╡╟╛·░┼│¬ ╛╞╞──í└╟ suEXEC┐í
  84.           ╣║░í ╣«┴ª░í └╓┤┬ ░═└╠┤┘.
  85.         </p>
  86.       </li>
  87.  
  88.       <li>
  89.         <strong>wrapper╕ª ╜╟╟α╟╧┤┬ ╗τ┐δ└┌░í ╜├╜║┼█└╟ ┴ñ╗≤└√└╬
  90.         ╗τ┐δ└┌└╬░í?</strong> 
  91.  
  92.         <p class="indent">
  93.           wrapper╕ª ╜╟╟α╟╧┤┬ ╗τ┐δ└┌░í ╜╟┴ª╖╬ ╜├╜║┼█└╟ ╗τ┐δ└┌└╬┴÷
  94.           ╚«└╬╟╤┤┘.
  95.         </p>
  96.       </li>
  97.  
  98.       <li>
  99.         <strong>└╠ ╗τ┐δ└┌░í wrapper╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╡╟╛·│¬?</strong> 
  100.  
  101.         <p class="indent">
  102.           └╠ ╗τ┐δ└┌░í wrapper╕ª ╜╟╟α╟╧╡╡╖╧ ╟π┐δ╡╟╛·│¬? ┐└┴≈
  103.           ╟╤ ╗τ┐δ└┌(╛╞╞──í ╗τ┐δ└┌)╕╕└╠ └╠ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥
  104.           ╝÷ └╓┤┘.
  105.         </p>
  106.       </li>
  107.  
  108.       <li>
  109.         <strong>┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ ╛╚└ⁿ╟╧┴÷╛╩└║ ░Φ├■┬ⁿ┴╢╕ª ░í┴÷┤┬░í?</strong>
  110.  
  111.         <p class="indent">
  112.           ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ '/'╖╬ ╜├└█╟╧░┼│¬ ╡▐┬ⁿ┴╢ '..'└╗ ░í┴÷┤┬░í?
  113.           └╠╡Θ└╗ ╗τ┐δ╟╥ ╝÷ ╛°┤┘. ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└║ ╛╞╞──í └Ñ░°░ú│╗┐í
  114.           └╓╛ε╛▀ ╟╤┤┘.
  115.         </p>
  116.       </li>
  117.  
  118.       <li>
  119.         <strong>┴÷┴ñ╟╤ ╗τ┐δ└┌╕φ└╠ └»╚┐╟╤░í?</strong> 
  120.  
  121.         <p class="indent">
  122.           ┴÷┴ñ╟╤ ╗τ┐δ└┌░í ┴╕└τ╟╧┤┬░í?
  123.         </p>
  124.       </li>
  125.  
  126.       <li>
  127.         <strong>┴÷┴ñ╟╤ ▒╫╖∞╕φ└╠ └»╚┐╟╤░í?</strong> 
  128.  
  129.         <p class="indent">
  130.           ┴÷┴ñ╟╤ ▒╫╖∞└╠ ┴╕└τ╟╧┤┬░í?
  131.         </p>
  132.       </li>
  133.  
  134.       <li>
  135.         <strong>┴÷┴ñ╟╤ ╗τ┐δ└┌░í superuser░í <em>╛╞┤╤░í</em>?</strong>
  136.         
  137.  
  138.         <p class="indent">
  139.           ╟÷└τ suEXEC┤┬ 'root'░í CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷
  140.           ╛°╡╡╖╧ ╟╤┤┘.
  141.         </p>
  142.       </li>
  143.  
  144.       <li>
  145.         <strong>┴÷┴ñ╟╤ userid░í ├╓╝╥ ID ╝²└┌║╕┤┘ <em>┼½░í</em>?</strong>
  146.  
  147.         <p class="indent">
  148.           ╝│┴ñ┐í╝¡ ├╓╝╥ ╗τ┐δ└┌ ID ╝²└┌╕ª ┴÷┴ñ╟╤┤┘. ▒╫╖í╝¡ CGI/SSI
  149.           ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ userid└╟ ├╓╝╥─í╕ª ┴÷┴ñ╟╥
  150.           ╝÷ └╓┤┘. "╜├╜║┼█┐δ" ░Φ┴ñ└╗ ┴ª┐▄╟╥╢º └»┐δ╟╧┤┘.
  151.         </p>
  152.       </li>
  153.  
  154.       <li>
  155.         <strong>┴÷┴ñ╟╤ ▒╫╖∞└╠ superuser ▒╫╖∞└╠ <em>╛╞┤╤░í</em>?</strong> 
  156.  
  157.         <p class="indent">
  158.           ╟÷└τ suEXEC┤┬ 'root' ▒╫╖∞└╠ CGI/SSI ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥
  159.           ╝÷ ╛°╡╡╖╧ ╟╤┤┘.
  160.         </p>
  161.       </li>
  162.  
  163.       <li>
  164.         <strong>┴÷┴ñ╟╤ groupid░í ├╓╝╥ ID ╝²└┌║╕┤┘ <em>┼½░í</em>?</strong> 
  165.  
  166.         <p class="indent">
  167.           ╝│┴ñ┐í╝¡ ├╓╝╥ ▒╫╖∞ ID ╝²└┌╕ª ┴÷┴ñ╟╤┤┘. ▒╫╖í╝¡ CGI/SSI
  168.           ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬ groupid└╟ ├╓╝╥─í╕ª ┴÷┴ñ╟╥
  169.           ╝÷ └╓┤┘. "╜├╜║┼█┐δ" ▒╫╖∞└╗ ┴ª┐▄╟╥╢º └»┐δ╟╧┤┘.
  170.         </p>
  171.       </li>
  172.  
  173.       <li>
  174.         <strong>wrapper░í ╝║░°└√└╕╖╬ ┴÷┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞└╠
  175.         ╡╔ ╝÷ └╓┤┬░í?</strong>
  176.  
  177.         <p class="indent">
  178.           └╠ ┤▄░Φ┐í╝¡ ╟┴╖╬▒╫╖Ñ└║ setuid┐═ setgid ╚ú├Γ└╗ ╟╧┐⌐
  179.           ┴÷┴ñ╟╤ ╗τ┐δ└┌┐═ ▒╫╖∞└╠ ╡╚┤┘. ╢╟, ▒╫╖∞ ┴ó▒┘╕±╖╧└║
  180.           ╗τ┐δ└┌░í ╟╪┤τ╡╚ ╕≡╡τ ▒╫╖∞└╕╖╬ ├╩▒Γ╚¡╡╚┤┘.
  181.         </p>
  182.       </li>
  183.  
  184.       <li>
  185.         <strong>╟┴╖╬▒╫╖Ñ└╠ └╓┤┬ ╡≡╖║┼Σ╕«░í ┴╕└τ╟╧│¬?</strong> 
  186.  
  187.         <p class="indent">
  188.           ┴╕└τ╟╧┴÷ ╛╩┤┘╕Θ ╞─└╧└╠ └╓└╗ ╝÷ ╛°┤┘.
  189.         </p>
  190.       </li>
  191.  
  192.       <li>
  193.         <strong>╡≡╖║┼Σ╕«░í ╛╞╞──í └Ñ░°░ú ╛╚┐í └╓┤┬░í?</strong>
  194.  
  195.         <p class="indent">
  196.           ╝¡╣÷└╟ └╧╣▌└√└╬ ║╬║╨└╗ ┐Σ├╗╟╥ ░µ┐∞ ┐Σ├╗╟╧┤┬ ╡≡╖║┼Σ╕«░í
  197.           ╝¡╣÷└╟ ╣«╝¡ root ╛╞╖í └╓┤┬░í? UserDir└╗ ┐Σ├╗╟╥ ░µ┐∞
  198.           ┐Σ├╗╟╧┤┬ ╡≡╖║┼Σ╕«░í ╗τ┐δ└┌ ╣«╝¡ root ╛╞╖í └╓┤┬░í?
  199.         </p>
  200.       </li>
  201.  
  202.       <li>
  203.         <strong>┤┘╕Ñ ┤⌐▒╕╡╡ ╡≡╖║┼Σ╕«┐í ╛▓▒Γ▒╟╟╤└╠ <em>╛°┤┬░í</em>?</strong>
  204.  
  205.         <p class="indent">
  206.           ╡≡╖║┼Σ╕«╕ª ┤┘╕Ñ ╗τ╢≈┐í░╘ ┐¡╛ε╡╬▒µ ┐°╟╧┴÷╛╩┤┬┤┘. ┐└┴≈
  207.           ╝╥└»└┌╕╕└╠ ╡≡╖║┼Σ╕« │╗┐δ└╗ ║»░µ╟╥ ╝÷ └╓┤┘.
  208.         </p>
  209.       </li>
  210.  
  211.       <li>
  212.         <strong>┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ ┴╕└τ╟╧┤┬░í?</strong> 
  213.  
  214.         <p class="indent">
  215.           ┴╕└τ╟╧┴÷╛╩┤┘╕Θ ╜╟╟α╟╥ ╝÷╡╡ ╛°┤┘.
  216.         </p>
  217.       </li>
  218.  
  219.       <li>
  220.         <strong>┤┘╕Ñ ┤⌐▒╕╡╡ ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ┐í ╛▓▒Γ▒╟╟╤└╠
  221.         <em>╛°┤┬░í</em>?</strong>
  222.  
  223.         <p class="indent">
  224.           ╝╥└»└┌┐▄ ┤⌐▒╕╡╡ ╟┴╖╬▒╫╖Ñ└╗ ║»░µ╟╧▒µ ┐°╟╧┴÷╛╩┤┬┤┘.
  225.         </p>
  226.       </li>
  227.  
  228.       <li>
  229.         <strong>┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ setuid│¬ setgid░í <em>╛╞┤╤░í</em>?</strong>
  230.  
  231.         <p class="indent">
  232.           ┐∞╕«┤┬ ╟┴╖╬▒╫╖Ñ└╠ ┤┘╜├ UID/GID╕ª ║»░µ╟╧▒µ ┐°╟╧┴÷╛╩┤┬┤┘.
  233.         </p>
  234.       </li>
  235.  
  236.       <li>
  237.         <strong>┴÷┴ñ╟╤ ╗τ┐δ└┌/▒╫╖∞└╠ ╟┴╖╬▒╫╖Ñ└╟ ╗τ┐δ└┌/▒╫╖∞░· ░░└║░í?</strong>
  238.  
  239.         <p class="indent">
  240.           ╗τ┐δ└┌░í ╞─└╧└╟ ╝╥└»└┌└╬░í?
  241.         </p>
  242.       </li>
  243.  
  244.       <li>
  245.         <strong>╛╚└ⁿ╟╤ ╡┐└█└╗ └º╟╪ ╟┴╖╬╝╝╜║└╟ ╚»░µ║»╝÷╕ª ├╗╝╥╟╥
  246.         ╝÷ └╓┤┬░í?</strong>
  247.  
  248.         <p class="indent">
  249.           suEXEC┤┬ (╝│┴ñ┐í╝¡ ┴ñ└╟╟╤) ╛╚└ⁿ╟╤ ╜╟╟α PATH╕ª └Γ░φ,
  250.           (└╠░═╡╡ ╝│┴ñ┐í╝¡ ┴ñ└╟) ╛╚└ⁿ╟╤ ╚»░µ║»╝÷ ╕±╖╧┐í ┐¡░┼╡╚
  251.           ║»╝÷╕╕ │▓▒Γ░φ ╟┴╖╬╝╝╜║└╟ ╚»░µ║»╝÷╕ª ┴÷┐ε┤┘.
  252.         </p>
  253.       </li>
  254.  
  255.       <li>
  256.         <strong>╝║░°└√└╕╖╬ ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╗ ╜╟╟α╟╥ ╝÷ └╓┤┬░í?</strong> 
  257.  
  258.         <p class="indent">
  259.           ┐⌐▒Γ╝¡ suEXEC░í │í│¬░φ ┴÷┴ñ╟╤ ╟┴╖╬▒╫╖Ñ└╠ ╜├└█╟╤┤┘.
  260.         </p>
  261.       </li>
  262.     </ol>
  263.  
  264.     <p>└╠░═└╠ suEXEC wrapper ║╕╛╚╕≡╡¿└╟ ╟Ñ┴╪ ╡┐└█└╠┤┘. ┤┘╝╥
  265.     ╛÷░▌╟╧░φ CGI/SSI ╝│░Φ┐í ╗⌡╖╬┐ε ┴ª╟╤└╠ ╡╟┴÷╕╕, ║╕╛╚└╗ ┐░╡╬┐í
  266.     ╡╬░φ ╟╤┤▄░Φ╛┐ ┴╢╜╔╜║╖┤░╘ ╕╕╡Θ╛ε┴│┤┘.</p>
  267.  
  268.     <p>└╠ ║╕╛╚ ╕≡╡¿└╠ ╝¡╣÷ ╝│┴ñ┐í ╛ε╢▓ ┴ª╟╤└╗ ┴╓┤┬┴÷┐═ └√└²╟╤
  269.     suEXEC ╝│┴ñ└╕╖╬ ╛ε╢▓ ║╕╛╚ └º╟Φ└╗ ╟╟╟╥ ╝÷ └╓┤┬┴÷┐í ┤δ╟╪ └╠
  270.     ╣«╝¡└╟ <a href="#jabberwock">"┤┘╜├ ╟╤╣° ┴╢╜╔╟╧╢≤"</a> └²└╗
  271.     ┬ⁿ░φ╟╧╢≤.</p>
  272. </section>
  273.  
  274. <section id="install"><title>suEXEC ▒╕╝║░· ╝│─í</title>
  275.  
  276.     <p>└╠┴ª └τ╣╠└╓┤┬ │╗┐δ└╠ ╜├└█╟╤┤┘.</p>
  277.  
  278.     <p><strong>suEXEC ▒╕╝║ ┐╔╝╟</strong><br />
  279.     </p>
  280.  
  281.     <dl>
  282.       <dt><code>--enable-suexec</code></dt>
  283.  
  284.       <dd>└╠ ┐╔╝╟└║ ▒Γ║╗└√└╕╖╬ ╝│─í╡╟░┼│¬ ╚░╝║╚¡╡╟┴÷╛╩┤┬ suEXEC
  285.       ▒Γ┤╔└╗ ╚░╝║╚¡╟╤┤┘. APACI░í suEXEC╕ª ╣▐╛╞╡Θ└╠╖┴╕Θ
  286.       --enable-suexec ┐╔╝╟┐▄┐í --with-suexec-xxxxx ┐╔╝╟└╠ ├╓╝╥╟╤
  287.       ╟╤░│ ╟╩┐Σ╟╧┤┘.</dd>
  288.  
  289.       <dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
  290.  
  291.       <dd>suexec ╣┘└╠│╩╕« ░µ╖╬┤┬ ║╕╛╚╗≤ └╠└»╖╬ ╝¡╣÷┐í ▒Γ╖╧╡╟╛▀
  292.       ╟╤┤┘. ░µ╖╬ ▒Γ║╗░¬└╗ ╣½╜├╟╧╖┴╕Θ └╠ ┐╔╝╟└╗ ╗τ┐δ╟╤┤┘. <em>┐╣╕ª
  293.       ╡Θ╛ε</em> <code>--with-suexec-bin=/usr/sbin/suexec</code></dd>
  294.  
  295.       <dt><code>--with-suexec-caller=<em>UID</em></code></dt>
  296.  
  297.       <dd>║╕┼δ ╛╞╞──í╕ª ╜╟╟α╟╧┤┬ <a
  298.       href="mod/mpm_common.html#user">╗τ┐δ└┌╕φ</a>. ╟┴╖╬▒╫╖Ñ└╗
  299.       ╜╟╟α╟╥ ╝÷ └╓┤┬ └»└╧╟╤ ╗τ┐δ└┌┤┘.</dd>
  300.  
  301.       <dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
  302.  
  303.       <dd>suEXEC ┴ó▒┘└╠ ╟π┐δ╡╟┤┬ ╗τ┐δ└┌ ╚¿╡≡╖║┼Σ╕«└╟ ╟╧└º╡≡╖║┼Σ╕«╕ª
  304.       ┴÷┴ñ╟╤┤┘. └╠ ╡≡╖║┼Σ╕«┐í └╓┤┬ ╕≡╡τ ╜╟╟α╞─└╧└╗ ╗τ┐δ└┌└╟
  305.       suEXEC╖╬ ╜╟╟α╣╟╖╬, ╕≡╡τ ╟┴╖╬▒╫╖Ñ└╠ "╛╚└ⁿ╟╪╛▀" ╟╤┤┘. (┐╣╕ª
  306.       ╡Θ╛ε, ░¬┐í "*"└╠ ╛°┤┬) "░ú┤▄╟╤" UserDir ┴÷╜├╛ε╕ª ╗τ┐δ╟╤┤┘╕Θ
  307.       ░░└║ ░¬└╗ ╝│┴ñ╟╪╛▀ ╟╤┤┘. UserDir ┴÷╜├╛ε░í passwd ╞─└╧┐í
  308.       │¬┐┬ ╗τ┐δ└┌ ╚¿╡≡╖║┼Σ╕«┐═ ┤┘╕ú╕Θ suEXEC┤┬ ┴ñ╗≤└√└╕╖╬
  309.       └█╡┐╟╧┴÷ ╛╩┤┬┤┘. ▒Γ║╗░¬└║ "public_html"└╠┤┘.<br />
  310.       ░í╗≤╚ú╜║╞«╡Θ└╠ ░ó░ó ┤┘╕Ñ UserDir└╗ ╗τ┐δ╟╤┤┘╕Θ ╕≡╡╬ ╟╤
  311.       ║╬╕≡ ╡≡╖║┼Σ╕« ╛╚┐í └╓╡╡╖╧ ┴ñ└╟╟╪╛▀ ╟╧░φ, ▒╫ ║╬╕≡ ╡≡╖║┼Σ╕«╕φ└╗
  312.       ┐⌐▒Γ └√┤┬┤┘. <strong>└╠╖╕░╘ ┴ñ└╟╟╧┴÷ ╛╩└╕╕Θ, "~userdir"
  313.       cgi ┐Σ├╗└╠ └█╡┐╟╧┴÷ ╛╩┤┬┤┘!</strong></dd>
  314.  
  315.       <dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
  316.  
  317.       <dd>╛╞╞──í└╟ DocumentRoot╕ª ┴ñ└╟╟╤┤┘. └╠┤┬ suEXEC░í ╗τ┐δ╟╥
  318.       ╝÷ └╓┤┬ (UserDirs└╗ ┴ª┐▄╟╤) └»└╧╟╤ ░°░ú└╠┤┘. ▒Γ║╗ ╡≡╖║┼Σ╕«┤┬
  319.       --datadir ░¬┐í "/htdocs"└╗ ║┘└╬ ░═└╠┤┘. <em>┐╣╕ª ╡Θ╛ε</em>
  320.       "<code>--datadir=/home/apache</code>"╖╬ ▒╕╝║╟▀┤┘╕Θ suEXEC
  321.       wrapper┤┬ document root╖╬ "/home/apache/htdocs" ╡≡╖║┼Σ╕«╕ª
  322.       ╗τ┐δ╟╤┤┘.</dd>
  323.  
  324.       <dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
  325.  
  326.       <dd>suEXEC┐í╝¡ ┴÷┴ñ░í┤╔╟╤ ╗τ┐δ└┌└╟ ├╓╝╥ UID╕ª ┴ñ└╟╟╤┤┘.
  327.       ┤δ║╬║╨└╟ ╜├╜║┼█┐í╝¡ 500└╠│¬ 100└╠ └√└²╟╧┤┘. ▒Γ║╗░¬└║
  328.       100└╠┤┘.</dd>
  329.  
  330.       <dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
  331.  
  332.       <dd>suEXEC┐í╝¡ ┴÷┴ñ░í┤╔╟╤ ▒╫╖∞└╟ ├╓╝╥ GID╕ª ┴ñ└╟╟╤┤┘.
  333.       ┤δ║╬║╨└╟ ╜├╜║┼█┐í╝¡ 100└╠ └√└²╟╧╣╟╖╬ └╠ ░¬└╠ ▒Γ║╗░¬└╠┤┘.</dd>
  334.  
  335.       <dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
  336.  
  337.       <dd>╕≡╡τ suEXEC └█╡┐░· ┐└╖∙╕ª (░¿╜├│¬ ╡≡╣÷▒δ ╕±└√┐í └»┐δ╟╤)
  338.       ▒Γ╖╧╟╥ ╖╬▒╫╞─└╧╕φ└╗ ┴÷┴ñ╟╤┤┘. ▒Γ║╗└√└╕╖╬ ╖╬▒╫╞─└╧└╟ └╠╕º└║
  339.       "suexec_log"└╠░φ ╟Ñ┴╪ ╖╬▒╫╞─└╧ ╡≡╖║┼Σ╕«┐í (--logfiledir)
  340.       └º─í╟╤┤┘.</dd>
  341.  
  342.       <dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
  343.  
  344.       <dd>CGI ╜╟╟α╞─└╧┐í │╤░▄┴· ╛╚└ⁿ╟╤ PATH ╚»░µ║»╝÷╕ª ┴ñ└╟╟╤┤┘.
  345.       ▒Γ║╗░¬└║ "/usr/local/bin:/usr/bin:/bin"└╠┤┘.</dd>
  346.     </dl>
  347.  
  348.     <p><strong>suEXEC ▒╕╝║└╗ ┴í░╦╟╧╢≤</strong><br />
  349.      suEXEC wrapper╕ª ──╞─└╧╟╧░φ ╝│─í╟╧▒Γ └ⁿ┐í --layout ┐╔╝╟└╗
  350.     ╗τ┐δ╟╧┐⌐ ╝│┴ñ└╗ ┴í░╦╟╥ ╝÷ └╓┤┘.<br />
  351.      ├Γ╖┬┐╣:</p>
  352.  
  353. <example>
  354.     suEXEC setup:<br />
  355.             suexec binary: /usr/local/apache/sbin/suexec<br />
  356.             document root: /usr/local/apache/share/htdocs<br />
  357.            userdir suffix: public_html<br />
  358.                   logfile: /usr/local/apache/var/log/suexec_log<br />
  359.                 safe path: /usr/local/bin:/usr/bin:/bin<br />
  360.                 caller ID: www<br />
  361.           minimum user ID: 100<br />
  362.          minimum group ID: 100<br />
  363. </example>
  364.  
  365.     <p><strong>suEXEC wrapper╕ª ──╞─└╧╟╧░φ ╝│─í╟╧▒Γ</strong><br />
  366.     --enable-suexec ┐╔╝╟└╕╖╬ suEXEC ▒Γ┤╔└╗ ░í┤╔╟╧░╘╟╤ ░µ┐∞
  367.     "make" ╕φ╖╔╛ε╕ª ╜╟╟α╟╧╕Θ suexec ╜╟╟α╞─└╧└╠ (╛╞╞──í┐═ ╟╘▓▓)
  368.     └┌╡┐└╕╖╬ ╕╕╡Θ╛ε┴°┤┘.<br />
  369.     ╕≡╡τ░═└╗ ──╞─└╧╟╤ ╚─ "make install" ╕φ╖╔╛ε╕ª ╜╟╟α╟╧┐⌐ ╝│─í╟╥
  370.     ╝÷ └╓┤┘. ╣┘└╠│╩╕«╞─└╧ "suexec"┤┬ --sbindir ┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤
  371.     ╡≡╖║┼Σ╕«┐í ╝│─í╡╚┤┘. ▒Γ║╗ └º─í┤┬
  372.     "/usr/local/apache/sbin/suexec"└╠┤┘.<br />
  373.     ╝│─í ░·┴ñ┐í <strong><em>root ▒╟╟╤</em></strong>└╠ ╟╩┐Σ╟╘└╗
  374.     ┴╓└╟╟╧╢≤. wrapper░í ╗τ┐δ└┌ ID╕ª ╝│┴ñ╟╧▒Γ└º╟╪╝¡┤┬ ╝╥└»└┌░í
  375.     <code><em>root</em></code>└╠░φ ╞─└╧╕≡╡σ╖╬ setuserid ╜╟╟α║±╞«░í
  376.     ╝│┴ñ╡╟╛▀ ╟╤┤┘.</p>
  377.  
  378. </section>
  379.  
  380. <section id="enable"><title>suEXEC ┼░░φ ▓⌠▒Γ</title>
  381.  
  382.     <p>╛╞╞──í┤┬ ╜├└█╟╥╢º "sbin" ╡≡╖║┼Σ╕«┐í╝¡ "suexec" ╞─└╧└╗
  383.     (▒Γ║╗░¬ "/usr/local/apache/sbin/suexec") ├ú┤┬┤┘. ╛╞╞──í░í
  384.     ┴ñ╗≤└√└╕╖╬ ▒╕╝║╡╚ suEXEC wrapper╕ª ╣▀░▀╟╧╕Θ error log┐í
  385.     ┤┘└╜░· ░░└╠ ├Γ╖┬╟╤┤┘:</p>
  386. <example>
  387.     [notice] suEXEC mechanism enabled (wrapper: <em>/path/to/suexec</em>)
  388. </example>
  389.     <p>╝¡╣÷ ╜├└█┴▀┐í └╠╖▒ ╣«▒╕╕ª ╛°┤┘╕Θ ╝¡╣÷┤┬ ▒Γ┤δ╟╤ └σ╝╥┐í╝¡
  390.     wrapper ╟┴╖╬▒╫╖Ñ└╗ ├ú┴÷ ╕°╟▀░┼│¬, ╜╟╟α╞─└╧└╠ <em>setuid
  391.     root</em>╖╬ ╝│─í╡╟┴÷╛╩╛╥▒Γ ╢º╣«└╧ ░═└╠┤┘.</p>
  392.  
  393.      <p>├│└╜└╕╖╬ suEXEC ▒Γ┤╔└╗ ╗τ┐δ╟╧░φ ╜═░φ └╠╣╠ ╛╞╞──í ╝¡╣÷░í
  394.      ╜╟╟α┴▀└╠╢≤╕Θ, ╛╞╞──í╕ª ┴╫└╠░φ ┤┘╜├ ╜├└█╟╪╛▀ ╟╤┤┘. ░ú┤▄╚≈
  395.      HUP└╠│¬ USR1 ╜├▒╫│╬╖╬ └τ╜├└█╟╧┤┬ ░═└╕╖╬┤┬ ├µ║╨╟╧┴÷ ╛╩┤┘. </p>
  396.      <p>suEXEC╕ª ╛╚╗τ┐δ╟╧╖┴╕Θ "suexec" ╞─└╧└╗ ┴÷┐ε╚─ ╛╞╞──í╕ª
  397.      ┴╫└╠░φ └τ╜├└█╟╪╛▀ ╟╤┤┘. </p>
  398. </section>
  399.  
  400. <section id="usage"><title>suEXEC ╗τ┐δ╟╧▒Γ</title>
  401.  
  402.     <p><strong>░í╗≤╚ú╜║╞«:</strong><br /> suEXEC wrapper╕ª
  403.     ╗τ┐δ╟╧┤┬ ╟╤░í┴÷ ╣µ╣²└║ <directive
  404.     module="core">VirtualHost</directive> ┴ñ└╟┐í <directive
  405.     module="mod_suexec">SuexecUserGroup</directive> ┴÷╜├╛ε╕ª
  406.     ╗τ┐δ╟╧┤┬ ░═└╠┤┘. └╠ ┴÷╜├╛ε╕ª ┴╓╝¡╣÷ ╗τ┐δ└┌ ID┐═ ┤┘╕ú░╘
  407.     ╝│┴ñ╟╧╕Θ CGI └┌┐°└╟ ╕≡╡τ ┐Σ├╗└╠ <directive
  408.     module="core" type="section">VirtualHost</directive>┐í╝¡
  409.     ┴÷┴ñ╟╤ <em>User</em>┐═ <em>Group</em>└╕╖╬ ╜╟╟α╡╚┤┘. └╠
  410.     ┴÷╜├╛ε╡Θ└╠ <directive module="core"
  411.     type="section">VirtualHost</directive>┐í ╛°└╕╕Θ ┴╓╝¡╣÷
  412.     userid╕ª ╗τ┐δ╟╤┤┘.</p>
  413.  
  414.     <p><strong>╗τ┐δ└┌ ╡≡╖║┼Σ╕«:</strong><br />
  415.     suEXEC wrapper┤┬ CGI ╟┴╖╬▒╫╖Ñ└╗ ┐Σ├╗└╗ ╣▐└║ ╗τ┐δ└┌░í ╜╟╟α╟╧╡╡╖╧
  416.     ╟╥ ╝÷ └╓┤┘. └╠╕ª └º╟╪ ╜╟╟α╟╧▒µ ┐°╟╧┤┬ ╗τ┐δ└┌ ID ╛╒┐í
  417.     "<strong><code>~</code></strong>" ╣«└┌╕ª ║┘└╠╕Θ ╡╚┤┘. ╜╟╟α└╗
  418.     └º╟╪ ╟╪┤τ ╗τ┐δ└┌┤┬ CGI╕ª ╜╟╟α╟╥ ╝÷ └╓╛ε╛▀ ╟╧░φ, ╜║┼⌐╕│╞«░í
  419.     └º└╟ <a href="#model">║╕╛╚ ░╦╗τ</a> ╟╫╕±└╗ ╕╕┴╖╟╪╛▀ ╟╤┤┘.</p>
  420. </section>
  421.  
  422. <section id="debug"><title>suEXEC ╡≡╣÷▒δ╟╧▒Γ</title>
  423.  
  424.     <p>suEXEC wrapper┤┬ ╖╬▒╫ ┴ñ║╕╕ª └º┐í╝¡ ┤┘╖Θ --with-suexec-logfile
  425.     ┐╔╝╟└╕╖╬ ┴÷┴ñ╟╤ ╞─└╧┐í ╛┤┤┘. wrapper╕ª ┐├╣┘╖╬ ▒╕╝║╟╧░φ ╝│─í╟▀┤┘╕Θ
  426.     ╛ε╡≡╝¡ └▀╕°╡╟╛·┤┬┴÷ └╠ ╖╬▒╫╞─└╧┐═ ╝¡╣÷└╟ error_log╕ª ╗∞╞∞║┴╢≤.</p>
  427.  
  428. </section>
  429.  
  430. <section id="jabberwock"><title>┤┘╜├ ╟╤╣° ┴╢╜╔╟╧╢≤: ░µ░φ┐═ ┐╣┴ª</title>
  431.  
  432.     <p><strong>┴╓└╟!</strong> └╠ ╝╜╝╟└║ ┐╧└ⁿ╟╧┴÷ ╛╩└╗ ╝÷ └╓┤┘.
  433.     ╛╞╞──í▒╫╖∞└╟ <a
  434.     href="http://httpd.apache.org/docs-2.0/suexec.html">┐┬╢≤└╬
  435.     ╣«╝¡</a>┐í╝¡ └╠ ╣«╝¡└╟ ├╓╜┼╞╟└╗ ┬ⁿ░φ╟╧╢≤.</p>
  436.  
  437.     <p>wrapper░í ╝¡╣÷ ╝│┴ñ└╗ ┴ª╛α╟╧┤┬ ╕ε░í┴÷ ╚∩╣╠╖╬┐ε ┴í└╠ └╓┤┘.
  438.     suEXEC┐═ ░ⁿ╖├╡╚ "╣÷▒╫"╕ª ║╕░φ╟╧▒Γ └ⁿ┐í └╠╡Θ└╗ ╗∞╞∞║╕▒µ ╣┘╢⌡┤┘.</p>
  439.  
  440.     <ul>
  441.       <li><strong>suEXEC ┴ª╛α ╗τ╟╫</strong></li>
  442.  
  443.       <li>
  444.         ╡≡╖║┼Σ╕« ▒╕┴╢ ┴ª╟╤
  445.  
  446.         <p class="indent">
  447.           ║╕╛╚░· ╚┐└▓╝║└╗ └º╟╪ ╕≡╡τ suexec ┐Σ├╗└║ ░í╗≤╚ú╜║╞«└╟
  448.           ░µ┐∞ ├╓╗≤└º document root ╚ñ└║ userdir ┐Σ├╗└╟ ░µ┐∞
  449.           ├╓╗≤└º ░│└╬ document root ╛╚┐í╝¡ ╣▀╗²╟╪╛▀ ╟╤┤┘. ┐╣╕ª
  450.           ╡Θ╛ε, ░í╗≤╚ú╜║╞« │╫░│╕ª ╝│┴ñ╟▀┤┘╕Θ ░í╗≤╚ú╜║╞«┐í╝¡
  451.           suEXEC╕ª └╠┐δ╟╧▒Γ└º╟╪ ░í╗≤╚ú╜║╞«└╟ document root╕ª
  452.           ┴╓ ╛╞╞──í ╣«╝¡ ░Φ├■▒╕┴╢ ╣█┐í ╝│┴ñ╟╥ ╟╩┐Σ░í └╓┤┘.
  453.           (┐╣┴ª┤┬ ┤┘└╜┐í.)
  454.         </p>
  455.       </li>
  456.  
  457.       <li>
  458.         suEXEC└╟ PATH ╚»░µ║»╝÷
  459.  
  460.         <p class="indent">
  461.           ║»░µ╟╧╕Θ └º╟Φ╟╥ ╝÷ └╓┤┘.  ┐⌐▒Γ┐í ╞≈╟╘╟╧┤┬ ╕≡╡τ ░µ╖╬░í
  462.           <strong>╣╧└╗ ╝÷ └╓┤┬</strong> ╡≡╖║┼Σ╕«└╬┴÷ ╚«└╬╟╧╢≤. 
  463.           └╠ ┴÷▒╕╗≤└╟ ┤⌐▒║░í░í ▒╫░≈┐í └╓┤┬ ╞«╖╬└╠╕±╕╢╕ª ╜╟╟α╟╧▒µ
  464.           ┐°╟╧┴÷ ╛╩└╗ ░═└╠┤┘.
  465.         </p>
  466.       </li>
  467.  
  468.       <li>
  469.         suEXEC ─┌╡σ ╝÷┴ñ╟╧▒Γ
  470.  
  471.         <p class="indent">
  472.           ╣▌║╣╟╪╝¡ ╕╗╟╧┴÷╕╕, ┤τ╜┼└╠ ╣½╛∙└╗ ╟╧┤┬┴÷ ╕≡╕ú░φ ╜├╡╡╟╤┤┘╕Θ
  473.           <strong>┼½ ╣«┴ª</strong>░í ╣▀╗²╟╥ ╝÷ └╓┤┘. ╛ε╢▓ ░µ┐∞┐í╡╡
  474.           ╝÷┴ñ╟╧┴÷╕╢╢≤.
  475.         </p>
  476.       </li>
  477.     </ul>
  478.  
  479. </section>
  480.  
  481. </manualpage>
  482.