1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * suexec.h -- user-definable variables for the suexec wrapper code.
19 * (See README.configure on how to customize these variables.)
27 * Include ap_config_layout so we can work out where the default htdocsdir
30 #include "ap_config_layout.h"
33 * HTTPD_USER -- Define as the username under which Apache normally
34 * runs. This is the only user allowed to execute
38 #define AP_HTTPD_USER "www"
42 * UID_MIN -- Define this as the lowest UID allowed to be a target user
43 * for suEXEC. For most systems, 500 or 100 is common.
46 #define AP_UID_MIN 100
50 * GID_MIN -- Define this as the lowest GID allowed to be a target group
51 * for suEXEC. For most systems, 100 is common.
54 #define AP_GID_MIN 100
58 * USERDIR_SUFFIX -- Define to be the subdirectory under users'
59 * home directories where suEXEC access should
60 * be allowed. All executables under this directory
61 * will be executable by suEXEC as the user so
62 * they should be "safe" programs. If you are
63 * using a "simple" UserDir directive (ie. one
64 * without a "*" in it) this should be set to
65 * the same value. suEXEC will not work properly
66 * in cases where the UserDir directive points to
67 * a location that is not the same as the user's
68 * home directory as referenced in the passwd file.
70 * If you have VirtualHosts with a different
71 * UserDir for each, you will need to define them to
72 * all reside in one parent directory; then name that
73 * parent directory here. IF THIS IS NOT DEFINED
74 * PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
75 * See the suEXEC documentation for more detailed
78 #ifndef AP_USERDIR_SUFFIX
79 #define AP_USERDIR_SUFFIX "public_html"
83 * LOG_EXEC -- Define this as a filename if you want all suEXEC
84 * transactions and errors logged for auditing and
88 #define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */
92 * DOC_ROOT -- Define as the DocumentRoot set for Apache. This
93 * will be the only hierarchy (aside from UserDirs)
94 * that can be used for suEXEC behavior.
97 #define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR
101 * SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
105 #define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
108 #endif /* _SUEXEC_H */