suexec(8) Switch User For Exec

SYNOPSIS

suexec -V

This is a customized version that can be configured with config files in /etc/apache2/suexec.

No other synopsis for usage, because this program is otherwise only used internally by the Apache HTTP server.

DESCRIPTION

suexec is the "wrapper" support program for the suexec behaviour for the Apache HTTP server. It is run from within the server automatically to switch the user when an external program has to be run under a different user. For more information about suexec in general, see the online document `Apache suexec Support' on the HTTP server project's Web site at http://httpd.apache.org/docs/suexec.html .

This version of suexec reads a config file on every execution. Therefore it is a bit slower than the standard suexec version from the apache2-suexec package.

CONFIGURATION

If suexec is called by a user with name 'username', it will look into /etc/apache2/suexec/username for configuration. If the file does not exist, suexec will abort. By creating several config files, you can allow several different apache run users to use suexec.

The first line in the file is used as the document root (/var/www in the standard suexec) and the second line in the file is used as the suffix that is appended to users' home directories (public_html in standard suexec).

If any of the lines is commented out (with #), suexec will refuse the corresponding type of request. It is recommended to comment out the userdir suffix if you don't need it.

SECURITY

Do not set the document root to a path that includes users' home directories (like /home or /var) or directories where users can mount removable media. Doing so would create local security issues. Suexec does not allow to set the document root to the root directory / .

OPTIONS

-V
Display the list of compile-time settings used when suexec was built. No other action is taken.

FILES

/etc/apache2/suexec/www-data