-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathsuexec.h
235 lines (196 loc) · 6.13 KB
/
suexec.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file suexec.h
* @brief user-definable variables for the suexec wrapper code.
* (See README.configure on how to customize these variables.)
*/
#ifndef _SUEXEC_H
#define _SUEXEC_H
/*
* Include ap_config_layout so we can work out where the default htdocsdir
* and logsdir are.
*/
#include "ap_config_layout.h"
/*
* HTTPD_USER -- Define as the username under which Apache normally
* runs. This is the only user allowed to execute
* this program.
*/
#ifndef AP_HTTPD_USER
#define AP_HTTPD_USER "www"
#endif
/*
* UID_MIN -- Define this as the lowest UID allowed to be a target user
* for suEXEC. For most systems, 500 or 100 is common.
*/
#ifndef AP_UID_MIN
#define AP_UID_MIN 100
#endif
/*
* GID_MIN -- Define this as the lowest GID allowed to be a target group
* for suEXEC. For most systems, 100 is common.
*/
#ifndef AP_GID_MIN
#define AP_GID_MIN 100
#endif
/*
* USERDIR_SUFFIX -- Define to be the subdirectory under users'
* home directories where suEXEC access should
* be allowed. All executables under this directory
* will be executable by suEXEC as the user so
* they should be "safe" programs. If you are
* using a "simple" UserDir directive (ie. one
* without a "*" in it) this should be set to
* the same value. suEXEC will not work properly
* in cases where the UserDir directive points to
* a location that is not the same as the user's
* home directory as referenced in the passwd file.
*
* If you have VirtualHosts with a different
* UserDir for each, you will need to define them to
* all reside in one parent directory; then name that
* parent directory here. IF THIS IS NOT DEFINED
* PROPERLY, ~USERDIR CGI REQUESTS WILL NOT WORK!
* See the suEXEC documentation for more detailed
* information.
*/
#ifndef AP_USERDIR_SUFFIX
#define AP_USERDIR_SUFFIX "public_html"
#endif
/*
* LOG_EXEC -- Define this as a filename if you want all suEXEC
* transactions and errors logged for auditing and
* debugging purposes.
*/
#ifndef AP_LOG_EXEC
#define AP_LOG_EXEC DEFAULT_EXP_LOGFILEDIR "/suexec_log" /* Need me? */
#endif
/*
* DOC_ROOT -- Define as the DocumentRoot set for Apache. This
* will be the only hierarchy (aside from UserDirs)
* that can be used for suEXEC behavior.
*/
#ifndef AP_DOC_ROOT
#define AP_DOC_ROOT DEFAULT_EXP_HTDOCSDIR
#endif
/*
* SAFE_PATH -- Define a safe PATH environment to pass to CGI executables.
*
*/
#ifndef AP_SAFE_PATH
#define AP_SAFE_PATH "/usr/local/bin:/usr/bin:/bin"
#endif
/*
* AP_SUEXEC_CGROUP -- Place process in cgroups
*
*/
#ifdef AP_SUEXEC_CGROUPS_FAST
#define AP_SUEXEC_CGROUPS
#define AP_SUEXEC_CGROUPS_FAST_PATH "restricted/%s"
#define AP_SUEXEC_CGROUPS_FAST_CONTROLLERS {"memory",}
#endif
/*
* AP_SUEXEC_RLIMIT_*
*
*/
#ifdef AP_SUEXEC_RLIMIT_MEMORY_META
#define AP_SUEXEC_RLIMIT_DATA
#define AP_SUEXEC_RLIMIT_DATA_SOFT AP_SUEXEC_RLIMIT_MEMORY_META
#define AP_SUEXEC_RLIMIT_DATA_HARD -1
#define AP_SUEXEC_RLIMIT_MEMLOCK
#define AP_SUEXEC_RLIMIT_MEMLOCK_SOFT AP_SUEXEC_RLIMIT_MEMORY_META
#define AP_SUEXEC_RLIMIT_MEMLOCK_HARD -1
#define AP_SUEXEC_RLIMIT_AS
#define AP_SUEXEC_RLIMIT_AS_SOFT AP_SUEXEC_RLIMIT_MEMORY_META
#define AP_SUEXEC_RLIMIT_AS_HARD -1
#define AP_SUEXEC_RLIMIT_VMEM
#define AP_SUEXEC_RLIMIT_VMEM_SOFT AP_SUEXEC_RLIMIT_MEMORY_META
#define AP_SUEXEC_RLIMIT_VMEM_HARD -1
#endif
#ifdef AP_SUEXEC_RLIMIT_DATA_SOFT
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_DATA
#else
#define AP_SUEXEC_RLIMIT_DATA_SOFT -1
#endif
#ifdef AP_SUEXEC_RLIMIT_DATA_HARD
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_DATA
#else
#define AP_SUEXEC_RLIMIT_DATA_HARD -1
#endif
#ifdef AP_SUEXEC_RLIMIT_MEMLOCK_SOFT
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_MEMLOCK
#else
#define AP_SUEXEC_RLIMIT_MEMLOCK_SOFT -1
#endif
#ifdef AP_SUEXEC_RLIMIT_MEMLOCK_HARD
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_MEMLOCK
#else
#define AP_SUEXEC_RLIMIT_MEMLOCK_HARD -1
#endif
#ifdef AP_SUEXEC_RLIMIT_AS_SOFT
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_AS
#else
#define AP_SUEXEC_RLIMIT_AS_SOFT -1
#endif
#ifdef AP_SUEXEC_RLIMIT_AS_HARD
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_AS
#else
#define AP_SUEXEC_RLIMIT_AS_HARD -1
#endif
#ifdef AP_SUEXEC_RLIMIT_VMEM_SOFT
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_VMEM
#else
#define AP_SUEXEC_RLIMIT_VMEM_SOFT -1
#endif
#ifdef AP_SUEXEC_RLIMIT_VMEM_HARD
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_VMEM
#else
#define AP_SUEXEC_RLIMIT_VMEM_HARD -1
#endif
#ifdef AP_SUEXEC_RLIMIT_NPROC_SOFT
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_NPROC
#else
#define AP_SUEXEC_RLIMIT_NPROC_SOFT -1
#endif
#ifdef AP_SUEXEC_RLIMIT_NPROC_HARD
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_NPROC
#else
#define AP_SUEXEC_RLIMIT_NPROC_HARD -1
#endif
#ifdef AP_SUEXEC_RLIMIT_CPU_SOFT
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_CPU
#else
#define AP_SUEXEC_RLIMIT_CPU_SOFT -1
#endif
#ifdef AP_SUEXEC_RLIMIT_CPU_HARD
#define AP_SUEXEC_RLIMIT
#define AP_SUEXEC_RLIMIT_CPU
#else
#define AP_SUEXEC_RLIMIT_CPU_HARD -1
#endif
#endif /* _SUEXEC_H */