I have serious difficulties trying to compile/enable/configure suexec for apache24.
Whatever I try, the result is always the same:
When I look, I cannot find a file 'suexec' anywhere.
I must be doing something seriously wrong.
The steps I tried to generate the apache24 port with suexec enabled+configured are these:
(executed directly after installing FreeBSD from ISO (using guided ZFS setup, and src + ports tree options enabled)
This script is generated by my postinstaller bootstrap script 'bootie.pl' (see attached file).
It is intended to be run directly after FreeBSD installation.
The postinstaller bootstrapper opens dialog windows, the same blue ones we know from FreeBSD installer, and
1. asks whether to make a ZFS snapshot (for maybe reverting if fail)
2. asks whether to update/upgrade the system via internet
3. asks for IP4s which are to be allowed access to the "web console"
4. a messagebox showing the "script" generated
5. finally builds, installs, configures and runs the apache webserver
The last message says "Starting apache24".
At this point you can check the output with a webbrowser.
Here the reply from the now-running web server should not say "running as user www, uid/gid 80.
Instead it should say "running as root, uid and gid 0".
What did I do wrong?
What needs to be corrected?
I uploaded the script as file attachment, if anybody wants to take a look at it.
P.S.:
More details and background in this thread.
This is all very confusing, as you get some messages of the following sort.
But, doing as the text below indicates doesn't change anything.
Whatever I try, the result is always the same:
Copypaste of the CGI output in the web browser said:Hello World!
getlogin says: Running as 'root'!
getpwuid says: Running as 'www'!
Perl says: Effective UID of the currently running Perl program: '80'!
Perl says: Real UID of the currently running Perl program: '80'!
Perl says: Effective GID of the currently running Perl program: '80 80'!
Perl says: Real GID of the currently running Perl program: '80 80'!
When I look, I cannot find a file 'suexec' anywhere.
I must be doing something seriously wrong.
The steps I tried to generate the apache24 port with suexec enabled+configured are these:
(executed directly after installing FreeBSD from ISO (using guided ZFS setup, and src + ports tree options enabled)
Code:
zfs snapshot -r wurstpool@bootie_snap_before_install_2021-01-21-18:09:56
env ASSUME_ALWAYS_YES=YES PAGER=cat freebsd-update fetch
[0 1 2]env ASSUME_ALWAYS_YES=YES PAGER=cat freebsd-update install
env ASSUME_ALWAYS_YES=YES pkg update
env ASSUME_ALWAYS_YES=YES pkg upgrade
env ASSUME_ALWAYS_YES= pkg install -y -A $(make -C /usr/ports/www/apache24 missing)
cd /usr/ports/www/apache24/
make -DWITH_SUEXEC -DSUEXEC_DOCROOT=\"/\" -DSUEXEC_USERDIR=\"/\" -DSUEXEC_UIDMIN=\"0\" -DSUEXEC_GIDMIN=\"0\"
-DSUEXEC_LOGFILE=\"/var/log/httpd/httpd-suexec.log\" -DBATCH fetch
make -DWITH_SUEXEC -DSUEXEC_DOCROOT=\"/\" -DSUEXEC_USERDIR=\"/\" -DSUEXEC_UIDMIN=\"0\" -DSUEXEC_GIDMIN=\"0\"
-DSUEXEC_LOGFILE=\"/var/log/httpd/httpd-suexec.log\" -DBATCH extract
make -DWITH_SUEXEC -DSUEXEC_DOCROOT=\"/\" -DSUEXEC_USERDIR=\"/\" -DSUEXEC_UIDMIN=\"0\" -DSUEXEC_GIDMIN=\"0\"
-DSUEXEC_LOGFILE=\"/var/log/httpd/httpd-suexec.log\" -DBATCH patch
_back_up_and_patch_suexec_c_
make -DWITH_SUEXEC -DSUEXEC_DOCROOT=\"/\" -DSUEXEC_USERDIR=\"/\" -DSUEXEC_UIDMIN=\"0\" -DSUEXEC_GIDMIN=\"0\"
-DSUEXEC_LOGFILE=\"/var/log/httpd/httpd-suexec.log\" -j12 -DBATCH build
make -DWITH_SUEXEC -DSUEXEC_DOCROOT=\"/\" -DSUEXEC_USERDIR=\"/\" -DSUEXEC_UIDMIN=\"0\" -DSUEXEC_GIDMIN=\"0\"
-DSUEXEC_LOGFILE=\"/var/log/httpd/httpd-suexec.log\" -DBATCH install
env ASSUME_ALWAYS_YES=YES pkg install ap24-mod_perl2
cp /usr/local/etc/apache24/httpd.conf /usr/local/etc/apache24/httpd.conf.orig
_write_httpd_conf_
mkdir -p /cgi-bin
_write_the_helloworld_cgi_
_update_rc_conf_for_apache_
env ASSUME_ALWAYS_YES=YES pkg autoremove
service apache24 onestart
This script is generated by my postinstaller bootstrap script 'bootie.pl' (see attached file).
It is intended to be run directly after FreeBSD installation.
The postinstaller bootstrapper opens dialog windows, the same blue ones we know from FreeBSD installer, and
1. asks whether to make a ZFS snapshot (for maybe reverting if fail)
2. asks whether to update/upgrade the system via internet
3. asks for IP4s which are to be allowed access to the "web console"
4. a messagebox showing the "script" generated
5. finally builds, installs, configures and runs the apache webserver
The last message says "Starting apache24".
At this point you can check the output with a webbrowser.
Here the reply from the now-running web server should not say "running as user www, uid/gid 80.
Instead it should say "running as root, uid and gid 0".
What did I do wrong?
What needs to be corrected?
I uploaded the script as file attachment, if anybody wants to take a look at it.
P.S.:
More details and background in this thread.
This is all very confusing, as you get some messages of the following sort.
But, doing as the text below indicates doesn't change anything.
Message from apr-1.7.0.1.6.1_1: said:[...]
/!\ WARNING /!\
WITH_SUEXEC is unsupported, use WITH=SUEXEC on the command line, or one of
these in /etc/make.conf, OPTIONS_SET+=SUEXEC to set it globally, or
www_apache24_SET+=SUEXEC for only this port.