Page MenuHomeDevCentral

Tests for SuEXEC on Ysul
Closed, ResolvedPublic

Description

We can query the compile options of Apache HTTPD and SuEXEC to check if present and if the binary exists:

$ httpd -V
[...]
Server compiled with....
[...]
 -D SUEXEC_BIN="/usr/local/sbin/suexec"
[...]
$ suexec -V
 -D AP_DOC_ROOT="/usr/local/www/data"
 -D AP_GID_MIN=1000
 -D AP_HTTPD_USER="www"
 -D AP_LOG_EXEC="/var/log/httpd-suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=1000
 -D AP_USERDIR_SUFFIX="public_html"
$ ls /usr/local/sbin/suexec # the value from SUEXEC_BIN compile option
/usr/local/sbin/suexec

Event Timeline

So far, we've a minimal test checking for hard-coded value /usr/local/sbin/suexec.

@amj shares my concern about SuEXEC path

21:15:28 < amj> je me demande juste si on veut absolument que suexec soit à la place /usr/local/sbin/suexec

So we should detect this httpd -V | grep SUEXEC_BIN.

We can have the complete path to the executable through

httpd -V | grep SUEXEC_BIN | grep -o "/.*" | sed 's/.$//'

Another thing to test: SuEXEC AP_DOC_ROOT should be /var/wwwroot.

Tests should be extended to development servers and made optional, as we don't currently have an Apache working.

AFAIK all services have been migrated to nginx.

Code added in 2016 and pruned in 2018, as we don't use it anymore. So all is fine.