Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

New formula for mod_suexec. #12091

Closed
wants to merge 1 commit into from

2 participants

@lifepillar

Add suexec to OS X's built-in Apache.

@lifepillar lifepillar New formula for mod_suexec.
Add suexec to OS X's built-in Apache.
39aeb2b
@adamv
Owner

Not sure how I feel about using env vars to configure the install.

@lifepillar

I have seen other formulas using env vars to configure the install—I've just borrowed the idea :) My interest in this formula has faded recently, as I do not use suexec any longer, and I understand that env vars in this case may raise security concerns. Therefore, I will not cry if this formula is rejected.

Anyway, for future reference I am still interested in Homebrew's policy for dealing with argument with options. Is it just: “do not bother the user with them”? Is prompting the user interactively an acceptable alternative? Or are env vars the way to go in general (but not in this case)? Maybe such a policy should be documented (unless it is and I missed it).

@adamv
Owner

This is now available in a tap: https://github.com/alanthing/homebrew-apachemod

@adamv adamv closed this
@lifepillar lifepillar deleted the lifepillar:mod_suexec branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on May 5, 2012
  1. @lifepillar

    New formula for mod_suexec.

    lifepillar authored
    Add suexec to OS X's built-in Apache.
This page is out of date. Refresh to see the latest.
Showing with 60 additions and 0 deletions.
  1. +60 −0 Library/Formula/mod_suexec.rb
View
60 Library/Formula/mod_suexec.rb
@@ -0,0 +1,60 @@
+require 'formula'
+
+class ModSuexec < Formula
+ url 'http://archive.apache.org/dist/httpd/httpd-2.2.20.tar.gz'
+ homepage 'http://httpd.apache.org/docs/current/suexec.html'
+ md5 '4504934464c5ee51018dbafa6d99810d'
+
+ def install
+ suexec_userdir = ENV['SUEXEC_USERDIR'] || 'Sites'
+ suexec_docroot = ENV['SUEXEC_DOCROOT'] || '/Library/WebServer'
+ suexec_uidmin = ENV['SUEXEC_UIDMIN'] || '500'
+ suexec_gidmin = ENV['SUEXEC_GIDMIN'] || '20'
+ suexec_safepath = ENV['SUEXEC_SAFEPATH'] || '/usr/local/bin:/usr/bin:/bin:/opt/local/bin'
+ logfile = '/private/var/log/apache2/suexec_log'
+ begin
+ suexecbin = `/usr/sbin/apachectl -V`.match(/SUEXEC_BIN="(.+)"/)[1]
+ rescue # This should never happen, unless Apple drops support for suexec in the future...
+ abort "Could not determine suexec path. Are you sure that Apache has been compiled with suexec support?"
+ end
+ system "./configure",
+ "--enable-suexec=shared",
+ "--with-suexec-bin=#{suexecbin}",
+ "--with-suexec-caller=_www",
+ "--with-suexec-userdir=#{suexec_userdir}",
+ "--with-suexec-docroot=#{suexec_docroot}",
+ "--with-suexec-uidmin=#{suexec_uidmin.to_i}",
+ "--with-suexec-gidmin=#{suexec_gidmin.to_i}",
+ "--with-suexec-logfile=#{logfile}",
+ "--with-suexec-safepath=#{suexec_safepath}"
+ system "make"
+ libexec.install 'modules/generators/.libs/mod_suexec.so'
+ libexec.install 'support/suexec'
+ include.install 'modules/generators/mod_suexec.h'
+ end
+
+ def caveats
+ suexecbin = `/usr/sbin/apachectl -V`.match(/SUEXEC_BIN="(.+)"/)[1]
+ <<-EOS.undent
+ To complete the installation, execute the following commands:
+ sudo cp #{libexec}/suexec #{File.dirname(suexecbin)}
+ sudo chown root #{suexecbin}
+ sudo chgrp _www #{suexecbin}
+ sudo chmod 4750 #{suexecbin}
+
+ Then, you need to edit /etc/apache2/httpd.conf to add the following line:
+ LoadModule suexec_module #{libexec}/mod_suexec.so
+
+ Upon restarting Apache, you should see the following message in the error log:
+ [notice] suEXEC mechanism enabled (wrapper: #{suexecbin})
+
+ Please, be sure to understand the security implications of suexec
+ by carefully reading http://httpd.apache.org/docs/current/suexec.html.
+
+ This formula will use the values of the following environment
+ variables, if set: SUEXEC_DOCROOT, SUEXEC_USERDIR, SUEXEC_UIDMIN,
+ SUEXEC_GIDMIN, SUEXEC_SAFEPATH.
+ EOS
+ end
+
+end
Something went wrong with that request. Please try again.