Changes between Version 8 and Version 9 of ApacheSuexec
- Timestamp:
- Feb 21, 2015, 10:32:26 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
ApacheSuexec
v8 v9 1 = Trac and Apache suEXEC = 1 = Trac and Apache suEXEC 2 2 3 Trac in CGI-mode doesn't play very well with [http://httpd.apache.org/docs/suexec.html Apache suEXEC]. 3 Trac in CGI-mode doesn't play very well with [http://httpd.apache.org/docs/suexec.html Apache suEXEC]. The suEXEC feature provides users of the Apache HTTP Server the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server. 4 4 5 Setting the TRAC_ENV environment variable as described in TracInstall will not work when using suEXEC feature because the environment variables are filtered and only a limited subset reaches the CGI program.5 Setting the TRAC_ENV environment variable as described in TracInstall will not work when using suEXEC feature, because the environment variables are filtered and only a limited subset reaches the CGI program. 6 6 7 7 There are obvious workarounds to make things work: 8 1. Recompile suexec to let it pass the TRAC_ENV variable; which requires root permissions and is not really advisable anyway.9 2. Change our trac.cgi script to set the TRAC_ENV variable by itself, to do this we edit trac.cgi file and add8 1. Recompile suexec to let it pass the TRAC_ENV variable; this requires root permissions and therefore not advisable. 9 1. Change our trac.cgi script to set the TRAC_ENV variable by itself, to do this we edit trac.cgi file and add to the start of the script: 10 10 {{{ 11 11 import os;os.environ['TRAC_ENV'] = '/path/to/projectenv' 12 12 }}} 13 at the very beginning of the script. 14 3. Make a wrapper script 13 1. Make a wrapper script: 15 14 {{{ 16 15 … … 21 20 }}} 22 21 23 '''Note : This is a kludge, but works.'''22 '''Note''': This is a kludge, but works. 24 23 25 ---- 24 == Multiple Projects under suEXEC 26 25 27 == Multiple Projects under suEXEC == 28 When hosting multiple projects under suEXEC, you can either copy the CGI script and change the TRAC_ENV setting for each script, or make a wrapper script around it. 29 30 Here's a contributed script to work around the stripping of environment variables done by suEXEC. 26 When hosting multiple projects under suEXEC, you can either copy the CGI script and change the TRAC_ENV setting for each script, or make a wrapper script around it. Here is a script to work around the stripping of environment variables done by suEXEC: 31 27 32 28 {{{ … … 44 40 }}} 45 41 46 47 == Multiple Projects under Plesk/suEXEC/same domain == 42 == Multiple Projects under Plesk/suEXEC/same domain 48 43 49 44 '''Added by torgny at sbbs.se''' 50 45 51 The above script works well if you want to have a Trac 52 instance for each user, but it doesn't really help if you have 53 several projects under the same site, !SourceForge style. In order to 54 solve this under Linux Red Hat with Plesk, I did the following: 46 The above script works well if you want to have a Trac instance for each user, but it doesn't really help if you have several projects under the same site, !SourceForge style. In order to solve this under Linux Red Hat with Plesk, I did the following: 55 47 56 First, from the Apache configuration ('''vhost.conf''' in this case), 57 replace '''DOMAIN''' with the domain you are adding: 48 First, from the Apache configuration ('''vhost.conf''' in this case), replace '''DOMAIN''' with the domain you are adding: 58 49 {{{ 59 50 RewriteEngine on … … 90 81 Now add the folder '''~/httpdocs/projects'''. 91 82 92 In that folder, either symlink '''trac.cgi''' or place a copy, and add '''index.php'''. 93 94 Index.php acts as the default page when a project without an existing 95 Trac environment is requested. 83 In that folder, either symlink '''trac.cgi''' or place a copy, and add '''index.php'''. Index.php acts as the default page when a project without an existing Trac environment is requested. 96 84 97 85 Now, for the wrap.cgi bash script: … … 107 95 }}} 108 96 109 The script above does all the work-around magic to make sure everything 110 works between suEXEC and Trac in CGI mode. It also gives you multiple 111 projects support. 97 The script above does all the work-around magic to make sure everything works between suEXEC and Trac in CGI mode. It also gives you multiple projects support. 112 98 113 ---- 99 == Multiple Projects, suExec, and RHEL 4 114 100 115 == Multiple Projects, suExec, and RHEL 4 ==116 101 '''Added by mjs at clemson.edu''' 117 102 118 Here 's what I learned trying to follow the above instructions on a vanilla RHEL4 installation. I'll attempt to clarify some points that I found confusing and some important RHEL-specific issues.103 Here are some points specific to a [http://www.redhat.com/en/technologies/linux-platforms/enterprise-linux RHEL] installation. 119 104 120 105 My layout is as follows: … … 126 111 * URLs are !http://trac.example.com/projects/project-a, etc. 127 112 128 Red Hat compiles suExec so that it only executes CGI scripts that live below /var/www. You cannot symlink individual scripts, but you can symlink a directory. This means that we can't drop CGI scripts under doc root. The scripts will have to live in the cgi-bin subdirectory.Scripts must also not be group-writable.113 Red Hat compiles suExec so that it only executes CGI scripts that live below /var/www. You cannot symlink individual scripts, but you can symlink a directory. This means that we can't drop CGI scripts under doc root. The scripts will have to live in the cgi-bin subdirectory. Scripts must also not be group-writable. 129 114 130 115 The Trac vhost is defined as follows: … … 149 134 }}} 150 135 Notes: 151 * The !ScriptAlias line enables CGI script invocation in the named subdirectory. 152 * The second !RewriteRule finds the project name and appends anything following it to the rewritten URL. Normally, the result of a !RewriteRule is appended to the path to doc root.The PT ("Pass Through") flag prevents this, so /cgi-bin/tracwrap.cgi is invoked as a script.136 * The !ScriptAlias line enables CGI script invocation in the named subdirectory. This subdirectory must be a symlink to a directory under /var/www/cgi-bin/. 137 * The second !RewriteRule finds the project name and appends anything following it to the rewritten URL. Normally, the result of a !RewriteRule is appended to the path to doc root. The PT ("Pass Through") flag prevents this, so /cgi-bin/tracwrap.cgi is invoked as a script. 153 138 * The E flag in torgny's example is superfluous, as suExec strips it from the environment anyway. 154 139 … … 163 148 exec ./trac.cgi 164 149 }}} 165 I found that the variables you need to manipulate are quite different than in torgny's example. SCRIPT_URL contains the entire local URL, e.g., "/projects/project-a/login" and PATH_INFO already contains anything after the project name. So to get the project name, you need to strip "/project/" off the front of ${SCRIPT_URL} and "${PATH_INFO}" off the end.On entry, SCRIPT_NAME contains "tracwrap.cgi", not anything related to the project name.150 I found that the variables you need to manipulate are quite different than in torgny's example. SCRIPT_URL contains the entire local URL, e.g., "/projects/project-a/login" and PATH_INFO already contains anything after the project name. So to get the project name, you need to strip "/project/" off the front of ${SCRIPT_URL} and "${PATH_INFO}" off the end. On entry, SCRIPT_NAME contains "tracwrap.cgi", not anything related to the project name. 166 151 167 152
