# Rebuilding Apache for SuExec

## tokka

Hi

I've been using Gentoo for a couple of months, first in as a test, and I now have 5 dual opteron servers running very happily.

A bog standard install of Gentoo is all that I have needed so far, but I now need to set up a new server to use Virtualmin.

So it has dawned on me that I haven't the faintest idea of what the right way to change compile time options using portage is:)

The way I have just been trying it is to make changes to the ebuild - is that right?

OK, the virtualmin docs tell me that I should add:

```
--with-suexec-docroot=/home \
```

Looking in the ebuild there is an obvious place where this should go:

```
   SSL_BASE="SYSTEM" \

   WANT_AUTOCONF_2_5=1 WANT_AUTOCONF=2.5

   ./configure \

      --with-suexec-safepath="/usr/local/bin:/usr/bin:/bin" \

      --with-suexec-logfile=/var/log/apache2/suexec_log \

      --with-suexec-bin=/usr/sbin/suexec2 \

      --with-suexec-userdir=${USERDIR} \

      --with-suexec-caller=apache \

      --with-suexec-docroot=/home \

      --with-suexec-uidmin=100 \

      --with-suexec-gidmin=100 \

      --with-suexec-umask=077 \

      --enable-suexec=shared \
```

But this is slap bang in the middle of a chunk that seems to deal with SSL - I'm not using SLL, so will this even be included at compile time?

I've tried it, and just am getting a 403 Forbidden when calling a script in the cgi-bin folder, so not even an error I associate with suexec:)

So... what is the best way to add the suexec functionality I need to apache2 on Gentoo using portage?

Thanks

----------

## rev138

Apologies for resurrecting an ancient thread, but I'm experiencing the exact same issue.

Any ideas in the intervening 4 years?

----------

## bunder

did you add the suexec use flag (for apache)?

cheers

----------

## rev138

Yes. That's not the issue.

----------

## rev138

AHA!

```

>>> Emerging (1 of 1) www-servers/apache-2.2.9-r1 to /

 * httpd-2.2.9.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                                            [ ok ]

 * gentoo-apache-2.2.9-r1-20080829.tar.bz2 RMD160 SHA1 SHA256 size ;-) ...                                                                                                        [ ok ]

 * checking ebuild checksums ;-) ...                                                                                                                                              [ ok ]

 * checking auxfile checksums ;-) ...                                                                                                                                             [ ok ]

 * checking miscfile checksums ;-) ...                                                                                                                                            [ ok ]

 * checking httpd-2.2.9.tar.bz2 ;-) ...                                                                                                                                           [ ok ]

 * checking gentoo-apache-2.2.9-r1-20080829.tar.bz2 ;-) ...                                                                                                                       [ ok ]

 *

 * Selected default MPM: prefork

 *

 * You can manipulate several configure options of suexec

 * through the following environment variables:

 *

 *  SUEXEC_SAFEPATH: Default PATH for suexec (default: /usr/local/bin:/usr/bin:/bin)

 *   SUEXEC_LOGFILE: Path to the suexec logfile (default: /var/log/apache2/suexec_log)

 *    SUEXEC_CALLER: Name of the user Apache is running as (default: apache)

 *   SUEXEC_DOCROOT: Directory in which suexec will run scripts (default: /var/www)

 *    SUEXEC_MINUID: Minimum UID, which is allowed to run scripts via suexec (default: 1000)

 *    SUEXEC_MINGID: Minimum GID, which is allowed to run scripts via suexec (default: 100)

 *   SUEXEC_USERDIR: User subdirectories (like /home/user/html) (default: public_html)

 *     SUEXEC_UMASK: Umask for the suexec process (default: 077)

```

 :Very Happy: 

----------

## Pol

I tried to do:

```

export SUEXEC_DOCROOT=/home

emerge apache

```

and I still get it under /var/www

Any idea ?

----------

## Treovo

I have encountered the same problem. If you want to change the default docroot for suexec (for example if you want to use webmin or virtualmain...) I think you should

```
 export SUEXEC_DOCROOT="your_docroot_dir"

emerge apache
```

But I am not sure about the use of the above first command as I have also done the following:

```
EXTRA_ECONF="--with-suexec-docroot=my_favorite_docroot_dir" emerge apache
```

You might try the first solution and check if it works by running suexec -V.

Anyway, whichever solution was the right one it worked for me and suexec -V reports:

```
 -D AP_DOC_ROOT="/home"

 -D AP_GID_MIN=100

 -D AP_HTTPD_USER="apache"

 -D AP_LOG_EXEC="/var/log/apache2/suexec_log"

 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"

 -D AP_SUEXEC_UMASK=077

 -D AP_UID_MIN=1000

 -D AP_USERDIR_SUFFIX="public_html"

```

Just added this in case someone is still stuck with this suexec docroot issue or trying to use virtualmin under gentoo.

----------

