Bug 37564 - Suggestion: mod_suexec SuexecUserGroup directive in the <Directory> section
Summary: Suggestion: mod_suexec SuexecUserGroup directive in the <Directory> section
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_suexec (show other bugs)
Version: 2.4.10
Hardware: PC Linux
: P3 enhancement with 8 votes (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: PatchAvailable
Depends on:
Reported: 2005-11-19 11:08 UTC by Daniel
Modified: 2015-10-26 16:58 UTC (History)
2 users (show)

Patch to allow SuexecUserGroup in Directory context (894 bytes, patch)
2014-09-11 10:13 UTC, phpfpm1
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel 2005-11-19 11:08:19 UTC

This is not a bug but merely a suggestion.
I am trying to install some software and I realise that it would be beautiful 
to be able to define the SuexecUserGroup from the mod_suexec module not only 
in the VirtualHosts, but also in the <Directory> sections.
However, this should most probably be a feature for the httpd.conf ONLY, and 
not in the .htaccess, to avoid having people getting rights that they are not 
allowed to have.

Maybe there is another better way to do this, but my goal would be to be able 
to run CGIs with another user or group ID than apache. I don't like the 
<VirtualHost> mean to do that, because we cannot do an SSL connection if we 
have only one IP address. Therefore putting SuexecUserGroup in the <Directory> 
tag would be a great solution to overcome those problems, if there is not too 
many security concerns about it (I don't know).
We can see that problem typically when installing the 'sympa' mailing list 

Thanks for listening.
Comment 1 phpfpm1 2014-07-19 15:29:25 UTC
I updated the enhancement request in bugzilla, because 2.4.10 still doesn't have the feature. It has been asked in development mailing lists also: http://mail-archives.apache.org/mod_mbox/httpd-dev/201205.mbox/%3CCA+-XxSFMS0YRmZZitL0X-sgVGZBvxfZvrt57hH163DabrZ_N2g@mail.gmail.com%3E
Comment 2 phpfpm1 2014-07-26 08:56:44 UTC
I found a patch already created for that: https://www.mail-archive.com/dev@httpd.apache.org/msg17561.html. It was for apache 2.0, but probably mod_suexec code hasn't changed a lot.
Comment 3 phpfpm1 2014-09-11 10:13:32 UTC
Created attachment 32000 [details]
Patch to allow SuexecUserGroup in Directory context

Patch to fix the problem. SuexecUserGroup is allowed to be in Directory context with the patch.