httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabio Corazza <>
Subject Re: [users@httpd] suEXEC verbosity
Date Tue, 03 Oct 2006 14:54:39 GMT
Joshua Slive wrote:
> Those messages are generated within suexec and since suexec is not
> run-time configurable (for security reasons) they are not
> configurable.  You would need to edit the source code and recompile
> (being careful to heed the warnings about not messing with suexec
> unless you know what you are doing).
> Joshua.

Ok, that's what I did. Inside suexec.c, I just commented the following code:

log_no_err("uid: (%s/%s) gid: (%s/%s) cmd: %s\n",
           target_uname, actual_uname,
           target_gname, actual_gname,


if ((~AP_SUEXEC_UMASK) & 0022) {
    log_err("notice: AP_SUEXEC_UMASK of %03o allows "
             "write permission to group and/or other\n", AP_SUEXEC_UMASK);

While the second one can be safe to delete (it's just a notice about the
umask, since I use the umask setting I don't want to be noticed in
regard of that), the first one may possibly cause some problems, since
the comment above it states:

     * Log the transaction here to be sure we have an open log
     * before we setuid().

What it concerns me is: if I delete the logging of the transactions,
will suEXEC be able to open the log file if any other error happens?


Fabio Corazza - Engineering
NewBay Software, Ltd.
Wilson House, Fenian Street, Dublin 2, Ireland
Phone: +353 1 634 5490 - e-mail:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message