PAL.C.T MINI SHELL
| files >> /opt/lampp/manual/ |
|
|
| files >> //opt/lampp/manual/suexec.html.ja.utf8 |
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="ja" xml:lang="ja"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<!--
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
This file is generated from xml source: DO NOT EDIT
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-->
<title>suEXEC ãµããŒã - Apache HTTP ãµãŒã ããŒãžã§ã³ 2.4</title>
<link href="./style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
<link href="./style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
<link href="./style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="./style/css/prettify.css" />
<script src="./style/scripts/prettify.min.js" type="text/javascript">
</script>
<link href="./images/favicon.ico" rel="shortcut icon" /></head>
<body id="manual-page"><div id="page-header">
<p class="menu"><a href="./mod/">ã¢ãžã¥ãŒã«</a> | <a href="./mod/directives.html">ãã£ã¬ã¯ãã£ã</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">çšèª</a> | <a href="./sitemap.html">ãµã€ãããã</a></p>
<p class="apache">Apache HTTP ãµãŒã ããŒãžã§ã³ 2.4</p>
<img alt="" src="./images/feather.gif" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="./images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP ãµãŒã</a> > <a href="http://httpd.apache.org/docs/">ããã¥ã¡ã³ããŒã·ã§ã³</a> > <a href="./">ããŒãžã§ã³ 2.4</a></div><div id="page-content"><div id="preamble"><h1>suEXEC ãµããŒã</h1>
<div class="toplang">
<p><span>翻蚳æžã¿èšèª: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="./ja/suexec.html" title="Japanese"> ja </a> |
<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="TÌrkçe"> tr </a></p>
</div>
<div class="outofdate">ãã®æ¥æ¬èªèš³ã¯ãã§ã«å€ããªã£ãŠãã
å¯èœæ§ããããŸãã
æè¿æŽæ°ãããå
容ãèŠãã«ã¯è±èªçãã芧äžããã
</div>
<p><strong>suEXEC</strong>
æ©èœã«ãããApache ãŠãŒã¶ã¯ Web ãµãŒããå®è¡ããŠãããŠãŒã¶ ID ãšã¯
ç°ãªããŠãŒã¶ ID 㧠<strong>CGI</strong> ããã°ã©ã ã <strong>SSI</strong>
ããã°ã©ã ãå®è¡ããããšãã§ããŸããCGI ããã°ã©ã ãŸã㯠SSI
ããã°ã©ã ãå®è¡ããå Žåãé垞㯠web ãµãŒããšåããŠãŒã¶ã§å®è¡ãããŸãã
</p>
<p>é©åã«äœ¿çšãããšããã®æ©èœã«ãããŠãŒã¶ãåå¥ã® CGI
ã SSI ããã°ã©ã ãéçºãå®è¡ããããšã§çããã»ãã¥ãªãã£äžã®å±éºãã
ããªãæžããããšãã§ããŸããããããsuEXEC ã®èšå®ãäžé©åã ãšã
å€ãã®åé¡ãçããããªãã®ã³ã³ãã¥ãŒã¿ã«æ°ããã»ãã¥ãªãã£ããŒã«ã
äœã£ãŠããŸãå¯èœæ§ããããŸããããªãã <em>setuid root</em>
ãããããã°ã©ã ãšããããããçããã»ãã¥ãªãã£äžã®åé¡ã®ç®¡çã«
詳ãããªããããªããsuEXEC ã®äœ¿çšãæ€èšããªãããã«åŒ·ãæšå¥šããŸãã
</p>
</div>
<div id="quickview"><ul id="toc"><li><img alt="" src="./images/down.gif" /> <a href="#before">å§ããåã«</a></li>
<li><img alt="" src="./images/down.gif" /> <a href="#model">suEXEC ã»ãã¥ãªãã£ã¢ãã«</a></li>
<li><img alt="" src="./images/down.gif" /> <a href="#install">suEXEC
ã®èšå®ãšã€ã³ã¹ããŒã«</a></li>
<li><img alt="" src="./images/down.gif" /> <a href="#enable">suEXEC
ã®æå¹åãšç¡å¹å</a></li>
<li><img alt="" src="./images/down.gif" /> <a href="#usage">suEXEC ã®äœ¿çš</a></li>
<li><img alt="" src="./images/down.gif" /> <a href="#debug">suEXEC ã®ãããã°</a></li>
<li><img alt="" src="./images/down.gif" /> <a href="#jabberwock">ãšããã«æ³šæ: èŠåãšäºäŸ</a></li>
</ul><ul class="seealso"><li><a href="#comments_section">ã³ã¡ã³ã</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="before" id="before">å§ããåã«</a></h2>
<p>ãã®ææžã®å
é ã«é£ã¶åã«ãApache
ã°ã«ãŒããšãã®ææžã§ã®ä»®å®ãç¥ã£ãŠããã¹ãã§ãããã
</p>
<p>第 1 ã«ãããªãã <strong>setuid</strong> ãš
<strong>setgid</strong> æäœãå¯èœãª UNIX
ç±æ¥ã®ãªãã¬ãŒãã£ã³ã°ã·ã¹ãã ã䜿ã£ãŠããããšãæ³å®ããŠããŸãã
ããã¯ããã¹ãŠã®ã³ãã³ãäŸã«ããŠã¯ãŸããŸãã
ãã®ä»ã®ãã©ããããŒã ã§ã¯ããã suEXEC
ããµããŒããããŠãããšããŠãèšå®ã¯ç°ãªããããããŸããã</p>
<p>第 2 ã«ãããªãã䜿çšäžã®ã³ã³ãã¥ãŒã¿ã®
ã»ãã¥ãªãã£ã«é¢ããåºæ¬çãªæŠå¿µãšããããã®ç®¡çã«ã€ããŠè©³ããããšã
æ³å®ããŠããŸããããã¯ã<strong>setuid/setgid</strong>
æäœãããªãã®ã·ã¹ãã äžã§ã®ãã®æäœã«ããæ§ã
ãªå¹æã
ã»ãã¥ãªãã£ã¬ãã«ã«ã€ããŠããªããç解ããŠãããšããããšãå«ã¿ãŸãã
</p>
<p>第 3 ã«ã<strong>æ¹é ãããŠããªã</strong> suEXEC
ã³ãŒãã®äœ¿çšãæ³å®ããŠããŸããsuEXEC ã®ã³ãŒãã¯ã
å€ãã®ããŒã¿ãã¹ã¿ã ãã§ãªããéçºè
ã«ãã£ãŠã泚ææ·±ã粟æ»ãã
ãã¹ããããŠããŸãããããã®æ³šæã«ãããç°¡æœã§ä¿¡é Œã§ããå®å
šãª
ã³ãŒãã®åºç€ãä¿èšŒãããŸãããã®ã³ãŒããæ¹å€ããããšã§ã
äºæãããªãåé¡ãæ°ããã»ãã¥ãªãã£äžã®å±éºãçããããšããããŸãã
ã»ãã¥ãªãã£ããã°ã©ãã³ã°ã®è©³çŽ°ã«éããŠããŠã
ä»åŸã®æ€èšã®ããã«ææã Apache
ã°ã«ãŒããšå
±æããããšæãã®ã§ãªããã°ãsuEXEC
ã³ãŒãã¯å€ããªãããšã <strong>匷ã</strong>æšå¥šããŸãã</p>
<p>第 4 ã«ããããæåŸã§ãããsuEXEC ã Apache
ã®ããã©ã«ãã€ã³ã¹ããŒã«ã«ã¯<strong>å«ããªã</strong>ããšã
Apache ã°ã«ãŒãã§æ±ºå®ãããŠããŸããããã¯ãsuEXEC
ã®èšå®ã«ã¯ç®¡çè
ã®è©³çŽ°ã«ãããæ
éãªæ³šæãå¿
èŠã ããã§ãã
suEXEC ã®æ§ã
ãªèšå®ã«ã€ããŠæ€èšãçµããã°ã管çè
㯠suEXEC
ãéåžžã®ã€ã³ã¹ããŒã«æ¹æ³ã§ã€ã³ã¹ããŒã«ããããšãã§ããŸãã
ãããã®èšå®å€ã¯ãsuEXEC
æ©èœã®äœ¿çšäžã«ã·ã¹ãã ã»ãã¥ãªãã£ãé©åã«ä¿ã€ããã«ã
管çè
ã«ãã£ãŠæ
éã«æ±ºå®ããæå®ãããããšãå¿
èŠã§ãã
ãã®è©³çŽ°ãªæé ã«ãããApache ã°ã«ãŒãã¯ãsuEXEC
ã®ã€ã³ã¹ããŒã«ã«ã€ããŠã泚ææ·±ãååã«æ€èšããŠããã䜿çšããããšã
決å®ããå Žåã«éã£ãŠããã ããããšèããŠããŸãã
</p>
<p>ããã§ãé²ã¿ãŸãã? ãããããã§ã¯ãå
ãžé²ã¿ãŸããã!</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="model" id="model">suEXEC ã»ãã¥ãªãã£ã¢ãã«</a></h2>
<p>suEXEC ã®èšå®ãšã€ã³ã¹ããŒã«ãå§ããåã«ã
ãŸãå®è£
ããããšããŠããã»ãã¥ãªãã£ã¢ãã«ã«ã€ããŠè«ããŠãããŸãã
ããã«ã¯ãsuEXEC ã®å
éšã§è¡ãªãããŠããããšã
ã·ã¹ãã ã®ã»ãã¥ãªãã£ãä¿èšŒããããã«èŠåãããããšã
ããç解ããŠãããæ¹ãããã§ãããã</p>
<p><strong>suEXEC</strong> ã¯ãApache web
ãµãŒãããåŒã³åºããã setuid ããã "wrapper"
ããã°ã©ã ãåºæ¬ãšãªã£ãŠããŸããèšèšãã CGIããŸã㯠SSI
ããã°ã©ã ãžã® HTTP ãªã¯ãšã¹ãããããšããã® wrapper
ãåŒã³åºãããŸãããã®ãããªãªã¯ãšã¹ãããããšãApache
ã¯ãã®ããã°ã©ã ãå®è¡ãããéã®ããã°ã©ã åãšãŠãŒã¶ ID ãšã°ã«ãŒã
ID ãæå®ã㊠suEXEC wrapper ãå®è¡ããŸãã
</p>
<p>ãããããwrapper ã¯æåãŸãã¯å€±æã決å®ãããã
以äžã®åŠçãè¡ãªããŸãããããã®ç¶æ
ã®ãã¡äžã€ã§ã倱æããå Žåã
ããã°ã©ã ã¯å€±æããã°ã«èšé²ããŠãšã©ãŒã§çµäºããŸãã
ããã§ãªããã°ãåŸã®åŠçãç¶ããããŸãã</p>
<ol>
<li>
<strong>wrapper
ãå®è¡ããŠãããŠãŒã¶ã¯ãã®ã·ã¹ãã ã®æ£åœãªãŠãŒã¶ã?</strong>
<p class="indent">
ããã¯ãwrapper ãå®è¡ããŠãããŠãŒã¶ã
æ¬åœã«ã·ã¹ãã ã®å©çšè
ã§ããããšãä¿èšŒããããã§ãã
</p>
</li>
<li>
<strong>wrapper ãé©åãªæ°ã®åŒæ°ã§åŒã³åºãããã?</strong>
<p class="indent">
wrapper ã¯é©åãªæ°ã®åŒæ°ãäžããããå Žåã«ã®ã¿å®è¡ãããŸãã
é©åãªåŒæ°ã®ãã©ãŒããã㯠Apache Web ãµãŒãã«è§£éãããŸãã
é©åãªæ°ã®åŒæ°ãåãåããªããã°ãæ»æããããã
ããªãã® Apache ãã€ããªã® suEXEC ã®éšåã
ã©ããããããå¯èœæ§ããããŸãã
</p>
</li>
<li>
<strong>ãã®æ£åœãªãŠãŒã¶ã¯ wrapper
ã®å®è¡ãèš±å¯ãããŠããã?</strong>
<p class="indent">
ãã®ãŠãŒã¶ã¯ wrapper å®è¡ãèš±å¯ããããŠãŒã¶ã§ãã?
ãã äžäººã®ãŠãŒã¶ (Apache ãŠãŒã¶) ã ããã
ãã®ããã°ã©ã ã®å®è¡ãèš±å¯ãããŸãã
</p>
</li>
<li>
<strong>察象㮠CGI, SSI ããã°ã©ã ãå®å
šã§ãªãéå±€ã®åç
§ãããŠããã?
</strong>
<p class="indent">
察象㮠CGI, SSI ããã°ã©ã ã '/' ããå§ãŸãããŸãã¯
'..' ã«ããåç
§ãè¡ãªã£ãŠããŸãã? ãããã¯èš±å¯ãããŸããã
察象ã®ããã°ã©ã 㯠suEXEC ã®ããã¥ã¡ã³ãã«ãŒã
(äžèšã® <code>--with-suexec-docroot=<em>DIR</em></code> ãåç
§)
å
ã«ååšããªããã°ãªããŸããã
</p>
</li>
<li>
<strong>察象ãšãªããŠãŒã¶åã¯æ£åœãªãã®ã?</strong>
<p class="indent">
察象ãšãªããŠãŒã¶åã¯ååšããŠããŸãã?
</p>
</li>
<li>
<strong>察象ãšãªãã°ã«ãŒãåã¯æ£åœãªãã®ã?</strong>
<p class="indent">
察象ãšãªãã°ã«ãŒãåã¯ååšããŠããŸãã?
</p>
</li>
<li>
<strong>ç®çã®ãŠãŒã¶ã¯ã¹ãŒããŒãŠãŒã¶ã§ã¯<em>ãªã</em>ã?
</strong>
<p class="indent">
ä»ã®ãšãããsuEXEC 㯠<code><em>root</em></code> ã«ãã CGI/SSI
ããã°ã©ã ã®å®è¡ãèš±å¯ããŠããŸããã
</p>
</li>
<li>
<strong>察象ãšãªããŠãŒã¶ ID ã¯ãæå°ã® ID
çªå·ããã<em>倧ãã</em>ã? </strong>
<p class="indent">
æå°ãŠãŒã¶ ID çªå·ã¯èšå®æã«æå®ãããŸããããã¯ã
CGI/SSI ããã°ã©ã å®è¡ãèš±å¯ããããŠãŒã¶ ID
ã®ãšãããæå°å€ã§ããããã¯
"system" çšã®ã¢ã«ãŠã³ããéãåºãã®ã«æå¹ã§ãã
</p>
</li>
<li>
<strong>察象ãšãªãã°ã«ãŒãã¯ã¹ãŒããŒãŠãŒã¶ã®ã°ã«ãŒãã§ã¯
<em>ãªã</em>ã?</strong>
<p class="indent">
ä»ã®ãšãããsuEXEC 㯠'root' ã°ã«ãŒãã«ãã CGI/SSI
ããã°ã©ã ã®å®è¡ãèš±å¯ããŠããŸããã
</p>
</li>
<li>
<strong>察象ãšãªãã°ã«ãŒã ID ã¯æå°ã® ID
çªå·ããã<em>倧ãã</em>ã?</strong>
<p class="indent">
æå°ã°ã«ãŒã ID çªå·ã¯èšå®æã«æå®ãããŸããããã¯ã
CGI/SSI ããã°ã©ã å®è¡ãèš±å¯ãããã°ã«ãŒã
ID ã®ãšãããæå°å€ã§ãã
ãã㯠"system" çšã®ã°ã«ãŒããéãåºãã®ã«æå¹ã§ãã
</p>
</li>
<li>
<strong>wrapper ãæ£åžžã«å¯Ÿè±¡ãšãªããŠãŒã¶ãšã°ã«ãŒãã«ãªããã?
</strong>
<p class="indent">
ããã§ãsetuid ãš setgid
ã®èµ·åã«ããããã°ã©ã ã¯å¯Ÿè±¡ãšãªããŠãŒã¶ãšã°ã«ãŒãã«ãªããŸãã
ã°ã«ãŒãã¢ã¯ã»ã¹ãªã¹ãã¯ã
ãŠãŒã¶ãå±ããŠãããã¹ãŠã®ã°ã«ãŒãã§åæåãããŸãã
</p>
</li>
<li>
<strong>CGI/SSI ããã°ã©ã ã眮ãããŠãããã£ã¬ã¯ããªã«ç§»å
(change directory) ã§ããã?</strong>
<p class="indent">
ãã£ã¬ã¯ããªãååšããªããªãããã®ãã¡ã€ã«ãååšããªããããããŸããã
ãã£ã¬ã¯ããªã«ç§»åã§ããªãã®ã§ããã°ãããããååšãããªãã§ãããã
</p>
</li>
<li>
<strong>ãã£ã¬ã¯ããªã Apache ã®ããã¥ã¡ã³ãããªãŒå
ã«ããã?
</strong>
<p class="indent">
ãªã¯ãšã¹ãããµãŒãå
ã®ãã®ã§ããã°ã
èŠæ±ããããã£ã¬ã¯ããªã suEXEC ã®ããã¥ã¡ã³ãã«ãŒãé
äžã«ãããŸãã?
ãªã¯ãšã¹ãã UserDir ã®ãã®ã§ããã°ãèŠæ±ããããã£ã¬ã¯ããªã suEXEC
ã®ãŠãŒã¶ã®ããã¥ã¡ã³ãã«ãŒãé
äžã«ãããŸãã?
(<a href="#install">suEXEC èšå®ãªãã·ã§ã³</a> åç
§)
</p>
</li>
<li>
<strong>ãã£ã¬ã¯ããªãä»ã®ãŠãŒã¶ãæžã蟌ããããã«ãªã£ãŠ
<em>ããªã</em>ã?</strong>
<p class="indent">
ãã£ã¬ã¯ããªãä»ãŠãŒã¶ã«éæŸããªãããã«ããŸãã
ææãŠãŒã¶ã ãããã®ãã£ã¬ã¯ããªã®å
容ãæ¹å€ã§ããããã«ããŸãã
</p>
</li>
<li>
<strong>察象ãšãªã CGI/SSI ããã°ã©ã ã¯ååšããã?</strong>
<p class="indent">
ååšããªããã°å®è¡ã§ããŸããã
</p>
</li>
<li>
<strong>察象ãšãªã CGI/SSI ããã°ã©ã ãã¡ã€ã«ãä»ã¢ã«ãŠã³ããã
æžã蟌ããããã«ãªã£ãŠ<em>ããªã</em>ã?</strong>
<p class="indent">
ææè
以å€ã«ã¯ CGI/SSI ããã°ã©ã ãå€æŽããæš©éã¯äžããããŸããã
</p>
</li>
<li>
<strong>察象ãšãªã CGI/SSI ããã°ã©ã ã setuid ãŸã㯠setgid
ãããŠ<em>ããªã</em>ã?</strong>
<p class="indent">
UID/GID ãå床å€æŽããŠã®ããã°ã©ã å®è¡ã¯ããŸãã
</p>
</li>
<li>
<strong>察象ãšãªããŠãŒã¶/ã°ã«ãŒããããã°ã©ã ã®
ãŠãŒã¶/ã°ã«ãŒããšåãã?</strong>
<p class="indent">
ãŠãŒã¶ããã®ãã¡ã€ã«ã®ææè
ã§ãã?
</p>
</li>
<li>
<strong>å®å
šãªåäœãä¿èšŒããããã®ç°å¢å€æ°ã¯ãªã¢ãå¯èœã?
</strong>
<p class="indent">
suEXEC ã¯ãå®å
šãªç°å¢å€æ°ã®ãªã¹ã
(ãããã¯èšå®æã«äœæãããŸã) å
ã®å€æ°ãšããŠæž¡ãããå®å
šãª
PATH å€æ° (èšå®æã«æå®ãããŸã) ãèšå®ããããšã§ã
ããã»ã¹ã®ç°å¢å€æ°ãã¯ãªã¢ããŸãã
</p>
</li>
<li>
<strong>察象ãšãªã CGI/SSI ããã°ã©ã ã exec ããŠå®è¡ã§ããã?</strong>
<p class="indent">
ãã㧠suEXEC ãçµäºãã察象ãšãªãããã°ã©ã ãéå§ãããŸãã
</p>
</li>
</ol>
<p>ãããŸã§ã suEXEC ã® wrapper
ã«ãããã»ãã¥ãªãã£ã¢ãã«ã®æšæºçãªåäœã§ããããå°ãå³éã«
CGI/SSI èšèšã«ã€ããŠã®æ°ããå¶éãèŠå®ãåãå
¥ããããšãã§ããŸããã
suEXEC ã¯ã»ãã¥ãªãã£ã«æ³šæããŠæ
éã«å°ããã€éçºãããŠããŸããã
</p>
<p>ãã®ã»ãã¥ãªãã£ã¢ãã«ãçšããŠ
ãµãŒãèšå®æã«ã©ã®ããã«èš±ãããšãå¶éãããããŸããsuEXEC
ãé©åã«èšå®ãããšã©ã®ãããªã»ãã¥ãªãã£äžã®å±éºãé¿ãããããã«
é¢ãããã詳ããæ
å ±ã«ã€ããŠã¯ã<a href="#jabberwock">"ãšããã«æ³šæ"
(Beware the Jabberwock)</a> ã®ç« ãåç
§ããŠãã ããã
</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="install" id="install">suEXEC
ã®èšå®ãšã€ã³ã¹ããŒã«</a></h2>
<p>ãããã楜ãããªããŸãã</p>
<p><strong>suEXEC
èšå®ãªãã·ã§ã³</strong><br />
</p>
<dl>
<dt><code>--enable-suexec</code></dt>
<dd>ãã®ãªãã·ã§ã³ã¯ãããã©ã«ãã§ã¯ã€ã³ã¹ããŒã«ãããã
æå¹ã«ã¯ãªããªã suEXEC æ©èœãæå¹ã«ããŸãã
suEXEC ã䜿ãããã« APACI ã«èŠæ±ããã«ã¯ã<code>--enable-suexec</code>
ãªãã·ã§ã³ã«ããããŠå°ãªããšãäžã€ã¯ <code>--with-suexec-xxxxx</code>
ãªãã·ã§ã³ãæå®ãããªããã°ãªããŸããã</dd>
<dt><code>--with-suexec-bin=<em>PATH</em></code></dt>
<dd>ã»ãã¥ãªãã£äžã®çç±ã«ããã<code>suexec</code> ãã€ããªã®ãã¹ã¯ãµãŒãã«
ããŒãã³ãŒããããŠããå¿
èŠããããŸããããã©ã«ãã®ãã¹ã
å€ããããšãã¯ãã®ãªãã·ã§ã³ã䜿ã£ãŠãã ããã<em>äŸãã°</em>ã
<code>--with-suexec-bin=/usr/sbin/suexec</code> ã®ããã«ã</dd>
<dt><code>--with-suexec-caller=<em>UID</em></code></dt>
<dd>Apache ãéåžžåäœããã<a href="mod/mpm_common.html#user">ãŠãŒã¶å</a>ãæå®ããŸãã
ãã®ãŠãŒã¶ã ãã suexec ã®å®è¡ãèš±å¯ããããŠãŒã¶ã«ãªããŸãã</dd>
<dt><code>--with-suexec-userdir=<em>DIR</em></code></dt>
<dd>suEXEC ãã¢ã¯ã»ã¹ãèš±ããããŠãŒã¶ããŒã ãã£ã¬ã¯ããªé
äžã®
ãµããã£ã¬ã¯ããªãæå®ããŸãã
ãã®ãã£ã¬ã¯ããªä»¥äžã®å
šå®è¡ãã¡ã€ã«ã¯ã"å®å
šãª"ããã°ã©ã ã«ãªãããã
suEXEC ããã®ãŠãŒã¶ãšããŠå®è¡ã§ããããã«ããŸãã
"åçŽãª" UserDir ãã£ã¬ã¯ãã£ãã䜿ã£ãŠããå Žå
(ããªãã¡ "*" ãå«ãŸãªããã®)ããããšåãå€ãèšå®ãã¹ãã§ãã
Userdir ãã£ã¬ã¯ãã£ãããã®ãŠãŒã¶ã®ãã¹ã¯ãŒããã¡ã€ã«å
ã®
ããŒã ãã£ã¬ã¯ããªãšåãå ŽæãæããŠããªããã°ã
suEXEC ã¯é©åã«åäœããŸãããããã©ã«ã㯠"public_html" ã§ãã
<br />
å UserDir ãç°ãªã£ãä»®æ³ãã¹ããèšå®ããŠããå Žåã
ããããå
šãŠäžã€ã®èŠªãã£ã¬ã¯ããªã«å«ããŠã
ãã®èŠªãã£ã¬ã¯ããªã®ååãããã§æå®ããå¿
èŠããããŸãã
<strong>ãã®ããã«æå®ãããªããã° "~userdir" cgi
ãžã®ãªã¯ãšã¹ããåäœããŸããã</strong></dd>
<dt><code>--with-suexec-docroot=<em>DIR</em></code></dt>
<dd>Apache ã®ããã¥ã¡ã³ãã«ãŒããèšå®ããŸããããã suEXEC
ã®åäœã§äœ¿çšããå¯äžã®ãã£ã¬ã¯ããªéå±€ã«ãªããŸã (UserDir
ã®æå®ã¯å¥)ãããã©ã«ãã§ã¯ <code>--datedir</code> ã« "/htdocs"
ãšãããµãã£ãã¯ã¹ãã€ãããã®ã§ãã
"<code>--datadir=/home/apache</code>" ãšããŠèšå®ãããšã
suEXEC wrapper ã«ãšã£ãŠ "/home/apache/htdocs"
ãããã¥ã¡ã³ãã«ãŒããšããŠäœ¿ãããŸãã</dd>
<dt><code>--with-suexec-uidmin=<em>UID</em></code></dt>
<dd>suEXEC ã®å¯Ÿè±¡ãŠãŒã¶ãšããŠèš±ããã UID ã®æå°å€ãæå®ããŸãã
倧æµã®ã·ã¹ãã ã§ã¯ 500 ã 100 ãäžè¬çã§ãã
ããã©ã«ãå€ã¯ 100 ã§ãã</dd>
<dt><code>--with-suexec-gidmin=<em>GID</em></code></dt>
<dd>suEXEC ã®å¯Ÿè±¡ã°ã«ãŒããšããŠèš±ããã GID
ã®æå°å€ãæå®ããŸãã倧æµã®ã·ã¹ãã ã§ã¯ 100 ãäžè¬çãªã®ã§ã
ããã©ã«ãå€ãšããŠã 100 ã䜿ãããŠããŸãã</dd>
<dt><code>--with-suexec-logfile=<em>FILE</em></code></dt>
<dd>suEXEC ã®åŠçãšãšã©ãŒãèšé²ããããã¡ã€ã«åãæå®ããŸãã
(ç£æ»ããããã°ç®çã«æçš)
ããã©ã«ãã§ã¯ãã°ãã¡ã€ã«ã¯ "suexec_log" ãšããååã§ã
æšæºã®ãã°ãã¡ã€ã«ãã£ã¬ã¯ã㪠(<code>--logfiledir</code>) ã«çœ®ãããŸãã
</dd>
<dt><code>--with-suexec-safepath=<em>PATH</em></code></dt>
<dd>CGI å®è¡ãã¡ã€ã«ã«æž¡ãããå®å
šãª PATH ç°å¢å€æ°ã§ãã
ããã©ã«ãå€ã¯ "/usr/local/bin:/usr/bin:/bin" ã§ãã
</dd>
</dl>
<p><strong>suEXEC wrapper
ã®ã³ã³ãã€ã«ãšã€ã³ã¹ããŒã«</strong><br />
<code>--enable-suexec</code> ãªãã·ã§ã³ã§ suEXEC æ©èœãæå¹ã«ãããšã
"make" ã³ãã³ããå®è¡ããæã« <code>suexec</code> ã®ãã€ã㪠(Apache èªäœã)
ãèªåçã«äœæãããŸãã
<br />
ãã¹ãŠã®æ§æèŠçŽ ãäœæããããšããããã®ã€ã³ã¹ããŒã«ã«ã¯
<code>make install</code> ã³ãã³ããå®è¡ã§ããŸãããã€ããªã€ã¡ãŒãžã® <code>suexec</code>
㯠<code>--sbindir</code> ãªãã·ã§ã³ã§æå®ããããã£ã¬ã¯ããªã«ã€ã³ã¹ããŒã«ãããŸãã
ããã©ã«ãã®å Žæ㯠"/usr/local/apache/bin/suexec" ã§ãã<br />
ã€ã³ã¹ããŒã«æã«ã¯ <strong><em>root</em></strong>
æš©éãå¿
èŠãªã®ã§æ³šæããŠãã ãããwrapper ããŠãŒã¶ ID
ãèšå®ããããã«ãææè
<code><em>root</em></code>
ã§ã®ã»ãããŠãŒã¶ ID
ãããããã®ãã¡ã€ã«ã®ã¢ãŒãã«èšå®ããªããã°ãªããŸããã
</p>
<p><strong>å®å
šãªããŒããã·ã§ã³ãèšå®ãã</strong><br />
suEXEC ã©ãããŒã¯ã<code>--with-suexec-caller</code> <code class="program"><a href="./programs/configure.html">configure</a></code>
ãªãã·ã§ã³ã§æå®ããæ£ãããŠãŒã¶ã§èµ·åãããŠããããšã確èªããŸããã
ã·ã¹ãã äžã§ãã®ãã§ãã¯ãè¡ãªãããåã«ã
suEXEC ãåŒã¶ã·ã¹ãã ãã©ã€ãã©ãªãè匱ã§ããå¯èœæ§ã¯æ®ããŸãã察æçãšããŠã
äžè¬ã«è¯ãç¿æ
£ãšãããããŸããã
ãã¡ã€ã«ã·ã¹ãã ããŒããã·ã§ã³ã䜿ã£ãŠ
Apache ã®å®è¡æã®ã°ã«ãŒãã®ã¿ã suEXEC ãå®è¡ã§ããããã«
ããã®ãè¯ãã§ãããã</p>
<p>ããšãã°ã次ã®ããã«ãµãŒããèšå®ãããŠãããšããŸãã</p>
<div class="example"><p><code>
User www<br />
Group webgroup<br />
</code></p></div>
<p><code class="program"><a href="./programs/suexec.html">suexec</a></code> ã "/usr/local/apache2/bin/suexec"
ã«ã€ã³ã¹ããŒã«ãããŠããå Žåã次ã®ããã«èšå®ããå¿
èŠããããŸãã</p>
<div class="example"><p><code>
chgrp webgroup /usr/local/apache2/bin/suexec<br />
chmod 4750 /usr/local/apache2/bin/suexec<br />
</code></p></div>
<p>ãã㧠Apache ãå®è¡ãããã°ã«ãŒãã®ã¿ã
suEXEC ã©ãããŒãå®è¡ã§ãããšããããšã
確蚌ããŸãã</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="enable" id="enable">suEXEC
ã®æå¹åãšç¡å¹å</a></h2>
<p>èµ·åæã«ãApache 㯠<code>--sbindir</code>
ãªãã·ã§ã³ã§èšå®ããããã£ã¬ã¯ããªã§
<code>suexec</code> ãæ¢ããŸã
(ããã©ã«ã㯠"/usr/local/apache/sbin/suexec") ã
é©åã«èšå®ããã suEXEC ãã¿ã€ãããšã
ãšã©ãŒãã°ã«ä»¥äžã®ã¡ãã»ãŒãžãåºåãããŸãã</p>
<div class="example"><p><code>
[notice] suEXEC mechanism enabled (wrapper: <var>/path/to/suexec</var>)
</code></p></div>
<p>ãµãŒãèµ·åæã«ãã®ã¡ãã»ãŒãžãåºãªãå Žåã
倧æµã¯ãµãŒããæ³å®ããå Žæ㧠wrapper ããã°ã©ã ãèŠã€ãããªãã£ããã
<em>setuid root</em> ãšããŠã€ã³ã¹ããŒã«ãããŠããªããã§ãã</p>
<p>suEXEC ã®ä»çµã¿ã䜿çšããã®ãåããŠã§ãApache ãæ¢ã«åäœäžã§ããã°ã
Apache ã kill ããŠãåèµ·åããªããã°ãªããŸãããHUP ã·ã°ãã«ã
USR1 ã·ã°ãã«ã«ããåçŽãªåèµ·åã§ã¯äžååã§ãã</p>
<p>suEXEC ãç¡å¹ã«ããå Žåã¯ã<code>suexec</code> ãã¡ã€ã«ãåé€ããŠãã
Apache ã kill ããŠåèµ·åããŸãã
</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="usage" id="usage">suEXEC ã®äœ¿çš</a></h2>
<p>CGI ããã°ã©ã ãžã®ãªã¯ãšã¹ãã suEXEC ã©ãããŒãåŒã¶ã®ã¯ã
<code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code> ãã£ã¬ã¯ãã£ãã
å«ãããŒãã£ã«ãã¹ããžã®ãªã¯ãšã¹ããã<code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> ã«ãã
åŠçããããªã¯ãšã¹ãã®å Žåã«éããŸãã</p>
<p><strong>ä»®æ³ãã¹ã:</strong><br />
suEXEC wrapper ã®äœ¿ãæ¹ãšããŠã
<code class="directive"><a href="./mod/core.html#virtualhost">VirtualHost</a></code> èšå®ã§ã®
<code class="directive"><a href="./mod/mod_suexec.html#suexecusergroup">SuexecUserGroup</a></code>
ãã£ã¬ã¯ãã£ããéãããã®ããããŸãã
ãã®ãã£ã¬ã¯ãã£ããã¡ã€ã³ãµãŒãã®ãŠãŒã¶ ID
ãšç°ãªããã®ã«ãããšãCGI ãªãœãŒã¹ãžã®ãã¹ãŠã®ãªã¯ãšã¹ãã¯ããã®
<code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code> ã§æå®ããã <em>User</em> ãš
<em>Group</em> ãšããŠå®è¡ãããŸãã<code class="directive"><a href="./mod/core.html#virtualhost"><VirtualHost></a></code>
ã§ãã®ãã£ã¬ã¯ãã£ããæå®ãããŠããªãå Žåã
ã¡ã€ã³ãµãŒãã®ãŠãŒã¶ ID ãæ³å®ãããŸãã</p>
<p><strong>ãŠãŒã¶ãã£ã¬ã¯ããª:</strong><br />
<code class="module"><a href="./mod/mod_userdir.html">mod_userdir</a></code> ã«ããåŠçããããªã¯ãšã¹ãã¯
ãªã¯ãšã¹ãããããŠãŒã¶ãã£ã¬ã¯ããªã®ãŠãŒã¶ ID 㧠CGI ããã°ã©ã ã
å®è¡ããããã« suEXEC ã©ãããŒãåŒã³ãŸãã
ãã®æ©èœãåäœãããããã«å¿
èŠãªããšã¯ãCGI
ããã®ãŠãŒã¶ã§å®è¡ã§ããããšããã®ã¹ã¯ãªãããäžèšã®<a href="#model">ã»ãã¥ãªãã£æ€æ»</a>ããã¹ã§ããããšã§ãã
<a href="#install">ã³ã³ãã€ã«
æã®ãªãã·ã§ã³</a> <code>--with-suexec-userdir</code> ãåç
§ããŠãã ããã</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="debug" id="debug">suEXEC ã®ãããã°</a></h2>
<p>suEXEC wrapper ã¯ãäžèšã§è¿°ã¹ã <code>--with-suexec-logfile</code>
ãªãã·ã§ã³ã§æå®ããããã¡ã€ã«ã«ãã°æ
å ±ãèšé²ããŸãã
wrapper ãé©åã«èšå®ãã€ã³ã¹ããŒã«ã§ããŠãããšæãå Žåã
ã©ãã§è¿·ã£ãŠãããèŠãããšãããªããã®ãã°ãšãµãŒãã®
ãšã©ãŒãã°ãèŠããšããã§ãããã</p>
</div><div class="top"><a href="#page-header"><img alt="top" src="./images/up.gif" /></a></div>
<div class="section">
<h2><a name="jabberwock" id="jabberwock">ãšããã«æ³šæ: èŠåãšäºäŸ</a></h2>
<p><strong>泚æ!</strong>
ãã®ç« ã¯å®å
šã§ã¯ãããŸããããã®ç« ã®ææ°æ¹èšçã«ã€ããŠã¯ã
Apache ã°ã«ãŒãã®<a href="http://httpd.apache.org/docs/2.4/suexec.html">
ãªã³ã©ã€ã³ããã¥ã¡ã³ã</a>çãåç
§ããŠãã ããã
</p>
<p>ãµãŒãã®èšå®ã«å¶éããããã wrapper ã«ã€ããŠã
ããã€ãèå³æ·±ãç¹ããããŸããsuEXEC ã«é¢ãã "ãã°"
ãå ±åããåã«ãããã確èªããŠãã ããã</p>
<ul>
<li><strong>suEXEC ã®èå³æ·±ãç¹</strong></li>
<li>éå±€æ§é ã®å¶é
<p class="indent">
ã»ãã¥ãªãã£ãšå¹çã®çç±ããã<code>suEXEC</code> ã®å
šãŠã®ãªã¯ãšã¹ãã¯
ä»®æ³ãã¹ããžã®ãªã¯ãšã¹ãã«ãããæäžäœã®ããã¥ã¡ã³ãã«ãŒãå
ãã
ãŠãŒã¶ãã£ã¬ã¯ããªãžã®ãªã¯ãšã¹ãã«ãããåã
ã®ãŠãŒã¶ã®æäžäœã®
ããã¥ã¡ã³ãã«ãŒãå
ã«æ®ããªããã°ãªããŸããã
äŸãã°ãåã€ã®ä»®æ³ãã¹ããèšå®ããŠããå Žåã
ä»®æ³ãã¹ãã® suEXEC ã«æå©ãªããã«ãã¡ã€ã³ã® Apache
ããã¥ã¡ã³ãéå±€ã®å€åŽã«å
šãŠã®ä»®æ³ãã¹ãã®ããã¥ã¡ã³ãã«ãŒãã
æ§ç¯ããå¿
èŠããããŸãã(äŸã¯åŸæ¥èšèŒ)
</p>
</li>
<li>suEXEC ã® PATH ç°å¢å€æ°
<p class="indent">
ãããå€æŽããã®ã¯å±éºã§ãããã®æå®ã«å«ãŸããåãã¹ã
<strong>ä¿¡é Œã§ãã</strong>
ãã£ã¬ã¯ããªã§ããããšã確èªããŠãã ããã
äžçããã®ã¢ã¯ã»ã¹ã«ããã誰ãããã¹ãäžã§ããã€ã®æšéŠ¬
ãå®è¡ã§ããããã«ã¯ããããªãã§ãããã
</p>
</li>
<li>suEXEC ã³ãŒãã®æ¹é
<p class="indent">
ç¹°ãè¿ããŸãããäœãããããšããŠãããææ¡ããã«ããããããš
<strong>倧ããªåé¡</strong>ãåŒãèµ·ãããããŸããã
å¯èœãªéãé¿ããŠãã ããã
</p>
</li>
</ul>
</div></div>
<div class="bottomlang">
<p><span>翻蚳æžã¿èšèª: </span><a href="./en/suexec.html" hreflang="en" rel="alternate" title="English"> en </a> |
<a href="./fr/suexec.html" hreflang="fr" rel="alternate" title="Français"> fr </a> |
<a href="./ja/suexec.html" title="Japanese"> ja </a> |
<a href="./ko/suexec.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> |
<a href="./tr/suexec.html" hreflang="tr" rel="alternate" title="TÌrkçe"> tr </a></p>
</div><div class="top"><a href="#page-header"><img src="./images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">ã³ã¡ã³ã</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
<script type="text/javascript"><!--//--><![CDATA[//><!--
var comments_shortname = 'httpd';
var comments_identifier = 'http://httpd.apache.org/docs/2.4/suexec.html';
(function(w, d) {
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
}
else {
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
}
})(window, document);
//--><!]]></script></div><div id="footer">
<p class="apache">Copyright 2015 The Apache Software Foundation.<br />ãã®ææžã¯ <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> ã®ã©ã€ã»ã³ã¹ã§æäŸãããŠããŸãã.</p>
<p class="menu"><a href="./mod/">ã¢ãžã¥ãŒã«</a> | <a href="./mod/directives.html">ãã£ã¬ã¯ãã£ã</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="./glossary.html">çšèª</a> | <a href="./sitemap.html">ãµã€ãããã</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();
}
//--><!]]></script>
</body></html>
ß
yôÊáœ~or�À5ÖJ�={þÁEÇêe�Ÿuç£Qk���®á¯G{÷?ù»ã+]üôçÉÍ××ô?�wûM3X�^¶Úæ>{Ž7ÙŸìŽKã>èo²ÎnÝ\ÿªÊj¿y·�ðR�£õãg/î=ÞÿfúOçÖr�·o×NVÊv¿ú~ÿY+�ü¿NGêu÷ø·Ã®þë¹HWûyëwÆ[eQ¶ÊšŸSÚbÖ>öÍËÇ�þ³>ä}Gçmx[o[<�ÞÚ{ðýÏ®_ÅïqF�ÚÛvM����IEND®B`