--- modules/generators/mod_suexec.c.orig 2006-07-11 22:38:44.000000000 -0500 +++ modules/generators/mod_suexec.c 2010-02-05 23:22:23.000000000 -0600 @@ -57,10 +57,11 @@ } static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig, - const char *uid, const char *gid) + const char *uid, const char *gid, + int userdir) { suexec_config_t *cfg = (suexec_config_t *) mconfig; - const char *err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE|NOT_IN_LIMIT); + const char *err = ap_check_cmd_context(cmd, NOT_IN_LOCATION|NOT_IN_FILES|NOT_IN_LIMIT); if (err != NULL) { return err; @@ -68,7 +69,7 @@ if (unixd_config.suexec_enabled) { cfg->ugid.uid = ap_uname2id(uid); cfg->ugid.gid = ap_gname2id(gid); - cfg->ugid.userdir = 0; + cfg->ugid.userdir = userdir; cfg->active = 1; } else { @@ -78,6 +79,18 @@ return NULL; } +static const char *set_suexec_ugid_nouserdir(cmd_parms *cmd, void *mconfig, + const char *uid, const char *gid) +{ + return set_suexec_ugid(cmd, mconfig, uid, gid, 0); +} + +static const char *set_suexec_ugid_userdir(cmd_parms *cmd, void *mconfig, + const char *uid, const char *gid) +{ + return set_suexec_ugid(cmd, mconfig, uid, gid, 1); +} + static ap_unix_identity_t *get_suexec_id_doer(const request_rec *r) { suexec_config_t *cfg = @@ -115,7 +128,9 @@ { /* XXX - Another important reason not to allow this in .htaccess is that * the ap_[ug]name2id() is not thread-safe */ - AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid, NULL, RSRC_CONF, + AP_INIT_TAKE2("SuexecUserGroup", set_suexec_ugid_nouserdir, NULL, RSRC_CONF|ACCESS_CONF, + "User and group for spawned processes"), + AP_INIT_TAKE2("SuexecUserdir", set_suexec_ugid_userdir, NULL, RSRC_CONF|ACCESS_CONF, "User and group for spawned processes"), { NULL } };