Derek and Melissa’s Family

---

Configure suexec on Apache for OS X

by Derek—2003.11.13 @ 0242

As a graphic designer I never thought I'd ever be programming, let alone configuring Apache with suexec on Apple's OS X. This note is a step-by-step approach I took to configure suexec on OS X so I could test the scripts and programs I was developing.

[ED: This note has been updated for Apache 1.3.29 and OS X 10.3, "Panther." As with all my notes, I am really writing these to myself and will take no responsibility for any mistakes you make. Follow these notes at your own peril! ]

And enjoy the ride...

Lets Get Started

These steps assume some familiarity with OS X, and using the Terminal. I am using "@" to indicate the command-line prompt as the super-user, or "root." You must be logged on as the root user to compile your own distro of Apache as I am doing here in this note. The prompt "%" indicates the normal user. You must open up the Terminal program to perform these steps, as well as have either sudo or root access.

1. Change your working directory

   % cd ~/tmp
   

   I created a folder called "tmp" where I do my configuration.

2. Download the Apache source

   curl -O http://www.apache.org/dist/httpd/apache_1.3.29.tar.gz
   

3. Unpack the tarball

   @ tar xzvf apache_1.3.29.tar.gz
   

4. Move into the apache directory

   @ cd apache_1.3.29/
   

5. Configure Apache for Mac OSX and suEXEC

   @ ./configure \
   --enable-suexec \
   --enable-module=rewrite \
   --enable-shared=rewrite \
   --suexec-docroot=/Users \
   --suexec-userdir=Sites \
   --suexec-uidmin=500 \
   --suexec-gidmin=20 \
   --suexec-caller=www \
   --suexec-logfile=/var/log/httpd/suexec_log \
   --suexec-safepath=/usr/local/bin:/usr/bin:/bin \
   --suexec-umask=077 \
   --with-layout=Apache \
   --enable-module=so \
   --without-execstrip \ 
   --activate-module=src/modules/perl/libperl.a \
   --disable-shared=perl
   

   NOTE: The configuration options (above) can be modified as you see fit. This is a pretty slim configuration, but it was enough for my testing for what I was doing. For more information on compiling a custom Apache, check out the MacDev Center article.

6. Build the source

   @ make
   @ make install
   

7. Test the Apache configuration

   @ /usr/local/apache/bin/apachectl configtest
   Syntax OK
   

8. Restart Apache

   @ /usr/local/apache/bin/apachectl start
   /usr/local/apache/bin/apachectl start: httpd started
   

9. Turn off "Personal Web Sharing" in the System Preferences

10. Edit the Apache StartupItem to use our new Apache.

    As a result of my newly-gained knowledge, I'd like to suggest a new approach to creating an Apache startup bundle. First, copy Apple's startup bundle to a temporary location:

    % cp -rf /System/Library/StartupItems/Apache ~/Desktop/
    

    Now, using your favorite editor (TextEdit will work fine), open up the ~/Desktop/Apache/Apache file. Again, change all instances of apachectl to point to our new Apache server controller, usr/local/apache/bin/apachectl. However, do not delete the if statements. Instead, change the name of the variable to be checked from WEBSERVER to APACHESERVER. The resulting file should look like this:

    #!/bin/sh
    #
    ##
    # Apache HTTP Server
    #
    #
    ./etc/rc.common
    #
    StartService ()
    {
        if [ "${APACHESERVER:=-NO-}" = "-YES-" ]; then
            ConsoleMessage "Starting Apache web server"
            /usr/local/apache/bin/apachectl start
        fi
    }
    #
    StopService ()
    {
        ConsoleMessage "Stopping Apache web server"
        /usr/local/apache/bin/apachectl stop
    }
    #
    RestartService ()
    {
        if [ "${APACHESERVER:=-NO-}" = "-YES-" ]; then
            ConsoleMessage "Restarting Apache web server"
            /usr/local/apache/bin/apachectl restart
        else
            StopService
        fi
    }
    #
    RunService "$1"
    

    If you'd like Apache to start up with ssl support, change /usr/local/apache/bin/apachectl start to /usr/local/apache/bin/apachectl startssl.

    Next, add the $APACHESERVER variable to /etc/hostconfig. The simplest way to do this is to use the echo command on the command-line to append it to the the file:

    % sudo echo APACHESERVER=-YES- >> /etc/hostconfig
    

    You can also edit the file directly using TextEdit, but you must open TextEdit as the root user in order to be able to edit the file. You can use the sudo utility on the command-line to accomplish this:

    % sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/hostconfig
    

    Once you've added the line "APACHESERVER=-YES-", save your changes and quit TextEdit. Now move the entire startup bundle to its new home in /Library/StartupItems and test it:

    % sudo mv ~/Desktop/Apache /Library/StartupItems
    % sudo /Library/StartupItems/Apache/Apache start
    Starting Apache web server
    /usr/local/apache/bin/apachectl start: httpd started
    

    Point your browser to your local computer again and make sure the test page loads. If it does, you're in business, and the Apache server will be started whenever you boot into Mac OS X.