diff options
| author | Joe Orton <jorton@apache.org> | 2018-09-27 15:35:44 +0000 |
|---|---|---|
| committer | Joe Orton <jorton@apache.org> | 2018-09-27 15:35:44 +0000 |
| commit | 3867aa356ca4a98ee629324b7f422e76e59d6b67 (patch) | |
| tree | c86077be700d661bba79340201cb0dbb6db8df6a /docs/man | |
| parent | ef1dedf8be808834179333377ab77ac83d2dc9a1 (diff) | |
| download | httpd-3867aa356ca4a98ee629324b7f422e76e59d6b67.tar.gz | |
Revert borked transforms.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842104 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'docs/man')
| -rw-r--r-- | docs/man/ab.1 | 424 | ||||
| -rw-r--r-- | docs/man/apachectl.8 | 182 | ||||
| -rw-r--r-- | docs/man/apxs.1 | 470 | ||||
| -rw-r--r-- | docs/man/ctlogconfig.8 | 286 | ||||
| -rw-r--r-- | docs/man/dbmmanage.1 | 234 | ||||
| -rw-r--r-- | docs/man/fcgistarter.8 | 108 | ||||
| -rw-r--r-- | docs/man/firehose.1 | 118 | ||||
| -rw-r--r-- | docs/man/htcacheclean.8 | 284 | ||||
| -rw-r--r-- | docs/man/htdbm.1 | 386 | ||||
| -rw-r--r-- | docs/man/htdigest.1 | 116 | ||||
| -rw-r--r-- | docs/man/htpasswd.1 | 326 | ||||
| -rw-r--r-- | docs/man/httpd.8 | 230 | ||||
| -rw-r--r-- | docs/man/httxt2dbm.1 | 120 | ||||
| -rw-r--r-- | docs/man/logresolve.1 | 94 | ||||
| -rw-r--r-- | docs/man/rotatelogs.8 | 332 | ||||
| -rw-r--r-- | docs/man/suexec.8 | 88 |
16 files changed, 1899 insertions, 1899 deletions
diff --git a/docs/man/ab.1 b/docs/man/ab.1 index af1c0508e1..bc8ad76c57 100644 --- a/docs/man/ab.1 +++ b/docs/man/ab.1 @@ -1,216 +1,216 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "AB" 1 "@date@" "Apache HTTP Server" "ab" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "AB" 1 "2018-09-27" "Apache HTTP Server" "ab" -.SH NAME -ab \- Apache HTTP server benchmarking tool +.SH NAME +ab \- Apache HTTP server benchmarking tool -.SH "SYNOPSIS" -  -.PP -\fB\fBab\fR [ -\fBA\fR \fIauth-username\fR:\fIpassword\fR ] [ -\fBb\fR \fIwindowsize\fR ] [ -\fBB\fR \fIlocal-address\fR ] [ -\fBc\fR \fIconcurrency\fR ] [ -\fBC\fR \fIcookie-name\fR=\fIvalue\fR ] [ -\fBd\fR ] [ -\fBe\fR \fIcsv-file\fR ] [ -\fBE\fR \fIclient-certificate file\fR ] [ -\fBf\fR \fIprotocol\fR ] [ -\fBg\fR \fIgnuplot-file\fR ] [ -\fBh\fR ] [ -\fBH\fR \fIcustom-header\fR ] [ -\fBi\fR ] [ -\fBk\fR ] [ -\fBl\fR ] [ -\fBm\fR \fIHTTP-method\fR ] [ -\fBn\fR \fIrequests\fR ] [ -\fBp\fR \fIPOST-file\fR ] [ -\fBP\fR \fIproxy-auth-username\fR:\fIpassword\fR ] [ -\fBq\fR ] [ -\fBr\fR ] [ -\fBs\fR \fItimeout\fR ] [ -\fBS\fR ] [ -\fBt\fR \fItimelimit\fR ] [ -\fBT\fR \fIcontent-type\fR ] [ -\fBu\fR \fIPUT-file\fR ] [ -\fBv\fR \fIverbosity\fR] [ -\fBV\fR ] [ -\fBw\fR ] [ -\fBx\fR \fI<table>-attributes\fR ] [ -\fBX\fR \fIproxy\fR[:\fIport\fR] ] [ -\fBy\fR \fI<tr>-attributes\fR ] [ -\fBz\fR \fI<td>-attributes\fR ] [ -\fBZ\fR \fIciphersuite\fR ] [http[s]://]\fIhostname\fR[:\fIport\fR]/\fIpath\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBab\fR [ -\fBA\fR \fIauth-username\fR:\fIpassword\fR ] [ -\fBb\fR \fIwindowsize\fR ] [ -\fBB\fR \fIlocal-address\fR ] [ -\fBc\fR \fIconcurrency\fR ] [ -\fBC\fR \fIcookie-name\fR=\fIvalue\fR ] [ -\fBd\fR ] [ -\fBe\fR \fIcsv-file\fR ] [ -\fBE\fR \fIclient-certificate file\fR ] [ -\fBf\fR \fIprotocol\fR ] [ -\fBg\fR \fIgnuplot-file\fR ] [ -\fBh\fR ] [ -\fBH\fR \fIcustom-header\fR ] [ -\fBi\fR ] [ -\fBk\fR ] [ -\fBl\fR ] [ -\fBm\fR \fIHTTP-method\fR ] [ -\fBn\fR \fIrequests\fR ] [ -\fBp\fR \fIPOST-file\fR ] [ -\fBP\fR \fIproxy-auth-username\fR:\fIpassword\fR ] [ -\fBq\fR ] [ -\fBr\fR ] [ -\fBs\fR \fItimeout\fR ] [ -\fBS\fR ] [ -\fBt\fR \fItimelimit\fR ] [ -\fBT\fR \fIcontent-type\fR ] [ -\fBu\fR \fIPUT-file\fR ] [ -\fBv\fR \fIverbosity\fR] [ -\fBV\fR ] [ -\fBw\fR ] [ -\fBx\fR \fI<table>-attributes\fR ] [ -\fBX\fR \fIproxy\fR[:\fIport\fR] ] [ -\fBy\fR \fI<tr>-attributes\fR ] [ -\fBz\fR \fI<td>-attributes\fR ] [ -\fBZ\fR \fIciphersuite\fR ] [http[s]://]\fIhostname\fR[:\fIport\fR]/\fIpath\fR\fR + -.SH "SUMMARY" -  -.PP -\fBab\fR is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server\&. It is designed to give you an impression of how your current Apache installation performs\&. This especially shows you how many requests per second your Apache installation is capable of serving\&. -  +.SH "SUMMARY" + +.PP +\fBab\fR is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server\&. It is designed to give you an impression of how your current Apache installation performs\&. This especially shows you how many requests per second your Apache installation is capable of serving\&. + -.SH "OPTIONS" -  -  -.TP -\fB-A \fIauth-username\fR:\fIpassword\fR\fR -Supply BASIC Authentication credentials to the server\&. The username and password are separated by a single \fB:\fR and sent on the wire base64 encoded\&. The string is sent regardless of whether the server needs it (\fIi\&.e\&.\fR, has sent an 401 authentication needed)\&.   -.TP -\fB-b \fIwindowsize\fR\fR -Size of TCP send/receive buffer, in bytes\&.   -.TP -\fB-B \fIlocal-address\fR\fR -Address to bind to when making outgoing connections\&.   -.TP -\fB-c \fIconcurrency\fR\fR -Number of multiple requests to perform at a time\&. Default is one request at a time\&.   -.TP -\fB-C \fIcookie-name\fR=\fIvalue\fR\fR -Add a \fBCookie:\fR line to the request\&. The argument is typically in the form of a \fB\fIname\fR=\fIvalue\fR\fR pair\&. This field is repeatable\&.   -.TP -\fB-d\fR -Do not display the "percentage served within XX [ms] table"\&. (legacy support)\&.   -.TP -\fB-e \fIcsv-file\fR\fR -Write a Comma separated value (CSV) file which contains for each percentage (from 1% to 100%) the time (in milliseconds) it took to serve that percentage of the requests\&. This is usually more useful than the 'gnuplot' file; as the results are already 'binned'\&.   -.TP -\fB-E \fIclient-certificate-file\fR\fR -When connecting to an SSL website, use the provided client certificate in PEM format to authenticate with the server\&. The file is expected to contain the client certificate, followed by intermediate certificates, followed by the private key\&. Available in 2\&.4\&.36 and later\&.   -.TP -\fB-f \fIprotocol\fR\fR -Specify SSL/TLS protocol (SSL2, SSL3, TLS1, TLS1\&.1, TLS1\&.2, or ALL)\&. TLS1\&.1 and TLS1\&.2 support available in 2\&.4\&.4 and later\&.   -.TP -\fB-g \fIgnuplot-file\fR\fR -Write all measured values out as a 'gnuplot' or TSV (Tab separate values) file\&. This file can easily be imported into packages like Gnuplot, IDL, Mathematica, Igor or even Excel\&. The labels are on the first line of the file\&.   -.TP -\fB-h\fR -Display usage information\&.   -.TP -\fB-H \fIcustom-header\fR\fR -Append extra headers to the request\&. The argument is typically in the form of a valid header line, containing a colon-separated field-value pair (\fIi\&.e\&.\fR, \fB"Accept-Encoding: zip/zop;8bit"\fR)\&.   -.TP -\fB-i\fR -Do \fBHEAD\fR requests instead of \fBGET\fR\&.   -.TP -\fB-k\fR -Enable the HTTP KeepAlive feature, \fIi\&.e\&.\fR, perform multiple requests within one HTTP session\&. Default is no KeepAlive\&.   -.TP -\fB-l\fR -Do not report errors if the length of the responses is not constant\&. This can be useful for dynamic pages\&. Available in 2\&.4\&.7 and later\&.   -.TP -\fB-m \fIHTTP-method\fR\fR -Custom HTTP method for the requests\&. Available in 2\&.4\&.10 and later\&.   -.TP -\fB-n \fIrequests\fR\fR -Number of requests to perform for the benchmarking session\&. The default is to just perform a single request which usually leads to non-representative benchmarking results\&.   -.TP -\fB-p \fIPOST-file\fR\fR -File containing data to POST\&. Remember to also set \fB-T\fR\&.   -.TP -\fB-P \fIproxy-auth-username\fR:\fIpassword\fR\fR -Supply BASIC Authentication credentials to a proxy en-route\&. The username and password are separated by a single \fB:\fR and sent on the wire base64 encoded\&. The string is sent regardless of whether the proxy needs it (\fIi\&.e\&.\fR, has sent an 407 proxy authentication needed)\&.   -.TP -\fB-q\fR -When processing more than 150 requests, \fBab\fR outputs a progress count on \fBstderr\fR every 10% or 100 requests or so\&. The \fB-q\fR flag will suppress these messages\&.   -.TP -\fB-r\fR -Don't exit on socket receive errors\&.   -.TP -\fB-s \fItimeout\fR\fR -Maximum number of seconds to wait before the socket times out\&. Default is 30 seconds\&. Available in 2\&.4\&.4 and later\&.   -.TP -\fB-S\fR -Do not display the median and standard deviation values, nor display the warning/error messages when the average and median are more than one or two times the standard deviation apart\&. And default to the min/avg/max values\&. (legacy support)\&.   -.TP -\fB-t \fItimelimit\fR\fR -Maximum number of seconds to spend for benchmarking\&. This implies a \fB-n 50000\fR internally\&. Use this to benchmark the server within a fixed total amount of time\&. Per default there is no timelimit\&.   -.TP -\fB-T \fIcontent-type\fR\fR -Content-type header to use for POST/PUT data, eg\&. \fBapplication/x-www-form-urlencoded\fR\&. Default is \fBtext/plain\fR\&.   -.TP -\fB-u \fIPUT-file\fR\fR -File containing data to PUT\&. Remember to also set \fB-T\fR\&.   -.TP -\fB-v \fIverbosity\fR\fR -Set verbosity level - \fB4\fR and above prints information on headers, \fB3\fR and above prints response codes (404, 200, etc\&.), \fB2\fR and above prints warnings and info\&.   -.TP -\fB-V\fR -Display version number and exit\&.   -.TP -\fB-w\fR -Print out results in HTML tables\&. Default table is two columns wide, with a white background\&.   -.TP -\fB-x \fI<table>-attributes\fR\fR -String to use as attributes for \fB<table>\fR\&. Attributes are inserted \fB<table \fIhere\fR >\fR\&.   -.TP -\fB-X \fIproxy\fR[:\fIport\fR]\fR -Use a proxy server for the requests\&.   -.TP -\fB-y \fI<tr>-attributes\fR\fR -String to use as attributes for \fB<tr>\fR\&.   -.TP -\fB-z \fI<td>-attributes\fR\fR -String to use as attributes for \fB<td>\fR\&.   -.TP -\fB-Z \fIciphersuite\fR\fR -Specify SSL/TLS cipher suite (See openssl ciphers)   -  -.SH "OUTPUT" -  -.PP -The following list describes the values returned by \fBab\fR: -  -  -.TP -Server Software -The value, if any, returned in the \fIserver\fR HTTP header of the first successful response\&. This includes all characters in the header from beginning to the point a character with decimal value of 32 (most notably: a space or CR/LF) is detected\&.   -.TP -Server Hostname -The DNS or IP address given on the command line   -.TP -Server Port -The port to which ab is connecting\&. If no port is given on the command line, this will default to 80 for http and 443 for https\&.   -.TP -SSL/TLS Protocol -The protocol parameters negotiated between the client and server\&. This will only be printed if SSL is used\&.   -.TP -Document Path -The request URI parsed from the command line string\&.   -.TP -Document Length -This is the size in bytes of the first successfully returned document\&. If the document length changes during testing, the response is considered an error\&.   -.TP -Concurrency Level -The number of concurrent clients used during the test   -.TP -Time taken for tests -This is the time taken from the moment the first socket connection is created to the moment the last response is received   -.TP -Complete requests -The number of successful responses received   -.TP -Failed requests -The number of requests that were considered a failure\&. If the number is greater than zero, another line will be printed showing the number of requests that failed due to connecting, reading, incorrect content length, or exceptions\&.   -.TP -Write errors -The number of errors that failed during write (broken pipe)\&.   -.TP -Non-2xx responses -The number of responses that were not in the 200 series of response codes\&. If all responses were 200, this field is not printed\&.   -.TP -Keep-Alive requests -The number of connections that resulted in Keep-Alive requests   -.TP -Total body sent -If configured to send data as part of the test, this is the total number of bytes sent during the tests\&. This field is omitted if the test did not include a body to send\&.   -.TP -Total transferred -The total number of bytes received from the server\&. This number is essentially the number of bytes sent over the wire\&.   -.TP -HTML transferred -The total number of document bytes received from the server\&. This number excludes bytes received in HTTP headers   -.TP -Requests per second -This is the number of requests per second\&. This value is the result of dividing the number of requests by the total time taken   -.TP -Time per request -The average time spent per request\&. The first value is calculated with the formula \fBconcurrency * timetaken * 1000 / done\fR while the second value is calculated with the formula \fBtimetaken * 1000 / done\fR   -.TP -Transfer rate -The rate of transfer as calculated by the formula \fBtotalread / 1024 / timetaken\fR   -  -.SH "BUGS" -  -.PP -There are various statically declared buffers of fixed length\&. Combined with the lazy parsing of the command line arguments, the response headers from the server and other external inputs, this might bite you\&. -  -.PP -It does not implement HTTP/1\&.x fully; only accepts some 'expected' forms of responses\&. The rather heavy use of \fBstrstr(3)\fR shows up top in profile, which might indicate a performance problem; \fIi\&.e\&.\fR, you would measure the \fBab\fR performance rather than the server's\&. -  +.SH "OPTIONS" + + +.TP +\fB-A \fIauth-username\fR:\fIpassword\fR\fR +Supply BASIC Authentication credentials to the server\&. The username and password are separated by a single \fB:\fR and sent on the wire base64 encoded\&. The string is sent regardless of whether the server needs it (\fIi\&.e\&.\fR, has sent an 401 authentication needed)\&. +.TP +\fB-b \fIwindowsize\fR\fR +Size of TCP send/receive buffer, in bytes\&. +.TP +\fB-B \fIlocal-address\fR\fR +Address to bind to when making outgoing connections\&. +.TP +\fB-c \fIconcurrency\fR\fR +Number of multiple requests to perform at a time\&. Default is one request at a time\&. +.TP +\fB-C \fIcookie-name\fR=\fIvalue\fR\fR +Add a \fBCookie:\fR line to the request\&. The argument is typically in the form of a \fB\fIname\fR=\fIvalue\fR\fR pair\&. This field is repeatable\&. +.TP +\fB-d\fR +Do not display the "percentage served within XX [ms] table"\&. (legacy support)\&. +.TP +\fB-e \fIcsv-file\fR\fR +Write a Comma separated value (CSV) file which contains for each percentage (from 1% to 100%) the time (in milliseconds) it took to serve that percentage of the requests\&. This is usually more useful than the 'gnuplot' file; as the results are already 'binned'\&. +.TP +\fB-E \fIclient-certificate-file\fR\fR +When connecting to an SSL website, use the provided client certificate in PEM format to authenticate with the server\&. The file is expected to contain the client certificate, followed by intermediate certificates, followed by the private key\&. Available in 2\&.4\&.36 and later\&. +.TP +\fB-f \fIprotocol\fR\fR +Specify SSL/TLS protocol (SSL2, SSL3, TLS1, TLS1\&.1, TLS1\&.2, or ALL)\&. TLS1\&.1 and TLS1\&.2 support available in 2\&.4\&.4 and later\&. +.TP +\fB-g \fIgnuplot-file\fR\fR +Write all measured values out as a 'gnuplot' or TSV (Tab separate values) file\&. This file can easily be imported into packages like Gnuplot, IDL, Mathematica, Igor or even Excel\&. The labels are on the first line of the file\&. +.TP +\fB-h\fR +Display usage information\&. +.TP +\fB-H \fIcustom-header\fR\fR +Append extra headers to the request\&. The argument is typically in the form of a valid header line, containing a colon-separated field-value pair (\fIi\&.e\&.\fR, \fB"Accept-Encoding: zip/zop;8bit"\fR)\&. +.TP +\fB-i\fR +Do \fBHEAD\fR requests instead of \fBGET\fR\&. +.TP +\fB-k\fR +Enable the HTTP KeepAlive feature, \fIi\&.e\&.\fR, perform multiple requests within one HTTP session\&. Default is no KeepAlive\&. +.TP +\fB-l\fR +Do not report errors if the length of the responses is not constant\&. This can be useful for dynamic pages\&. Available in 2\&.4\&.7 and later\&. +.TP +\fB-m \fIHTTP-method\fR\fR +Custom HTTP method for the requests\&. Available in 2\&.4\&.10 and later\&. +.TP +\fB-n \fIrequests\fR\fR +Number of requests to perform for the benchmarking session\&. The default is to just perform a single request which usually leads to non-representative benchmarking results\&. +.TP +\fB-p \fIPOST-file\fR\fR +File containing data to POST\&. Remember to also set \fB-T\fR\&. +.TP +\fB-P \fIproxy-auth-username\fR:\fIpassword\fR\fR +Supply BASIC Authentication credentials to a proxy en-route\&. The username and password are separated by a single \fB:\fR and sent on the wire base64 encoded\&. The string is sent regardless of whether the proxy needs it (\fIi\&.e\&.\fR, has sent an 407 proxy authentication needed)\&. +.TP +\fB-q\fR +When processing more than 150 requests, \fBab\fR outputs a progress count on \fBstderr\fR every 10% or 100 requests or so\&. The \fB-q\fR flag will suppress these messages\&. +.TP +\fB-r\fR +Don't exit on socket receive errors\&. +.TP +\fB-s \fItimeout\fR\fR +Maximum number of seconds to wait before the socket times out\&. Default is 30 seconds\&. Available in 2\&.4\&.4 and later\&. +.TP +\fB-S\fR +Do not display the median and standard deviation values, nor display the warning/error messages when the average and median are more than one or two times the standard deviation apart\&. And default to the min/avg/max values\&. (legacy support)\&. +.TP +\fB-t \fItimelimit\fR\fR +Maximum number of seconds to spend for benchmarking\&. This implies a \fB-n 50000\fR internally\&. Use this to benchmark the server within a fixed total amount of time\&. Per default there is no timelimit\&. +.TP +\fB-T \fIcontent-type\fR\fR +Content-type header to use for POST/PUT data, eg\&. \fBapplication/x-www-form-urlencoded\fR\&. Default is \fBtext/plain\fR\&. +.TP +\fB-u \fIPUT-file\fR\fR +File containing data to PUT\&. Remember to also set \fB-T\fR\&. +.TP +\fB-v \fIverbosity\fR\fR +Set verbosity level - \fB4\fR and above prints information on headers, \fB3\fR and above prints response codes (404, 200, etc\&.), \fB2\fR and above prints warnings and info\&. +.TP +\fB-V\fR +Display version number and exit\&. +.TP +\fB-w\fR +Print out results in HTML tables\&. Default table is two columns wide, with a white background\&. +.TP +\fB-x \fI<table>-attributes\fR\fR +String to use as attributes for \fB<table>\fR\&. Attributes are inserted \fB<table \fIhere\fR >\fR\&. +.TP +\fB-X \fIproxy\fR[:\fIport\fR]\fR +Use a proxy server for the requests\&. +.TP +\fB-y \fI<tr>-attributes\fR\fR +String to use as attributes for \fB<tr>\fR\&. +.TP +\fB-z \fI<td>-attributes\fR\fR +String to use as attributes for \fB<td>\fR\&. +.TP +\fB-Z \fIciphersuite\fR\fR +Specify SSL/TLS cipher suite (See openssl ciphers) + +.SH "OUTPUT" + +.PP +The following list describes the values returned by \fBab\fR: + + +.TP +Server Software +The value, if any, returned in the \fIserver\fR HTTP header of the first successful response\&. This includes all characters in the header from beginning to the point a character with decimal value of 32 (most notably: a space or CR/LF) is detected\&. +.TP +Server Hostname +The DNS or IP address given on the command line +.TP +Server Port +The port to which ab is connecting\&. If no port is given on the command line, this will default to 80 for http and 443 for https\&. +.TP +SSL/TLS Protocol +The protocol parameters negotiated between the client and server\&. This will only be printed if SSL is used\&. +.TP +Document Path +The request URI parsed from the command line string\&. +.TP +Document Length +This is the size in bytes of the first successfully returned document\&. If the document length changes during testing, the response is considered an error\&. +.TP +Concurrency Level +The number of concurrent clients used during the test +.TP +Time taken for tests +This is the time taken from the moment the first socket connection is created to the moment the last response is received +.TP +Complete requests +The number of successful responses received +.TP +Failed requests +The number of requests that were considered a failure\&. If the number is greater than zero, another line will be printed showing the number of requests that failed due to connecting, reading, incorrect content length, or exceptions\&. +.TP +Write errors +The number of errors that failed during write (broken pipe)\&. +.TP +Non-2xx responses +The number of responses that were not in the 200 series of response codes\&. If all responses were 200, this field is not printed\&. +.TP +Keep-Alive requests +The number of connections that resulted in Keep-Alive requests +.TP +Total body sent +If configured to send data as part of the test, this is the total number of bytes sent during the tests\&. This field is omitted if the test did not include a body to send\&. +.TP +Total transferred +The total number of bytes received from the server\&. This number is essentially the number of bytes sent over the wire\&. +.TP +HTML transferred +The total number of document bytes received from the server\&. This number excludes bytes received in HTTP headers +.TP +Requests per second +This is the number of requests per second\&. This value is the result of dividing the number of requests by the total time taken +.TP +Time per request +The average time spent per request\&. The first value is calculated with the formula \fBconcurrency * timetaken * 1000 / done\fR while the second value is calculated with the formula \fBtimetaken * 1000 / done\fR +.TP +Transfer rate +The rate of transfer as calculated by the formula \fBtotalread / 1024 / timetaken\fR + +.SH "BUGS" + +.PP +There are various statically declared buffers of fixed length\&. Combined with the lazy parsing of the command line arguments, the response headers from the server and other external inputs, this might bite you\&. + +.PP +It does not implement HTTP/1\&.x fully; only accepts some 'expected' forms of responses\&. The rather heavy use of \fBstrstr(3)\fR shows up top in profile, which might indicate a performance problem; \fIi\&.e\&.\fR, you would measure the \fBab\fR performance rather than the server's\&. + diff --git a/docs/man/apachectl.8 b/docs/man/apachectl.8 index 964750d483..ad32f9c9b6 100644 --- a/docs/man/apachectl.8 +++ b/docs/man/apachectl.8 @@ -1,95 +1,95 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "APACHECTL" 8 "@date@" "Apache HTTP Server" "apachectl" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "APACHECTL" 8 "2018-09-27" "Apache HTTP Server" "apachectl" -.SH NAME -apachectl \- Apache HTTP Server Control Interface +.SH NAME +apachectl \- Apache HTTP Server Control Interface -.SH "SYNOPSIS" -  -.PP -When acting in pass-through mode, \fBapachectl\fR can take all the arguments available for the httpd binary\&. -  -.PP -\fB\fBapachectl\fR [ \fIhttpd-argument\fR ]\fR -  -.PP -When acting in SysV init mode, \fBapachectl\fR takes simple, one-word commands, defined below\&. -  -.PP -\fB\fBapachectl\fR \fIcommand\fR\fR -  +.SH "SYNOPSIS" + +.PP +When acting in pass-through mode, \fBapachectl\fR can take all the arguments available for the httpd binary\&. + +.PP +\fB\fBapachectl\fR [ \fIhttpd-argument\fR ]\fR + +.PP +When acting in SysV init mode, \fBapachectl\fR takes simple, one-word commands, defined below\&. + +.PP +\fB\fBapachectl\fR \fIcommand\fR\fR + -.SH "SUMMARY" -  -.PP -\fBapachectl\fR is a front end to the Apache HyperText Transfer Protocol (HTTP) server\&. It is designed to help the administrator control the functioning of the Apache httpd daemon\&. -  -.PP -The \fBapachectl\fR script can operate in two modes\&. First, it can act as a simple front-end to the httpd command that simply sets any necessary environment variables and then invokes httpd, passing through any command line arguments\&. Second, \fBapachectl\fR can act as a SysV init script, taking simple one-word arguments like \fBstart\fR, \fBrestart\fR, and \fBstop\fR, and translating them into appropriate signals to httpd\&. -  -.PP -If your Apache installation uses non-standard paths, you will need to edit the \fBapachectl\fR script to set the appropriate paths to the httpd binary\&. You can also specify any necessary httpd command line arguments\&. See the comments in the script for details\&. -  -.PP -The \fBapachectl\fR script returns a 0 exit value on success, and >0 if an error occurs\&. For more details, view the comments in the script\&. -  +.SH "SUMMARY" + +.PP +\fBapachectl\fR is a front end to the Apache HyperText Transfer Protocol (HTTP) server\&. It is designed to help the administrator control the functioning of the Apache httpd daemon\&. + +.PP +The \fBapachectl\fR script can operate in two modes\&. First, it can act as a simple front-end to the httpd command that simply sets any necessary environment variables and then invokes httpd, passing through any command line arguments\&. Second, \fBapachectl\fR can act as a SysV init script, taking simple one-word arguments like \fBstart\fR, \fBrestart\fR, and \fBstop\fR, and translating them into appropriate signals to httpd\&. + +.PP +If your Apache installation uses non-standard paths, you will need to edit the \fBapachectl\fR script to set the appropriate paths to the httpd binary\&. You can also specify any necessary httpd command line arguments\&. See the comments in the script for details\&. + +.PP +The \fBapachectl\fR script returns a 0 exit value on success, and >0 if an error occurs\&. For more details, view the comments in the script\&. + -.SH "OPTIONS" -  -.PP -Only the SysV init-style options are defined here\&. Other arguments are defined on the httpd manual page\&. -  -  -.TP -\fBstart\fR -Start the Apache httpd daemon\&. Gives an error if it is already running\&. This is equivalent to \fBapachectl -k start\fR\&.   -.TP -\fBstop\fR -Stops the Apache httpd daemon\&. This is equivalent to \fBapachectl -k stop\fR\&.   -.TP -\fBrestart\fR -Restarts the Apache httpd daemon\&. If the daemon is not running, it is started\&. This command automatically checks the configuration files as in \fBconfigtest\fR before initiating the restart to make sure the daemon doesn't die\&. This is equivalent to \fBapachectl -k restart\fR\&.   -.TP -\fBfullstatus\fR -Displays a full status report from mod_status\&. For this to work, you need to have mod_status enabled on your server and a text-based browser such as \fBlynx\fR available on your system\&. The URL used to access the status report can be set by editing the \fBSTATUSURL\fR variable in the script\&.   -.TP -\fBstatus\fR -Displays a brief status report\&. Similar to the \fBfullstatus\fR option, except that the list of requests currently being served is omitted\&.   -.TP -\fBgraceful\fR -Gracefully restarts the Apache httpd daemon\&. If the daemon is not running, it is started\&. This differs from a normal restart in that currently open connections are not aborted\&. A side effect is that old log files will not be closed immediately\&. This means that if used in a log rotation script, a substantial delay may be necessary to ensure that the old log files are closed before processing them\&. This command automatically checks the configuration files as in \fBconfigtest\fR before initiating the restart to make sure Apache doesn't die\&. This is equivalent to \fBapachectl -k graceful\fR\&.   -.TP -\fBgraceful-stop\fR -Gracefully stops the Apache httpd daemon\&. This differs from a normal stop in that currently open connections are not aborted\&. A side effect is that old log files will not be closed immediately\&. This is equivalent to \fBapachectl -k graceful-stop\fR\&.   -.TP -\fBconfigtest\fR -Run a configuration file syntax test\&. It parses the configuration files and either reports \fBSyntax Ok\fR or detailed information about the particular syntax error\&. This is equivalent to \fBapachectl -t\fR\&.   -  -.PP -The following option was available in earlier versions but has been removed\&. -  -  -.TP -\fBstartssl\fR -To start httpd with SSL support, you should edit your configuration file to include the relevant directives and then use the normal \fBapachectl start\fR\&.   -  +.SH "OPTIONS" + +.PP +Only the SysV init-style options are defined here\&. Other arguments are defined on the httpd manual page\&. + + +.TP +\fBstart\fR +Start the Apache httpd daemon\&. Gives an error if it is already running\&. This is equivalent to \fBapachectl -k start\fR\&. +.TP +\fBstop\fR +Stops the Apache httpd daemon\&. This is equivalent to \fBapachectl -k stop\fR\&. +.TP +\fBrestart\fR +Restarts the Apache httpd daemon\&. If the daemon is not running, it is started\&. This command automatically checks the configuration files as in \fBconfigtest\fR before initiating the restart to make sure the daemon doesn't die\&. This is equivalent to \fBapachectl -k restart\fR\&. +.TP +\fBfullstatus\fR +Displays a full status report from mod_status\&. For this to work, you need to have mod_status enabled on your server and a text-based browser such as \fBlynx\fR available on your system\&. The URL used to access the status report can be set by editing the \fBSTATUSURL\fR variable in the script\&. +.TP +\fBstatus\fR +Displays a brief status report\&. Similar to the \fBfullstatus\fR option, except that the list of requests currently being served is omitted\&. +.TP +\fBgraceful\fR +Gracefully restarts the Apache httpd daemon\&. If the daemon is not running, it is started\&. This differs from a normal restart in that currently open connections are not aborted\&. A side effect is that old log files will not be closed immediately\&. This means that if used in a log rotation script, a substantial delay may be necessary to ensure that the old log files are closed before processing them\&. This command automatically checks the configuration files as in \fBconfigtest\fR before initiating the restart to make sure Apache doesn't die\&. This is equivalent to \fBapachectl -k graceful\fR\&. +.TP +\fBgraceful-stop\fR +Gracefully stops the Apache httpd daemon\&. This differs from a normal stop in that currently open connections are not aborted\&. A side effect is that old log files will not be closed immediately\&. This is equivalent to \fBapachectl -k graceful-stop\fR\&. +.TP +\fBconfigtest\fR +Run a configuration file syntax test\&. It parses the configuration files and either reports \fBSyntax Ok\fR or detailed information about the particular syntax error\&. This is equivalent to \fBapachectl -t\fR\&. + +.PP +The following option was available in earlier versions but has been removed\&. + + +.TP +\fBstartssl\fR +To start httpd with SSL support, you should edit your configuration file to include the relevant directives and then use the normal \fBapachectl start\fR\&. + diff --git a/docs/man/apxs.1 b/docs/man/apxs.1 index ca60ff8d72..236c3add36 100644 --- a/docs/man/apxs.1 +++ b/docs/man/apxs.1 @@ -1,247 +1,247 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "APXS" 1 "@date@" "Apache HTTP Server" "apxs" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "APXS" 1 "2018-09-27" "Apache HTTP Server" "apxs" -.SH NAME -apxs \- APache eXtenSion tool +.SH NAME +apxs \- APache eXtenSion tool -.SH "SYNOPSIS" -  -.PP -\fB\fBapxs\fR -\fBg\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] -\fBn\fR \fImodname\fR\fR -  -.PP -\fB\fBapxs\fR -\fBq\fR [ -\fBv\fR ] [ -\fBS\fR \fIname\fR=\fIvalue\fR ] \fIquery\fR \&.\&.\&.\fR -  -.PP -\fB\fBapxs\fR -\fBc\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] [ -\fBo\fR \fIdsofile\fR ] [ -\fBI\fR \fIincdir\fR ] [ -\fBD\fR \fIname\fR=\fIvalue\fR ] [ -\fBL\fR \fIlibdir\fR ] [ -\fBl\fR \fIlibname\fR ] [ -\fBWc,\fR\fIcompiler-flags\fR ] [ -\fBWl,\fR\fIlinker-flags\fR ] \fIfiles\fR \&.\&.\&.\fR -  -.PP -\fB\fBapxs\fR -\fBi\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] [ -\fBn\fR \fImodname\fR ] [ -\fBa\fR ] [ -\fBA\fR ] \fIdso-file\fR \&.\&.\&.\fR -  -.PP -\fB\fBapxs\fR -\fBe\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] [ -\fBn\fR \fImodname\fR ] [ -\fBa\fR ] [ -\fBA\fR ] \fIdso-file\fR \&.\&.\&.\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBapxs\fR -\fBg\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] -\fBn\fR \fImodname\fR\fR + +.PP +\fB\fBapxs\fR -\fBq\fR [ -\fBv\fR ] [ -\fBS\fR \fIname\fR=\fIvalue\fR ] \fIquery\fR \&.\&.\&.\fR + +.PP +\fB\fBapxs\fR -\fBc\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] [ -\fBo\fR \fIdsofile\fR ] [ -\fBI\fR \fIincdir\fR ] [ -\fBD\fR \fIname\fR=\fIvalue\fR ] [ -\fBL\fR \fIlibdir\fR ] [ -\fBl\fR \fIlibname\fR ] [ -\fBWc,\fR\fIcompiler-flags\fR ] [ -\fBWl,\fR\fIlinker-flags\fR ] \fIfiles\fR \&.\&.\&.\fR + +.PP +\fB\fBapxs\fR -\fBi\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] [ -\fBn\fR \fImodname\fR ] [ -\fBa\fR ] [ -\fBA\fR ] \fIdso-file\fR \&.\&.\&.\fR + +.PP +\fB\fBapxs\fR -\fBe\fR [ -\fBS\fR \fIname\fR=\fIvalue\fR ] [ -\fBn\fR \fImodname\fR ] [ -\fBa\fR ] [ -\fBA\fR ] \fIdso-file\fR \&.\&.\&.\fR + -.SH "SUMMARY" -  -.PP -\fBapxs\fR is a tool for building and installing extension modules for the Apache HyperText Transfer Protocol (HTTP) server\&. This is achieved by building a dynamic shared object (DSO) from one or more source or object \fIfiles\fR which then can be loaded into the Apache server under runtime via the LoadModule directive from mod_so\&. -  -.PP -So to use this extension mechanism your platform has to support the DSO feature and your Apache httpd binary has to be built with the mod_so module\&. The \fBapxs\fR tool automatically complains if this is not the case\&. You can check this yourself by manually running the command -  -.nf +.SH "SUMMARY" + +.PP +\fBapxs\fR is a tool for building and installing extension modules for the Apache HyperText Transfer Protocol (HTTP) server\&. This is achieved by building a dynamic shared object (DSO) from one or more source or object \fIfiles\fR which then can be loaded into the Apache server under runtime via the LoadModule directive from mod_so\&. + +.PP +So to use this extension mechanism your platform has to support the DSO feature and your Apache httpd binary has to be built with the mod_so module\&. The \fBapxs\fR tool automatically complains if this is not the case\&. You can check this yourself by manually running the command + +.nf -      $ httpd -l -     -.fi -  -.PP -The module mod_so should be part of the displayed list\&. If these requirements are fulfilled you can easily extend your Apache server's functionality by installing your own modules with the DSO mechanism by the help of this \fBapxs\fR tool: -  -.nf + $ httpd -l + +.fi + +.PP +The module mod_so should be part of the displayed list\&. If these requirements are fulfilled you can easily extend your Apache server's functionality by installing your own modules with the DSO mechanism by the help of this \fBapxs\fR tool: + +.nf -      $ apxs -i -a -c mod_foo\&.c -      gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo\&.c -      ld -Bshareable -o mod_foo\&.so mod_foo\&.o -      cp mod_foo\&.so /path/to/apache/modules/mod_foo\&.so -      chmod 755 /path/to/apache/modules/mod_foo\&.so -      [activating module `foo' in /path/to/apache/etc/httpd\&.conf] -      $ apachectl restart -      /path/to/apache/sbin/apachectl restart: httpd not running, trying to start -      [Tue Mar 31 11:27:55 1998] [debug] mod_so\&.c(303): loaded module foo_module -      /path/to/apache/sbin/apachectl restart: httpd started -      $ _ -     -.fi -  -.PP -The arguments \fIfiles\fR can be any C source file (\&.c), a object file (\&.o) or even a library archive (\&.a)\&. The \fBapxs\fR tool automatically recognizes these extensions and automatically used the C source files for compilation while just using the object and archive files for the linking phase\&. But when using such pre-compiled objects make sure they are compiled for position independent code (PIC) to be able to use them for a dynamically loaded shared object\&. For instance with GCC you always just have to use \fB-fpic\fR\&. For other C compilers consult its manual page or at watch for the flags \fBapxs\fR uses to compile the object files\&. -  -.PP -For more details about DSO support in Apache read the documentation of mod_so or perhaps even read the \fBsrc/modules/standard/mod_so\&.c\fR source file\&. -  + $ apxs -i -a -c mod_foo\&.c + gcc -fpic -DSHARED_MODULE -I/path/to/apache/include -c mod_foo\&.c + ld -Bshareable -o mod_foo\&.so mod_foo\&.o + cp mod_foo\&.so /path/to/apache/modules/mod_foo\&.so + chmod 755 /path/to/apache/modules/mod_foo\&.so + [activating module `foo' in /path/to/apache/etc/httpd\&.conf] + $ apachectl restart + /path/to/apache/sbin/apachectl restart: httpd not running, trying to start + [Tue Mar 31 11:27:55 1998] [debug] mod_so\&.c(303): loaded module foo_module + /path/to/apache/sbin/apachectl restart: httpd started + $ _ + +.fi + +.PP +The arguments \fIfiles\fR can be any C source file (\&.c), a object file (\&.o) or even a library archive (\&.a)\&. The \fBapxs\fR tool automatically recognizes these extensions and automatically used the C source files for compilation while just using the object and archive files for the linking phase\&. But when using such pre-compiled objects make sure they are compiled for position independent code (PIC) to be able to use them for a dynamically loaded shared object\&. For instance with GCC you always just have to use \fB-fpic\fR\&. For other C compilers consult its manual page or at watch for the flags \fBapxs\fR uses to compile the object files\&. + +.PP +For more details about DSO support in Apache read the documentation of mod_so or perhaps even read the \fBsrc/modules/standard/mod_so\&.c\fR source file\&. + -.SH "OPTIONS" -  -.SS "Common Options" -  -  -.TP -\fB-n \fImodname\fR\fR -This explicitly sets the module name for the \fB-i\fR (install) and \fB-g\fR (template generation) option\&. Use this to explicitly specify the module name\&. For option \fB-g\fR this is required, for option \fB-i\fR the \fBapxs\fR tool tries to determine the name from the source or (as a fallback) at least by guessing it from the filename\&.   -   -.SS "Query Options" -  -  -.TP -\fB-q\fR -Performs a query for variables and environment settings used to build \fBhttpd\fR\&. When invoked without \fIquery\fR parameters, it prints all known variables and their values\&. The optional \fB-v\fR parameter formats the list output\&. .PP Use this to manually determine settings used to build the \fBhttpd\fR that will load your module\&. For instance use INC=-I`apxs -q INCLUDEDIR` .PP inside your own Makefiles if you need manual access to Apache's C header files\&.   -   -.SS "Configuration Options" -  -  -.TP -\fB-S \fIname\fR=\fIvalue\fR\fR -This option changes the apxs settings described above\&.   -   -.SS "Template Generation Options" -  -  -.TP -\fB-g\fR -This generates a subdirectory \fIname\fR (see option \fB-n\fR) and there two files: A sample module source file named \fBmod_\fIname\fR\&.c\fR which can be used as a template for creating your own modules or as a quick start for playing with the apxs mechanism\&. And a corresponding \fBMakefile\fR for even easier build and installing of this module\&.   -   -.SS "DSO Compilation Options" -  -  -.TP -\fB-c\fR -This indicates the compilation operation\&. It first compiles the C source files (\&.c) of \fIfiles\fR into corresponding object files (\&.o) and then builds a dynamically shared object in \fIdsofile\fR by linking these object files plus the remaining object files (\&.o and \&.a) of \fIfiles\fR\&. If no \fB-o\fR option is specified the output file is guessed from the first filename in \fIfiles\fR and thus usually defaults to \fBmod_\fIname\fR\&.so\fR\&.   -.TP -\fB-o \fIdsofile\fR\fR -Explicitly specifies the filename of the created dynamically shared object\&. If not specified and the name cannot be guessed from the \fIfiles\fR list, the fallback name \fBmod_unknown\&.so\fR is used\&.   -.TP -\fB-D \fIname\fR=\fIvalue\fR\fR -This option is directly passed through to the compilation command(s)\&. Use this to add your own defines to the build process\&.   -.TP -\fB-I \fIincdir\fR\fR -This option is directly passed through to the compilation command(s)\&. Use this to add your own include directories to search to the build process\&.   -.TP -\fB-L \fIlibdir\fR\fR -This option is directly passed through to the linker command\&. Use this to add your own library directories to search to the build process\&.   -.TP -\fB-l \fIlibname\fR\fR -This option is directly passed through to the linker command\&. Use this to add your own libraries to search to the build process\&.   -.TP -\fB-Wc,\fIcompiler-flags\fR\fR -This option passes \fIcompiler-flags\fR as additional flags to the \fBlibtool --mode=compile\fR command\&. Use this to add local compiler-specific options\&.   -.TP -\fB-Wl,\fIlinker-flags\fR\fR -This option passes \fIlinker-flags\fR as additional flags to the \fBlibtool --mode=link\fR command\&. Use this to add local linker-specific options\&.   -.TP -\fB-p\fR -This option causes apxs to link against the apr/apr-util libraries\&. This is useful when compiling helper programs that use the apr/apr-util libraries\&.   -   -.SS "DSO Installation and Configuration Options" -   -  -.TP -\fB-i\fR -This indicates the installation operation and installs one or more dynamically shared objects into the server's \fImodules\fR directory\&.   -.TP -\fB-a\fR -This activates the module by automatically adding a corresponding LoadModule line to Apache's \fBhttpd\&.conf\fR configuration file, or by enabling it if it already exists\&.   -.TP -\fB-A\fR -Same as option \fB-a\fR but the created LoadModule directive is prefixed with a hash sign (\fB#\fR), \fIi\&.e\&.\fR, the module is just prepared for later activation but initially disabled\&.   -.TP -\fB-e\fR -This indicates the editing operation, which can be used with the \fB-a\fR and \fB-A\fR options similarly to the \fB-i\fR operation to edit Apache's \fBhttpd\&.conf\fR configuration file without attempting to install the module\&.   -   -.SH "EXAMPLES" -  -.PP -Assume you have an Apache module named \fBmod_foo\&.c\fR available which should extend Apache's server functionality\&. To accomplish this you first have to compile the C source into a shared object suitable for loading into the Apache server under runtime via the following command: -  -.nf +.SH "OPTIONS" + +.SS "Common Options" + + +.TP +\fB-n \fImodname\fR\fR +This explicitly sets the module name for the \fB-i\fR (install) and \fB-g\fR (template generation) option\&. Use this to explicitly specify the module name\&. For option \fB-g\fR this is required, for option \fB-i\fR the \fBapxs\fR tool tries to determine the name from the source or (as a fallback) at least by guessing it from the filename\&. + +.SS "Query Options" + + +.TP +\fB-q\fR +Performs a query for variables and environment settings used to build \fBhttpd\fR\&. When invoked without \fIquery\fR parameters, it prints all known variables and their values\&. The optional \fB-v\fR parameter formats the list output\&. .PP Use this to manually determine settings used to build the \fBhttpd\fR that will load your module\&. For instance use INC=-I`apxs -q INCLUDEDIR` .PP inside your own Makefiles if you need manual access to Apache's C header files\&. + +.SS "Configuration Options" + + +.TP +\fB-S \fIname\fR=\fIvalue\fR\fR +This option changes the apxs settings described above\&. + +.SS "Template Generation Options" + + +.TP +\fB-g\fR +This generates a subdirectory \fIname\fR (see option \fB-n\fR) and there two files: A sample module source file named \fBmod_\fIname\fR\&.c\fR which can be used as a template for creating your own modules or as a quick start for playing with the apxs mechanism\&. And a corresponding \fBMakefile\fR for even easier build and installing of this module\&. + +.SS "DSO Compilation Options" + + +.TP +\fB-c\fR +This indicates the compilation operation\&. It first compiles the C source files (\&.c) of \fIfiles\fR into corresponding object files (\&.o) and then builds a dynamically shared object in \fIdsofile\fR by linking these object files plus the remaining object files (\&.o and \&.a) of \fIfiles\fR\&. If no \fB-o\fR option is specified the output file is guessed from the first filename in \fIfiles\fR and thus usually defaults to \fBmod_\fIname\fR\&.so\fR\&. +.TP +\fB-o \fIdsofile\fR\fR +Explicitly specifies the filename of the created dynamically shared object\&. If not specified and the name cannot be guessed from the \fIfiles\fR list, the fallback name \fBmod_unknown\&.so\fR is used\&. +.TP +\fB-D \fIname\fR=\fIvalue\fR\fR +This option is directly passed through to the compilation command(s)\&. Use this to add your own defines to the build process\&. +.TP +\fB-I \fIincdir\fR\fR +This option is directly passed through to the compilation command(s)\&. Use this to add your own include directories to search to the build process\&. +.TP +\fB-L \fIlibdir\fR\fR +This option is directly passed through to the linker command\&. Use this to add your own library directories to search to the build process\&. +.TP +\fB-l \fIlibname\fR\fR +This option is directly passed through to the linker command\&. Use this to add your own libraries to search to the build process\&. +.TP +\fB-Wc,\fIcompiler-flags\fR\fR +This option passes \fIcompiler-flags\fR as additional flags to the \fBlibtool --mode=compile\fR command\&. Use this to add local compiler-specific options\&. +.TP +\fB-Wl,\fIlinker-flags\fR\fR +This option passes \fIlinker-flags\fR as additional flags to the \fBlibtool --mode=link\fR command\&. Use this to add local linker-specific options\&. +.TP +\fB-p\fR +This option causes apxs to link against the apr/apr-util libraries\&. This is useful when compiling helper programs that use the apr/apr-util libraries\&. + +.SS "DSO Installation and Configuration Options" + + +.TP +\fB-i\fR +This indicates the installation operation and installs one or more dynamically shared objects into the server's \fImodules\fR directory\&. +.TP +\fB-a\fR +This activates the module by automatically adding a corresponding LoadModule line to Apache's \fBhttpd\&.conf\fR configuration file, or by enabling it if it already exists\&. +.TP +\fB-A\fR +Same as option \fB-a\fR but the created LoadModule directive is prefixed with a hash sign (\fB#\fR), \fIi\&.e\&.\fR, the module is just prepared for later activation but initially disabled\&. +.TP +\fB-e\fR +This indicates the editing operation, which can be used with the \fB-a\fR and \fB-A\fR options similarly to the \fB-i\fR operation to edit Apache's \fBhttpd\&.conf\fR configuration file without attempting to install the module\&. + +.SH "EXAMPLES" + +.PP +Assume you have an Apache module named \fBmod_foo\&.c\fR available which should extend Apache's server functionality\&. To accomplish this you first have to compile the C source into a shared object suitable for loading into the Apache server under runtime via the following command: + +.nf -      $ apxs -c mod_foo\&.c -      /path/to/libtool --mode=compile gcc \&.\&.\&. -c mod_foo\&.c -      /path/to/libtool --mode=link gcc \&.\&.\&. -o mod_foo\&.la mod_foo\&.slo -      $ _ -     -.fi -  -.PP -Then you have to update the Apache configuration by making sure a LoadModule directive is present to load this shared object\&. To simplify this step \fBapxs\fR provides an automatic way to install the shared object in its "modules" directory and updating the \fBhttpd\&.conf\fR file accordingly\&. This can be achieved by running: -  -.nf + $ apxs -c mod_foo\&.c + /path/to/libtool --mode=compile gcc \&.\&.\&. -c mod_foo\&.c + /path/to/libtool --mode=link gcc \&.\&.\&. -o mod_foo\&.la mod_foo\&.slo + $ _ + +.fi + +.PP +Then you have to update the Apache configuration by making sure a LoadModule directive is present to load this shared object\&. To simplify this step \fBapxs\fR provides an automatic way to install the shared object in its "modules" directory and updating the \fBhttpd\&.conf\fR file accordingly\&. This can be achieved by running: + +.nf -      $ apxs -i -a mod_foo\&.la -      /path/to/instdso\&.sh mod_foo\&.la /path/to/apache/modules -      /path/to/libtool --mode=install cp mod_foo\&.la /path/to/apache/modules -      \&.\&.\&. -      chmod 755 /path/to/apache/modules/mod_foo\&.so -      [activating module `foo' in /path/to/apache/conf/httpd\&.conf] -      $ _ -     -.fi -  -.PP -This way a line named -  -.nf + $ apxs -i -a mod_foo\&.la + /path/to/instdso\&.sh mod_foo\&.la /path/to/apache/modules + /path/to/libtool --mode=install cp mod_foo\&.la /path/to/apache/modules + \&.\&.\&. + chmod 755 /path/to/apache/modules/mod_foo\&.so + [activating module `foo' in /path/to/apache/conf/httpd\&.conf] + $ _ + +.fi + +.PP +This way a line named + +.nf -      LoadModule foo_module modules/mod_foo\&.so -     -.fi -  -.PP -is added to the configuration file if still not present\&. If you want to have this disabled per default use the \fB-A\fR option, \fIi\&.e\&.\fR -  -.nf + LoadModule foo_module modules/mod_foo\&.so + +.fi + +.PP +is added to the configuration file if still not present\&. If you want to have this disabled per default use the \fB-A\fR option, \fIi\&.e\&.\fR + +.nf -      $ apxs -i -A mod_foo\&.c -     -.fi -  -.PP -For a quick test of the apxs mechanism you can create a sample Apache module template plus a corresponding Makefile via: -  -.nf + $ apxs -i -A mod_foo\&.c + +.fi + +.PP +For a quick test of the apxs mechanism you can create a sample Apache module template plus a corresponding Makefile via: + +.nf -      $ apxs -g -n foo -      Creating [DIR]  foo -      Creating [FILE] foo/Makefile -      Creating [FILE] foo/modules\&.mk -      Creating [FILE] foo/mod_foo\&.c -      Creating [FILE] foo/\&.deps -      $ _ -     -.fi -  -.PP -Then you can immediately compile this sample module into a shared object and load it into the Apache server: -  -.nf + $ apxs -g -n foo + Creating [DIR] foo + Creating [FILE] foo/Makefile + Creating [FILE] foo/modules\&.mk + Creating [FILE] foo/mod_foo\&.c + Creating [FILE] foo/\&.deps + $ _ + +.fi + +.PP +Then you can immediately compile this sample module into a shared object and load it into the Apache server: + +.nf -      $ cd foo -      $ make all reload -      apxs -c mod_foo\&.c -      /path/to/libtool --mode=compile gcc \&.\&.\&. -c mod_foo\&.c -      /path/to/libtool --mode=link gcc \&.\&.\&. -o mod_foo\&.la mod_foo\&.slo -      apxs -i -a -n "foo" mod_foo\&.la -      /path/to/instdso\&.sh mod_foo\&.la /path/to/apache/modules -      /path/to/libtool --mode=install cp mod_foo\&.la /path/to/apache/modules -      \&.\&.\&. -      chmod 755 /path/to/apache/modules/mod_foo\&.so -      [activating module `foo' in /path/to/apache/conf/httpd\&.conf] -      apachectl restart -      /path/to/apache/sbin/apachectl restart: httpd not running, trying to start -      [Tue Mar 31 11:27:55 1998] [debug] mod_so\&.c(303): loaded module foo_module -      /path/to/apache/sbin/apachectl restart: httpd started -      $ _ -     -.fi -  + $ cd foo + $ make all reload + apxs -c mod_foo\&.c + /path/to/libtool --mode=compile gcc \&.\&.\&. -c mod_foo\&.c + /path/to/libtool --mode=link gcc \&.\&.\&. -o mod_foo\&.la mod_foo\&.slo + apxs -i -a -n "foo" mod_foo\&.la + /path/to/instdso\&.sh mod_foo\&.la /path/to/apache/modules + /path/to/libtool --mode=install cp mod_foo\&.la /path/to/apache/modules + \&.\&.\&. + chmod 755 /path/to/apache/modules/mod_foo\&.so + [activating module `foo' in /path/to/apache/conf/httpd\&.conf] + apachectl restart + /path/to/apache/sbin/apachectl restart: httpd not running, trying to start + [Tue Mar 31 11:27:55 1998] [debug] mod_so\&.c(303): loaded module foo_module + /path/to/apache/sbin/apachectl restart: httpd started + $ _ + +.fi + diff --git a/docs/man/ctlogconfig.8 b/docs/man/ctlogconfig.8 index f8b7a31f7d..9329f06478 100644 --- a/docs/man/ctlogconfig.8 +++ b/docs/man/ctlogconfig.8 @@ -1,149 +1,149 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "CTLOGCONFIG" 8 "@date@" "Apache HTTP Server" "ctlogconfig" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "CTLOGCONFIG" 8 "2018-09-27" "Apache HTTP Server" "ctlogconfig" -.SH NAME -ctlogconfig \- Certificate Transparency log configuration tool +.SH NAME +ctlogconfig \- Certificate Transparency log configuration tool -.SH "SYNOPSIS" -   -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBdump\fR \fR -  -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBconfigure-public-key\fR [ \fIlog-id\fR|\fIrecord-id\fR ] \fI/path/to/public-key\&.pem\fR \fR -  -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBconfigure-url\fR [ \fIlog-id\fR|\fIrecord-id\fR ] \fIlog-URL\fR \fR -  -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBvalid-time-range\fR \fIlog-id\fR|\fIrecord-id\fR \fImin-timestamp\fR \fImax-timestamp\fR \fR -  -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBtrust\fR \fIlog-id\fR|\fIrecord-id\fR \fR -  -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBdistrust\fR \fIlog-id\fR|\fIrecord-id\fR \fR -  -.PP -\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBforget\fR \fIlog-id\fR|\fIrecord-id\fR \fR -  -  -.TP -\fIlog-id\fR -This is the id of the log, which is the SHA-256 hash of the log's public key, provided in hexadecimal format\&. This string is 64 characters in length\&.   -.TP -\fIrecord-id\fR -This is the record number in the database, as displayed by the \fBdump\fR sub-command, prefixed with \fB#\fR\&. As an example, \fB#4\fR references the fourth record in the database\&. (Use shell escaping as necessary\&.)   -.TP -\fI/path/to/public-key\&.pem\fR -This is a file containing the log's public key in PEM format\&. The public key is not stored in the database\&. Instead, a reference to the file is stored\&. Thus, the file cannot be removed until the public key in the database is removed or changed\&.   -.TP -\fImin-timestamp\fR, \fImax-timestamp\fR -A timestamp is a time as expressed in the number of milliseconds since the epoch, ignoring leap seconds\&. This is the form of time used in Signed Certificate Timestamps\&. This must be provided as a decimal number\&. Specify \fB\fB-\fR\fR for one of the timestamps if it is unknown\&. For example, when configuring the minimum valid timestamp for a log which remains valid, specify \fB\fB-\fR\fR for \fImax-timestamp\fR\&. SCTs received from this log by the proxy are invalid if the timestamp is older than \fImin-timestamp\fR or newer than \fImax-timestamp\fR\&.   -  +.SH "SYNOPSIS" + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBdump\fR \fR + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBconfigure-public-key\fR [ \fIlog-id\fR|\fIrecord-id\fR ] \fI/path/to/public-key\&.pem\fR \fR + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBconfigure-url\fR [ \fIlog-id\fR|\fIrecord-id\fR ] \fIlog-URL\fR \fR + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBvalid-time-range\fR \fIlog-id\fR|\fIrecord-id\fR \fImin-timestamp\fR \fImax-timestamp\fR \fR + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBtrust\fR \fIlog-id\fR|\fIrecord-id\fR \fR + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBdistrust\fR \fIlog-id\fR|\fIrecord-id\fR \fR + +.PP +\fB \fBctlogconfig\fR \fI/path/to/db\fR \fBforget\fR \fIlog-id\fR|\fIrecord-id\fR \fR + + +.TP +\fIlog-id\fR +This is the id of the log, which is the SHA-256 hash of the log's public key, provided in hexadecimal format\&. This string is 64 characters in length\&. +.TP +\fIrecord-id\fR +This is the record number in the database, as displayed by the \fBdump\fR sub-command, prefixed with \fB#\fR\&. As an example, \fB#4\fR references the fourth record in the database\&. (Use shell escaping as necessary\&.) +.TP +\fI/path/to/public-key\&.pem\fR +This is a file containing the log's public key in PEM format\&. The public key is not stored in the database\&. Instead, a reference to the file is stored\&. Thus, the file cannot be removed until the public key in the database is removed or changed\&. +.TP +\fImin-timestamp\fR, \fImax-timestamp\fR +A timestamp is a time as expressed in the number of milliseconds since the epoch, ignoring leap seconds\&. This is the form of time used in Signed Certificate Timestamps\&. This must be provided as a decimal number\&. Specify \fB\fB-\fR\fR for one of the timestamps if it is unknown\&. For example, when configuring the minimum valid timestamp for a log which remains valid, specify \fB\fB-\fR\fR for \fImax-timestamp\fR\&. SCTs received from this log by the proxy are invalid if the timestamp is older than \fImin-timestamp\fR or newer than \fImax-timestamp\fR\&. + -.SH "SUMMARY" -  -.PP -\fBctlogconfig\fR is a tool for creating and maintaining a log configuration database, for use with mod_ssl_ct\&. -  -.PP -Refer first to Log configuration in the mod_ssl_ct documentation\&. -  -.PP -Refer to the examples below for typical use\&. -  +.SH "SUMMARY" + +.PP +\fBctlogconfig\fR is a tool for creating and maintaining a log configuration database, for use with mod_ssl_ct\&. + +.PP +Refer first to Log configuration in the mod_ssl_ct documentation\&. + +.PP +Refer to the examples below for typical use\&. + -.SH "SUB-COMMANDS" -   -  -.TP -dump -Display configuration database contents\&. The record id shown in the output of this sub-command can be used to identify the affected record in other sub-commands\&.   -.TP -configure-public-key -Add a log's public key to the database or set the public key for an existing entry\&. The log's public key is needed to validate the signature of SCTs received by a proxy from a backend server\&. (The database will be created if it does not yet exist\&.)   -.TP -configure-url -Add a log's URL to the database or set the URL for an existing entry\&. The log's URL is used when submitting server certificates to logs in order to obtain SCTs to send to clients\&. (The database will be created if it does not yet exist\&.)   -.TP -valid-time-range -Set the minimum valid time and/or the maximum valid time for a log\&. SCTs from the log with timestamps outside of the valid range will not be accepted\&. Use \fB-\fR for a time that is not being configured\&. (The database will be created if it does not yet exist\&.)   -.TP -trust -Mark a log as trusted, which is the default setting\&. This sub-command is used to reverse a \fIdistrust\fR setting\&. (The database will be created if it does not yet exist\&.)   -.TP -distrust -Mark a log as distrusted\&. (The database will be created if it does not yet exist\&.)   -.TP -forget -Remove information about a log from the database\&.   -  -.SH "EXAMPLES" -   -.PP -Consider an Apache httpd instance which serves as a TLS server and a proxy\&. The TLS server needs to obtain SCTs from a couple of known logs in order to pass those to clients, and the proxy needs to be able to validate the signature of SCTs received from backend servers\&. -  -.PP -First we'll configure the URLs for logs where server certificates are logged: -  -.nf +.SH "SUB-COMMANDS" + + +.TP +dump +Display configuration database contents\&. The record id shown in the output of this sub-command can be used to identify the affected record in other sub-commands\&. +.TP +configure-public-key +Add a log's public key to the database or set the public key for an existing entry\&. The log's public key is needed to validate the signature of SCTs received by a proxy from a backend server\&. (The database will be created if it does not yet exist\&.) +.TP +configure-url +Add a log's URL to the database or set the URL for an existing entry\&. The log's URL is used when submitting server certificates to logs in order to obtain SCTs to send to clients\&. (The database will be created if it does not yet exist\&.) +.TP +valid-time-range +Set the minimum valid time and/or the maximum valid time for a log\&. SCTs from the log with timestamps outside of the valid range will not be accepted\&. Use \fB-\fR for a time that is not being configured\&. (The database will be created if it does not yet exist\&.) +.TP +trust +Mark a log as trusted, which is the default setting\&. This sub-command is used to reverse a \fIdistrust\fR setting\&. (The database will be created if it does not yet exist\&.) +.TP +distrust +Mark a log as distrusted\&. (The database will be created if it does not yet exist\&.) +.TP +forget +Remove information about a log from the database\&. + +.SH "EXAMPLES" + +.PP +Consider an Apache httpd instance which serves as a TLS server and a proxy\&. The TLS server needs to obtain SCTs from a couple of known logs in order to pass those to clients, and the proxy needs to be able to validate the signature of SCTs received from backend servers\&. + +.PP +First we'll configure the URLs for logs where server certificates are logged: + +.nf -    $ ctlogconfig /path/to/conf/log-config configure-url http://log1\&.example\&.com/ -    $ ctlogconfig /path/to/conf/log-config configure-url http://log2\&.example\&.com/ -    $ ctlogconfig /path/to/conf/log-config dump -    Log entry: -      Record 1 -      Log id         : (not configured) -      Public key file: (not configured) -      URL            : http://log1\&.example\&.com/ -      Time range     : -INF to +INF  -    Log entry: -      Record 2 -      Log id         : (not configured) -      Public key file: (not configured) -      URL            : http://log2\&.example\&.com/ -      Time range     : -INF to +INF  -.fi -  -.PP -Next we'll set the public key of a log where the certificate of our only backend server is published\&. In this case it is the log with URL http://log2\&.example\&.com/ which has already been configured\&. -  -.nf + $ ctlogconfig /path/to/conf/log-config configure-url http://log1\&.example\&.com/ + $ ctlogconfig /path/to/conf/log-config configure-url http://log2\&.example\&.com/ + $ ctlogconfig /path/to/conf/log-config dump + Log entry: + Record 1 + Log id : (not configured) + Public key file: (not configured) + URL : http://log1\&.example\&.com/ + Time range : -INF to +INF + Log entry: + Record 2 + Log id : (not configured) + Public key file: (not configured) + URL : http://log2\&.example\&.com/ + Time range : -INF to +INF +.fi + +.PP +Next we'll set the public key of a log where the certificate of our only backend server is published\&. In this case it is the log with URL http://log2\&.example\&.com/ which has already been configured\&. + +.nf -    $ ctlogconfig /path/to/conf/log-config configure-public-key \\ -    $ ctlogconfig /path/to/conf/log-config dump -    Log entry: -      Record 1 -      Log id         : (not configured) -      Public key file: (not configured) -      URL            : http://log1\&.example\&.com/ -      Time range     : -INF to +INF  -    Log entry: -      Record 2 -      Log id         : (not configured) -      Public key file: /path/to/conf/log2-pub\&.pem -      URL            : http://log2\&.example\&.com/ -      Time range     : -INF to +INF  -.fi -  + $ ctlogconfig /path/to/conf/log-config configure-public-key \\ + $ ctlogconfig /path/to/conf/log-config dump + Log entry: + Record 1 + Log id : (not configured) + Public key file: (not configured) + URL : http://log1\&.example\&.com/ + Time range : -INF to +INF + Log entry: + Record 2 + Log id : (not configured) + Public key file: /path/to/conf/log2-pub\&.pem + URL : http://log2\&.example\&.com/ + Time range : -INF to +INF +.fi + diff --git a/docs/man/dbmmanage.1 b/docs/man/dbmmanage.1 index 63e339579f..fde83b0c1a 100644 --- a/docs/man/dbmmanage.1 +++ b/docs/man/dbmmanage.1 @@ -1,121 +1,121 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "DBMMANAGE" 1 "@date@" "Apache HTTP Server" "dbmmanage" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "DBMMANAGE" 1 "2018-09-27" "Apache HTTP Server" "dbmmanage" -.SH NAME -dbmmanage \- Manage user authentication files in DBM format +.SH NAME +dbmmanage \- Manage user authentication files in DBM format -.SH "SYNOPSIS" -  -.PP -\fB\fBdbmmanage\fR [ \fIencoding\fR ] \fIfilename\fR add|adduser|check|delete|update \fIusername\fR [ \fIencpasswd\fR [ \fIgroup\fR[,\fIgroup\fR\&.\&.\&.] [ \fIcomment\fR ] ] ]\fR -  -.PP -\fB\fBdbmmanage\fR \fIfilename\fR view [ \fIusername\fR ]\fR -  -.PP -\fB\fBdbmmanage\fR \fIfilename\fR import\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBdbmmanage\fR [ \fIencoding\fR ] \fIfilename\fR add|adduser|check|delete|update \fIusername\fR [ \fIencpasswd\fR [ \fIgroup\fR[,\fIgroup\fR\&.\&.\&.] [ \fIcomment\fR ] ] ]\fR + +.PP +\fB\fBdbmmanage\fR \fIfilename\fR view [ \fIusername\fR ]\fR + +.PP +\fB\fBdbmmanage\fR \fIfilename\fR import\fR + -.SH "SUMMARY" -  -.PP -\fBdbmmanage\fR is used to create and update the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\&. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBdbmmanage\fR\&. This program can only be used when the usernames are stored in a DBM file\&. To use a flat-file database see htpasswd\&. -  -.PP -Another tool to maintain a DBM password database is htdbm\&. -  -.PP -This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the httpd manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. -  +.SH "SUMMARY" + +.PP +\fBdbmmanage\fR is used to create and update the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\&. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBdbmmanage\fR\&. This program can only be used when the usernames are stored in a DBM file\&. To use a flat-file database see htpasswd\&. + +.PP +Another tool to maintain a DBM password database is htdbm\&. + +.PP +This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the httpd manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. + -.SH "OPTIONS" -  -  -.TP -\fB\fIfilename\fR\fR -The filename of the DBM format file\&. Usually without the extension \fB\&.db\fR, \fB\&.pag\fR, or \fB\&.dir\fR\&.   -.TP -\fB\fIusername\fR\fR -The user for which the operations are performed\&. The \fIusername\fR may not contain a colon (\fB:\fR)\&.   -.TP -\fB\fIencpasswd\fR\fR -This is the already encrypted password to use for the \fBupdate\fR and \fBadd\fR commands\&. You may use a hyphen (\fB-\fR) if you want to get prompted for the password, but fill in the fields afterwards\&. Additionally when using the \fBupdate\fR command, a period (\fB\&.\fR) keeps the original password untouched\&.   -.TP -\fB\fIgroup\fR\fR -A group, which the user is member of\&. A groupname may not contain a colon (\fB:\fR)\&. You may use a hyphen (\fB-\fR) if you don't want to assign the user to a group, but fill in the comment field\&. Additionally when using the \fBupdate\fR command, a period (\fB\&.\fR) keeps the original groups untouched\&.   -.TP -\fB\fIcomment\fR\fR -This is the place for your opaque comments about the user, like realname, mailaddress or such things\&. The server will ignore this field\&.   -  -.SS "Encodings" -  -  -.TP -\fB-d\fR -crypt encryption (default, except on Win32, Netware)   -.TP -\fB-m\fR -MD5 encryption (default on Win32, Netware)   -.TP -\fB-s\fR -SHA1 encryption   -.TP -\fB-p\fR -plaintext (\fInot recommended\fR)   -   -.SS "Commands" -  -  -.TP -\fBadd\fR -Adds an entry for \fIusername\fR to \fIfilename\fR using the encrypted password \fIencpasswd\fR\&. dbmmanage passwords\&.dat add rbowen foKntnEF3KSXA   -.TP -\fBadduser\fR -Asks for a password and then adds an entry for \fIusername\fR to \fIfilename\fR\&. dbmmanage passwords\&.dat adduser krietz   -.TP -\fBcheck\fR -Asks for a password and then checks if \fIusername\fR is in \fIfilename\fR and if it's password matches the specified one\&. dbmmanage passwords\&.dat check rbowen   -.TP -\fBdelete\fR -Deletes the \fIusername\fR entry from \fIfilename\fR\&. dbmmanage passwords\&.dat delete rbowen   -.TP -\fBimport\fR -Reads \fB\fIusername\fR:\fIpassword\fR\fR entries (one per line) from \fBSTDIN\fR and adds them to \fIfilename\fR\&. The passwords already have to be crypted\&.   -.TP -\fBupdate\fR -Same as the \fBadduser\fR command, except that it makes sure \fIusername\fR already exists in \fIfilename\fR\&. dbmmanage passwords\&.dat update rbowen   -.TP -\fBview\fR -Just displays the contents of the DBM file\&. If you specify a \fIusername\fR, it displays the particular record only\&. dbmmanage passwords\&.dat view   -   -.SH "BUGS" -  -.PP -One should be aware that there are a number of different DBM file formats in existence, and with all likelihood, libraries for more than one format may exist on your system\&. The three primary examples are SDBM, NDBM, the GNU project's GDBM, and Berkeley DB 2\&. Unfortunately, all these libraries use different file formats, and you must make sure that the file format used by \fIfilename\fR is the same format that \fBdbmmanage\fR expects to see\&. \fBdbmmanage\fR currently has no way of determining what type of DBM file it is looking at\&. If used against the wrong format, will simply return nothing, or may create a different DBM file with a different name, or at worst, it may corrupt the DBM file if you were attempting to write to it\&. -  -.PP -\fBdbmmanage\fR has a list of DBM format preferences, defined by the \fB@AnyDBM::ISA\fR array near the beginning of the program\&. Since we prefer the Berkeley DB 2 file format, the order in which \fBdbmmanage\fR will look for system libraries is Berkeley DB 2, then NDBM, then GDBM and then SDBM\&. The first library found will be the library \fBdbmmanage\fR will attempt to use for all DBM file transactions\&. This ordering is slightly different than the standard \fB@AnyDBM::ISA\fR ordering in Perl, as well as the ordering used by the simple \fBdbmopen()\fR call in Perl, so if you use any other utilities to manage your DBM files, they must also follow this preference ordering\&. Similar care must be taken if using programs in other languages, like C, to access these files\&. -  -.PP -One can usually use the \fBfile\fR program supplied with most Unix systems to see what format a DBM file is in\&. -  +.SH "OPTIONS" + + +.TP +\fB\fIfilename\fR\fR +The filename of the DBM format file\&. Usually without the extension \fB\&.db\fR, \fB\&.pag\fR, or \fB\&.dir\fR\&. +.TP +\fB\fIusername\fR\fR +The user for which the operations are performed\&. The \fIusername\fR may not contain a colon (\fB:\fR)\&. +.TP +\fB\fIencpasswd\fR\fR +This is the already encrypted password to use for the \fBupdate\fR and \fBadd\fR commands\&. You may use a hyphen (\fB-\fR) if you want to get prompted for the password, but fill in the fields afterwards\&. Additionally when using the \fBupdate\fR command, a period (\fB\&.\fR) keeps the original password untouched\&. +.TP +\fB\fIgroup\fR\fR +A group, which the user is member of\&. A groupname may not contain a colon (\fB:\fR)\&. You may use a hyphen (\fB-\fR) if you don't want to assign the user to a group, but fill in the comment field\&. Additionally when using the \fBupdate\fR command, a period (\fB\&.\fR) keeps the original groups untouched\&. +.TP +\fB\fIcomment\fR\fR +This is the place for your opaque comments about the user, like realname, mailaddress or such things\&. The server will ignore this field\&. + +.SS "Encodings" + + +.TP +\fB-d\fR +crypt encryption (default, except on Win32, Netware) +.TP +\fB-m\fR +MD5 encryption (default on Win32, Netware) +.TP +\fB-s\fR +SHA1 encryption +.TP +\fB-p\fR +plaintext (\fInot recommended\fR) + +.SS "Commands" + + +.TP +\fBadd\fR +Adds an entry for \fIusername\fR to \fIfilename\fR using the encrypted password \fIencpasswd\fR\&. dbmmanage passwords\&.dat add rbowen foKntnEF3KSXA +.TP +\fBadduser\fR +Asks for a password and then adds an entry for \fIusername\fR to \fIfilename\fR\&. dbmmanage passwords\&.dat adduser krietz +.TP +\fBcheck\fR +Asks for a password and then checks if \fIusername\fR is in \fIfilename\fR and if it's password matches the specified one\&. dbmmanage passwords\&.dat check rbowen +.TP +\fBdelete\fR +Deletes the \fIusername\fR entry from \fIfilename\fR\&. dbmmanage passwords\&.dat delete rbowen +.TP +\fBimport\fR +Reads \fB\fIusername\fR:\fIpassword\fR\fR entries (one per line) from \fBSTDIN\fR and adds them to \fIfilename\fR\&. The passwords already have to be crypted\&. +.TP +\fBupdate\fR +Same as the \fBadduser\fR command, except that it makes sure \fIusername\fR already exists in \fIfilename\fR\&. dbmmanage passwords\&.dat update rbowen +.TP +\fBview\fR +Just displays the contents of the DBM file\&. If you specify a \fIusername\fR, it displays the particular record only\&. dbmmanage passwords\&.dat view + +.SH "BUGS" + +.PP +One should be aware that there are a number of different DBM file formats in existence, and with all likelihood, libraries for more than one format may exist on your system\&. The three primary examples are SDBM, NDBM, the GNU project's GDBM, and Berkeley DB 2\&. Unfortunately, all these libraries use different file formats, and you must make sure that the file format used by \fIfilename\fR is the same format that \fBdbmmanage\fR expects to see\&. \fBdbmmanage\fR currently has no way of determining what type of DBM file it is looking at\&. If used against the wrong format, will simply return nothing, or may create a different DBM file with a different name, or at worst, it may corrupt the DBM file if you were attempting to write to it\&. + +.PP +\fBdbmmanage\fR has a list of DBM format preferences, defined by the \fB@AnyDBM::ISA\fR array near the beginning of the program\&. Since we prefer the Berkeley DB 2 file format, the order in which \fBdbmmanage\fR will look for system libraries is Berkeley DB 2, then NDBM, then GDBM and then SDBM\&. The first library found will be the library \fBdbmmanage\fR will attempt to use for all DBM file transactions\&. This ordering is slightly different than the standard \fB@AnyDBM::ISA\fR ordering in Perl, as well as the ordering used by the simple \fBdbmopen()\fR call in Perl, so if you use any other utilities to manage your DBM files, they must also follow this preference ordering\&. Similar care must be taken if using programs in other languages, like C, to access these files\&. + +.PP +One can usually use the \fBfile\fR program supplied with most Unix systems to see what format a DBM file is in\&. + diff --git a/docs/man/fcgistarter.8 b/docs/man/fcgistarter.8 index 37b433f551..decfe62528 100644 --- a/docs/man/fcgistarter.8 +++ b/docs/man/fcgistarter.8 @@ -1,59 +1,59 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "FCGISTARTER" 8 "@date@" "Apache HTTP Server" "fcgistarter" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "FCGISTARTER" 8 "2018-09-27" "Apache HTTP Server" "fcgistarter" -.SH NAME -fcgistarter \- Start a FastCGI program +.SH NAME +fcgistarter \- Start a FastCGI program -.SH "SYNOPSIS" -  -.PP -\fB\fBfcgistarter\fR -\fBc\fR \fIcommand\fR -\fBp\fR \fIport\fR [ -\fBi\fR \fIinterface\fR ] -\fBN\fR \fInum\fR \fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBfcgistarter\fR -\fBc\fR \fIcommand\fR -\fBp\fR \fIport\fR [ -\fBi\fR \fIinterface\fR ] -\fBN\fR \fInum\fR \fR + -.SH "SUMMARY" -  -.PP +.SH "SUMMARY" + +.PP -  + -.SH "NOTE" -  -.PP -Currently only works on Unix systems\&. -  -.SH "OPTIONS" -  -  -.TP -\fB-c \fIcommand\fR\fR -FastCGI program   -.TP -\fB-p \fIport\fR\fR -Port which the program will listen on   -.TP -\fB-i \fIinterface\fR\fR -Interface which the program will listen on   -.TP -\fB-N \fInum\fR\fR -Number of instances of the program   -  +.SH "NOTE" + +.PP +Currently only works on Unix systems\&. + +.SH "OPTIONS" + + +.TP +\fB-c \fIcommand\fR\fR +FastCGI program +.TP +\fB-p \fIport\fR\fR +Port which the program will listen on +.TP +\fB-i \fIinterface\fR\fR +Interface which the program will listen on +.TP +\fB-N \fInum\fR\fR +Number of instances of the program + diff --git a/docs/man/firehose.1 b/docs/man/firehose.1 index 70c912acb3..fd0b249b46 100644 --- a/docs/man/firehose.1 +++ b/docs/man/firehose.1 @@ -1,63 +1,63 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "FIREHOSE" 1 "@date@" "Apache HTTP Server" "firehose" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "FIREHOSE" 1 "2018-09-27" "Apache HTTP Server" "firehose" -.SH NAME -firehose \- Demultiplex a firehose stream +.SH NAME +firehose \- Demultiplex a firehose stream -.SH "SYNOPSIS" -  -.PP -\fB\fBfirehose\fR [ -\fBf\fR \fIinput\fR ] [ -\fBo\fR \fIoutput-directory\fR ] [ -\fBu\fR \fIuuid\fR ] [ -\fBh\fR ] [ --\fBversion\fR ] [\fIprefix1\fR [\&.\&.\&.]]\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBfirehose\fR [ -\fBf\fR \fIinput\fR ] [ -\fBo\fR \fIoutput-directory\fR ] [ -\fBu\fR \fIuuid\fR ] [ -\fBh\fR ] [ --\fBversion\fR ] [\fIprefix1\fR [\&.\&.\&.]]\fR + -.SH "SUMMARY" -  -.PP -\fBfirehose\fR demultiplexes the given stream of multiplexed connections, and writes each connection to an individual file\&. -  -.PP -When writing to files, each connection is placed into a dedicated file named after the UUID of the connection within the stream\&. Separate files will be created if requests and responses are found in the stream\&. -  -.PP -If an optional prefix is specified as a parameter, connections that start with the given prefix will be included\&. The prefix needs to fit completely within the first fragment for a successful match to occur\&. -  +.SH "SUMMARY" + +.PP +\fBfirehose\fR demultiplexes the given stream of multiplexed connections, and writes each connection to an individual file\&. + +.PP +When writing to files, each connection is placed into a dedicated file named after the UUID of the connection within the stream\&. Separate files will be created if requests and responses are found in the stream\&. + +.PP +If an optional prefix is specified as a parameter, connections that start with the given prefix will be included\&. The prefix needs to fit completely within the first fragment for a successful match to occur\&. + -.SH "OPTIONS" -  -  -.TP -\fB--file, -f \fIfilename\fR\fR -File to read the firehose from\&. Defaults to stdin\&.   -.TP -\fB--output-directory, -o \fR \fIoutput-directory\fR -Directory to write demultiplexed connections to\&.   -.TP -\fB--uuid, -u\fR \fIuuid\fR -The UUID of the connection to demultiplex\&. Can be specified more than once\&. If not specified, all UUIDs will be demultiplexed\&.   -.TP -\fB--help, -h\fR -This help text\&.   -.TP -\fB--version\fR -Display the version of the program\&.   -  +.SH "OPTIONS" + + +.TP +\fB--file, -f \fIfilename\fR\fR +File to read the firehose from\&. Defaults to stdin\&. +.TP +\fB--output-directory, -o \fR \fIoutput-directory\fR +Directory to write demultiplexed connections to\&. +.TP +\fB--uuid, -u\fR \fIuuid\fR +The UUID of the connection to demultiplex\&. Can be specified more than once\&. If not specified, all UUIDs will be demultiplexed\&. +.TP +\fB--help, -h\fR +This help text\&. +.TP +\fB--version\fR +Display the version of the program\&. + diff --git a/docs/man/htcacheclean.8 b/docs/man/htcacheclean.8 index 0d84f09018..ee5ced85cd 100644 --- a/docs/man/htcacheclean.8 +++ b/docs/man/htcacheclean.8 @@ -1,146 +1,146 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HTCACHECLEAN" 8 "@date@" "Apache HTTP Server" "htcacheclean" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "HTCACHECLEAN" 8 "2018-09-27" "Apache HTTP Server" "htcacheclean" -.SH NAME -htcacheclean \- Clean up the disk cache +.SH NAME +htcacheclean \- Clean up the disk cache -.SH "SYNOPSIS" -  -.PP -\fB\fBhtcacheclean\fR [ -\fBD\fR ] [ -\fBv\fR ] [ -\fBt\fR ] [ -\fBr\fR ] [ -\fBn\fR ] [ -\fBR\fR\fIround\fR ] -\fBp\fR\fIpath\fR [-\fBl\fR\fIlimit\fR| -\fBL\fR\fIlimit\fR]\fR -  -.PP -\fB\fBhtcacheclean\fR [ -\fBn\fR ] [ -\fBt\fR ] [ -\fBi\fR ] [ -\fBP\fR\fIpidfile\fR ] [ -\fBR\fR\fIround\fR ] -\fBd\fR\fIinterval\fR -\fBp\fR\fIpath\fR [-\fBl\fR\fIlimit\fR| -\fBL\fR\fIlimit\fR]\fR -  -.PP -\fB\fBhtcacheclean\fR [ -\fBv\fR ] [ -\fBR\fR\fIround\fR ] -\fBp\fR\fIpath\fR [ -\fBa\fR ] [ -\fBA\fR ]\fR -  -.PP -\fB\fBhtcacheclean\fR [ -\fBD\fR ] [ -\fBv\fR ] [ -\fBt\fR ] [ -\fBR\fR\fIround\fR ] -\fBp\fR\fIpath\fR \fIurl\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBhtcacheclean\fR [ -\fBD\fR ] [ -\fBv\fR ] [ -\fBt\fR ] [ -\fBr\fR ] [ -\fBn\fR ] [ -\fBR\fR\fIround\fR ] -\fBp\fR\fIpath\fR [-\fBl\fR\fIlimit\fR| -\fBL\fR\fIlimit\fR]\fR + +.PP +\fB\fBhtcacheclean\fR [ -\fBn\fR ] [ -\fBt\fR ] [ -\fBi\fR ] [ -\fBP\fR\fIpidfile\fR ] [ -\fBR\fR\fIround\fR ] -\fBd\fR\fIinterval\fR -\fBp\fR\fIpath\fR [-\fBl\fR\fIlimit\fR| -\fBL\fR\fIlimit\fR]\fR + +.PP +\fB\fBhtcacheclean\fR [ -\fBv\fR ] [ -\fBR\fR\fIround\fR ] -\fBp\fR\fIpath\fR [ -\fBa\fR ] [ -\fBA\fR ]\fR + +.PP +\fB\fBhtcacheclean\fR [ -\fBD\fR ] [ -\fBv\fR ] [ -\fBt\fR ] [ -\fBR\fR\fIround\fR ] -\fBp\fR\fIpath\fR \fIurl\fR\fR + -.SH "SUMMARY" -  -.PP -\fBhtcacheclean\fR is used to keep the size of mod_cache_disk's storage within a given size limit, or limit on inodes in use\&. This tool can run either manually or in daemon mode\&. When running in daemon mode, it sleeps in the background and checks the cache directory at regular intervals for cached content to be removed\&. You can stop the daemon cleanly by sending it a TERM or INT signal\&. When run manually, a once off check of the cache directory is made for cached content to be removed\&. If one or more URLs are specified, each URL will be deleted from the cache, if present\&. -  +.SH "SUMMARY" + +.PP +\fBhtcacheclean\fR is used to keep the size of mod_cache_disk's storage within a given size limit, or limit on inodes in use\&. This tool can run either manually or in daemon mode\&. When running in daemon mode, it sleeps in the background and checks the cache directory at regular intervals for cached content to be removed\&. You can stop the daemon cleanly by sending it a TERM or INT signal\&. When run manually, a once off check of the cache directory is made for cached content to be removed\&. If one or more URLs are specified, each URL will be deleted from the cache, if present\&. + -.SH "OPTIONS" -  -  -.TP -\fB-d\fIinterval\fR\fR -Daemonize and repeat cache cleaning every \fIinterval\fR minutes\&. This option is mutually exclusive with the \fB-D\fR, \fB-v\fR and \fB-r\fR options\&. To shutdown the daemon cleanly, just send it a \fBSIGTERM\fR or \fBSIGINT\fR\&.   -.TP -\fB-D\fR -Do a dry run and don't delete anything\&. This option is mutually exclusive with the \fB-d\fR option\&. When doing a dry run and deleting directories with \fB-t\fR, the inodes reported deleted in the stats cannot take into account the directories deleted, and will be marked as an estimate\&.   -.TP -\fB-v\fR -Be verbose and print statistics\&. This option is mutually exclusive with the \fB-d\fR option\&.   -.TP -\fB-r\fR -Clean thoroughly\&. This assumes that the Apache web server is not running (otherwise you may get garbage in the cache)\&. This option is mutually exclusive with the \fB-d\fR option and implies the \fB-t\fR option\&.   -.TP -\fB-n\fR -Be nice\&. This causes slower processing in favour of other processes\&. \fBhtcacheclean\fR will sleep from time to time so that (a) the disk IO will be delayed and (b) the kernel can schedule other processes in the meantime\&.   -.TP -\fB-t\fR -Delete all empty directories\&. By default only cache files are removed, however with some configurations the large number of directories created may require attention\&. If your configuration requires a very large number of directories, to the point that inode or file allocation table exhaustion may become an issue, use of this option is advised\&.   -.TP -\fB-p\fIpath\fR\fR -Specify \fIpath\fR as the root directory of the disk cache\&. This should be the same value as specified with the CacheRoot directive\&.   -.TP -\fB-P\fIpidfile\fR\fR -Specify \fIpidfile\fR as the name of the file to write the process ID to when daemonized\&.   -.TP -\fB-R\fIround\fR\fR -Specify \fIround\fR as the amount to round sizes up to, to compensate for disk block sizes\&. Set to the block size of the cache partition\&.   -.TP -\fB-l\fIlimit\fR\fR -Specify \fIlimit\fR as the total disk cache size limit\&. The value is expressed in bytes by default (or attaching \fBB\fR to the number)\&. Attach \fBK\fR for Kbytes or \fBM\fR for MBytes\&.   -.TP -\fB-L\fIlimit\fR\fR -Specify \fIlimit\fR as the total disk cache inode limit\&.   -.TP -\fB-i\fR -Be intelligent and run only when there was a modification of the disk cache\&. This option is only possible together with the \fB-d\fR option\&.   -.TP -\fB-a\fR -List the URLs currently stored in the cache\&. Variants of the same URL will be listed once for each variant\&.   -.TP -\fB-A\fR -List the URLs currently stored in the cache, along with their attributes in the following order: url, header size, body size, status, entity version, date, expiry, request time, response time, body present, head request\&.   -  -.SH "DELETING A SPECIFIC URL" -  -.PP -If \fBhtcacheclean\fR is passed one or more URLs, each URL will be deleted from the cache\&. If multiple variants of an URL exists, all variants would be deleted\&. -  -.PP -When a reverse proxied URL is to be deleted, the effective URL is constructed from the \fBHost\fR header, the \fBport\fR, the \fBpath\fR and the \fBquery\fR\&. Note the '?' in the URL must always be specified explicitly, whether a query string is present or not\&. For example, an attempt to delete the path \fB/\fR from the server \fBlocalhost\fR, the URL to delete would be \fBhttp://localhost:80/?\fR\&. -  -.SH "LISTING URLS IN THE CACHE" -  -.PP -By passing the \fB-a\fR or \fB-A\fR options to \fBhtcacheclean\fR, the URLs within the cache will be listed as they are found, one URL per line\&. The \fB-A\fR option dumps the full cache entry after the URL, with fields in the following order: -  -  -.TP -url -The URL of the entry\&.  -.TP -header size -The size of the header in bytes\&.  -.TP -body size -The size of the body in bytes\&.  -.TP -status -Status of the cached response\&.  -.TP -entity version -The number of times this entry has been revalidated without being deleted\&.  -.TP -date -Date of the response\&.  -.TP -expiry -Expiry date of the response\&.  -.TP -request time -Time of the start of the request\&.  -.TP -response time -Time of the end of the request\&.  -.TP -body present -If 0, no body is stored with this request, 1 otherwise\&.  -.TP -head request -If 1, the entry contains a cached HEAD request with no body, 0 otherwise\&.  -  -.SH "EXIT STATUS" -  -.PP -\fBhtcacheclean\fR returns a zero status ("true") if all operations were successful, \fB1\fR otherwise\&. If an URL is specified, and the URL was cached and successfully removed, \fB0\fR is returned, \fB2\fR otherwise\&. If an error occurred during URL removal, \fB1\fR is returned\&. -  +.SH "OPTIONS" + + +.TP +\fB-d\fIinterval\fR\fR +Daemonize and repeat cache cleaning every \fIinterval\fR minutes\&. This option is mutually exclusive with the \fB-D\fR, \fB-v\fR and \fB-r\fR options\&. To shutdown the daemon cleanly, just send it a \fBSIGTERM\fR or \fBSIGINT\fR\&. +.TP +\fB-D\fR +Do a dry run and don't delete anything\&. This option is mutually exclusive with the \fB-d\fR option\&. When doing a dry run and deleting directories with \fB-t\fR, the inodes reported deleted in the stats cannot take into account the directories deleted, and will be marked as an estimate\&. +.TP +\fB-v\fR +Be verbose and print statistics\&. This option is mutually exclusive with the \fB-d\fR option\&. +.TP +\fB-r\fR +Clean thoroughly\&. This assumes that the Apache web server is not running (otherwise you may get garbage in the cache)\&. This option is mutually exclusive with the \fB-d\fR option and implies the \fB-t\fR option\&. +.TP +\fB-n\fR +Be nice\&. This causes slower processing in favour of other processes\&. \fBhtcacheclean\fR will sleep from time to time so that (a) the disk IO will be delayed and (b) the kernel can schedule other processes in the meantime\&. +.TP +\fB-t\fR +Delete all empty directories\&. By default only cache files are removed, however with some configurations the large number of directories created may require attention\&. If your configuration requires a very large number of directories, to the point that inode or file allocation table exhaustion may become an issue, use of this option is advised\&. +.TP +\fB-p\fIpath\fR\fR +Specify \fIpath\fR as the root directory of the disk cache\&. This should be the same value as specified with the CacheRoot directive\&. +.TP +\fB-P\fIpidfile\fR\fR +Specify \fIpidfile\fR as the name of the file to write the process ID to when daemonized\&. +.TP +\fB-R\fIround\fR\fR +Specify \fIround\fR as the amount to round sizes up to, to compensate for disk block sizes\&. Set to the block size of the cache partition\&. +.TP +\fB-l\fIlimit\fR\fR +Specify \fIlimit\fR as the total disk cache size limit\&. The value is expressed in bytes by default (or attaching \fBB\fR to the number)\&. Attach \fBK\fR for Kbytes or \fBM\fR for MBytes\&. +.TP +\fB-L\fIlimit\fR\fR +Specify \fIlimit\fR as the total disk cache inode limit\&. +.TP +\fB-i\fR +Be intelligent and run only when there was a modification of the disk cache\&. This option is only possible together with the \fB-d\fR option\&. +.TP +\fB-a\fR +List the URLs currently stored in the cache\&. Variants of the same URL will be listed once for each variant\&. +.TP +\fB-A\fR +List the URLs currently stored in the cache, along with their attributes in the following order: url, header size, body size, status, entity version, date, expiry, request time, response time, body present, head request\&. + +.SH "DELETING A SPECIFIC URL" + +.PP +If \fBhtcacheclean\fR is passed one or more URLs, each URL will be deleted from the cache\&. If multiple variants of an URL exists, all variants would be deleted\&. + +.PP +When a reverse proxied URL is to be deleted, the effective URL is constructed from the \fBHost\fR header, the \fBport\fR, the \fBpath\fR and the \fBquery\fR\&. Note the '?' in the URL must always be specified explicitly, whether a query string is present or not\&. For example, an attempt to delete the path \fB/\fR from the server \fBlocalhost\fR, the URL to delete would be \fBhttp://localhost:80/?\fR\&. + +.SH "LISTING URLS IN THE CACHE" + +.PP +By passing the \fB-a\fR or \fB-A\fR options to \fBhtcacheclean\fR, the URLs within the cache will be listed as they are found, one URL per line\&. The \fB-A\fR option dumps the full cache entry after the URL, with fields in the following order: + + +.TP +url +The URL of the entry\&. +.TP +header size +The size of the header in bytes\&. +.TP +body size +The size of the body in bytes\&. +.TP +status +Status of the cached response\&. +.TP +entity version +The number of times this entry has been revalidated without being deleted\&. +.TP +date +Date of the response\&. +.TP +expiry +Expiry date of the response\&. +.TP +request time +Time of the start of the request\&. +.TP +response time +Time of the end of the request\&. +.TP +body present +If 0, no body is stored with this request, 1 otherwise\&. +.TP +head request +If 1, the entry contains a cached HEAD request with no body, 0 otherwise\&. + +.SH "EXIT STATUS" + +.PP +\fBhtcacheclean\fR returns a zero status ("true") if all operations were successful, \fB1\fR otherwise\&. If an URL is specified, and the URL was cached and successfully removed, \fB0\fR is returned, \fB2\fR otherwise\&. If an error occurred during URL removal, \fB1\fR is returned\&. + diff --git a/docs/man/htdbm.1 b/docs/man/htdbm.1 index e6bd866037..1e31a3f976 100644 --- a/docs/man/htdbm.1 +++ b/docs/man/htdbm.1 @@ -1,201 +1,201 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HTDBM" 1 "@date@" "Apache HTTP Server" "htdbm" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "HTDBM" 1 "2018-09-27" "Apache HTTP Server" "htdbm" -.SH NAME -htdbm \- Manipulate DBM password databases +.SH NAME +htdbm \- Manipulate DBM password databases -.SH "SYNOPSIS" -  -.PP -\fB\fBhtdbm\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBn\fR [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBnb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR \fIpassword\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBv\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBvb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBx\fR [ -\fBT\fR\fIDBTYPE\fR ] \fIfilename\fR \fIusername\fR\fR -  -.PP -\fB\fBhtdbm\fR -\fBl\fR [ -\fBT\fR\fIDBTYPE\fR ] \fIfilename\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBhtdbm\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBn\fR [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBnb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIusername\fR \fIpassword\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBv\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBi\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBvb\fR [ -\fBT\fR\fIDBTYPE\fR ] [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBt\fR ] [ -\fBv\fR ] \fIfilename\fR \fIusername\fR \fIpassword\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBx\fR [ -\fBT\fR\fIDBTYPE\fR ] \fIfilename\fR \fIusername\fR\fR + +.PP +\fB\fBhtdbm\fR -\fBl\fR [ -\fBT\fR\fIDBTYPE\fR ] \fIfilename\fR\fR + -.SH "SUMMARY" -  -.PP -\fBhtdbm\fR is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\&. See the dbmmanage documentation for more information about these DBM files\&. -  +.SH "SUMMARY" + +.PP +\fBhtdbm\fR is used to manipulate the DBM format files used to store usernames and password for basic authentication of HTTP users via mod_authn_dbm\&. See the dbmmanage documentation for more information about these DBM files\&. + -.SH "OPTIONS" -  -  -.TP -\fB-b\fR -Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&. For script use see the \fB-i\fR option\&.   -.TP -\fB-i\fR -Read the password from stdin without verification (for script usage)\&.   -.TP -\fB-c\fR -Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the \fB-n\fR option\&.   -.TP -\fB-n\fR -Display the results on standard output rather than updating a database\&. This option changes the syntax of the command line, since the \fIpasswdfile\fR argument (usually the first one) is omitted\&. It cannot be combined with the \fB-c\fR option\&.   -.TP -\fB-m\fR -Use MD5 encryption for passwords\&. On Windows and Netware, this is the default\&.   -.TP -\fB-B\fR -Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&.   -.TP -\fB-C\fR -This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&.   -.TP -\fB-d\fR -Use \fBcrypt()\fR encryption for passwords\&. The default on all platforms but Windows and Netware\&. Though possibly supported by \fBhtdbm\fR on all platforms, it is not supported by the httpd server on Windows and Netware\&. This algorithm is \fBinsecure\fR by today's standards\&.   -.TP -\fB-s\fR -Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&.   -.TP -\fB-p\fR -Use plaintext passwords\&. Though \fBhtdbm\fR will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&.   -.TP -\fB-l\fR -Print each of the usernames and comments from the database on stdout\&.   -.TP -\fB-v\fR -Verify the username and password\&. The program will print a message indicating whether the supplied password is valid\&. If the password is invalid, the program exits with error code 3\&.   -.TP -\fB-x\fR -Delete user\&. If the username exists in the specified DBM file, it will be deleted\&.   -.TP -\fB-t\fR -Interpret the final parameter as a comment\&. When this option is specified, an additional string can be appended to the command line; this string will be stored in the "Comment" field of the database, associated with the specified username\&.   -.TP -\fB\fIfilename\fR\fR -The filename of the DBM format file\&. Usually without the extension \fB\&.db\fR, \fB\&.pag\fR, or \fB\&.dir\fR\&. If \fB-c\fR is given, the DBM file is created if it does not already exist, or updated if it does exist\&.   -.TP -\fB\fIusername\fR\fR -The username to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist in this file, an entry is added\&. If it does exist, the password is changed\&.   -.TP -\fB\fIpassword\fR\fR -The plaintext password to be encrypted and stored in the DBM file\&. Used only with the \fB-b\fR flag\&.   -.TP -\fB-T\fIDBTYPE\fR\fR -Type of DBM file (SDBM, GDBM, DB, or "default")\&.   -  -.SH "BUGS" -  -.PP -One should be aware that there are a number of different DBM file formats in existence, and with all likelihood, libraries for more than one format may exist on your system\&. The three primary examples are SDBM, NDBM, GNU GDBM, and Berkeley/Sleepycat DB 2/3/4\&. Unfortunately, all these libraries use different file formats, and you must make sure that the file format used by \fIfilename\fR is the same format that \fBhtdbm\fR expects to see\&. \fBhtdbm\fR currently has no way of determining what type of DBM file it is looking at\&. If used against the wrong format, will simply return nothing, or may create a different DBM file with a different name, or at worst, it may corrupt the DBM file if you were attempting to write to it\&. -  -.PP -One can usually use the \fBfile\fR program supplied with most Unix systems to see what format a DBM file is in\&. -  -.SH "EXIT STATUS" -  -.PP -\fBhtdbm\fR returns a zero status ("true") if the username and password have been successfully added or updated in the DBM File\&. \fBhtdbm\fR returns \fB1\fR if it encounters some problem accessing files, \fB2\fR if there was a syntax problem with the command line, \fB3\fR if the password was entered interactively and the verification entry didn't match, \fB4\fR if its operation was interrupted, \fB5\fR if a value is too long (username, filename, password, or final computed record), \fB6\fR if the username contains illegal characters (see the Restrictions section), and \fB7\fR if the file is not a valid DBM password file\&. -  -.SH "EXAMPLES" -  -.nf +.SH "OPTIONS" + + +.TP +\fB-b\fR +Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&. For script use see the \fB-i\fR option\&. +.TP +\fB-i\fR +Read the password from stdin without verification (for script usage)\&. +.TP +\fB-c\fR +Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the \fB-n\fR option\&. +.TP +\fB-n\fR +Display the results on standard output rather than updating a database\&. This option changes the syntax of the command line, since the \fIpasswdfile\fR argument (usually the first one) is omitted\&. It cannot be combined with the \fB-c\fR option\&. +.TP +\fB-m\fR +Use MD5 encryption for passwords\&. On Windows and Netware, this is the default\&. +.TP +\fB-B\fR +Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&. +.TP +\fB-C\fR +This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&. +.TP +\fB-d\fR +Use \fBcrypt()\fR encryption for passwords\&. The default on all platforms but Windows and Netware\&. Though possibly supported by \fBhtdbm\fR on all platforms, it is not supported by the httpd server on Windows and Netware\&. This algorithm is \fBinsecure\fR by today's standards\&. +.TP +\fB-s\fR +Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&. +.TP +\fB-p\fR +Use plaintext passwords\&. Though \fBhtdbm\fR will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&. +.TP +\fB-l\fR +Print each of the usernames and comments from the database on stdout\&. +.TP +\fB-v\fR +Verify the username and password\&. The program will print a message indicating whether the supplied password is valid\&. If the password is invalid, the program exits with error code 3\&. +.TP +\fB-x\fR +Delete user\&. If the username exists in the specified DBM file, it will be deleted\&. +.TP +\fB-t\fR +Interpret the final parameter as a comment\&. When this option is specified, an additional string can be appended to the command line; this string will be stored in the "Comment" field of the database, associated with the specified username\&. +.TP +\fB\fIfilename\fR\fR +The filename of the DBM format file\&. Usually without the extension \fB\&.db\fR, \fB\&.pag\fR, or \fB\&.dir\fR\&. If \fB-c\fR is given, the DBM file is created if it does not already exist, or updated if it does exist\&. +.TP +\fB\fIusername\fR\fR +The username to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist in this file, an entry is added\&. If it does exist, the password is changed\&. +.TP +\fB\fIpassword\fR\fR +The plaintext password to be encrypted and stored in the DBM file\&. Used only with the \fB-b\fR flag\&. +.TP +\fB-T\fIDBTYPE\fR\fR +Type of DBM file (SDBM, GDBM, DB, or "default")\&. + +.SH "BUGS" + +.PP +One should be aware that there are a number of different DBM file formats in existence, and with all likelihood, libraries for more than one format may exist on your system\&. The three primary examples are SDBM, NDBM, GNU GDBM, and Berkeley/Sleepycat DB 2/3/4\&. Unfortunately, all these libraries use different file formats, and you must make sure that the file format used by \fIfilename\fR is the same format that \fBhtdbm\fR expects to see\&. \fBhtdbm\fR currently has no way of determining what type of DBM file it is looking at\&. If used against the wrong format, will simply return nothing, or may create a different DBM file with a different name, or at worst, it may corrupt the DBM file if you were attempting to write to it\&. + +.PP +One can usually use the \fBfile\fR program supplied with most Unix systems to see what format a DBM file is in\&. + +.SH "EXIT STATUS" + +.PP +\fBhtdbm\fR returns a zero status ("true") if the username and password have been successfully added or updated in the DBM File\&. \fBhtdbm\fR returns \fB1\fR if it encounters some problem accessing files, \fB2\fR if there was a syntax problem with the command line, \fB3\fR if the password was entered interactively and the verification entry didn't match, \fB4\fR if its operation was interrupted, \fB5\fR if a value is too long (username, filename, password, or final computed record), \fB6\fR if the username contains illegal characters (see the Restrictions section), and \fB7\fR if the file is not a valid DBM password file\&. + +.SH "EXAMPLES" + +.nf -      htdbm /usr/local/etc/apache/\&.htdbm-users jsmith -     -.fi -  -.PP -Adds or modifies the password for user \fBjsmith\fR\&. The user is prompted for the password\&. If executed on a Windows system, the password will be encrypted using the modified Apache MD5 algorithm; otherwise, the system's \fBcrypt()\fR routine will be used\&. If the file does not exist, \fBhtdbm\fR will do nothing except return an error\&. -  -.nf + htdbm /usr/local/etc/apache/\&.htdbm-users jsmith + +.fi + +.PP +Adds or modifies the password for user \fBjsmith\fR\&. The user is prompted for the password\&. If executed on a Windows system, the password will be encrypted using the modified Apache MD5 algorithm; otherwise, the system's \fBcrypt()\fR routine will be used\&. If the file does not exist, \fBhtdbm\fR will do nothing except return an error\&. + +.nf -      htdbm -c /home/doe/public_html/\&.htdbm jane -     -.fi -  -.PP -Creates a new file and stores a record in it for user \fBjane\fR\&. The user is prompted for the password\&. If the file exists and cannot be read, or cannot be written, it is not altered and \fBhtdbm\fR will display a message and return an error status\&. -  -.nf + htdbm -c /home/doe/public_html/\&.htdbm jane + +.fi + +.PP +Creates a new file and stores a record in it for user \fBjane\fR\&. The user is prompted for the password\&. If the file exists and cannot be read, or cannot be written, it is not altered and \fBhtdbm\fR will display a message and return an error status\&. + +.nf -      htdbm -mb /usr/web/\&.htdbm-all jones Pwd4Steve -     -.fi -  -.PP -Encrypts the password from the command line (\fBPwd4Steve\fR) using the MD5 algorithm, and stores it in the specified file\&. -  -.PP -To convert an existing text file \fBhtpasswd\fR-generated password file to a \fBdbm\fR file, use \fBawk\fR to feed each line of that file into \fBhtdbm\fR: -  -.nf + htdbm -mb /usr/web/\&.htdbm-all jones Pwd4Steve + +.fi + +.PP +Encrypts the password from the command line (\fBPwd4Steve\fR) using the MD5 algorithm, and stores it in the specified file\&. + +.PP +To convert an existing text file \fBhtpasswd\fR-generated password file to a \fBdbm\fR file, use \fBawk\fR to feed each line of that file into \fBhtdbm\fR: + +.nf -      htdbm -cbp passwords\&.dbm bogus bogus -      awk ‘BEGIN { FS=”:” }; {system (“htdbm -bp passwords\&.dbm ” $1 ” ” $2)}’ passwords -      htdbm -x bogus -     -.fi -  -.PP -The first line creates a new password database with a temporary placeholder entry, and the thrid line removes that placeholder\&. -  -.SH "SECURITY CONSIDERATIONS" -  -.PP -Web password files such as those managed by \fBhtdbm\fR should \fInot\fR be within the Web server's URI space -- that is, they should not be fetchable with a browser\&. -  -.PP -The use of the \fB-b\fR option is discouraged, since when it is used the unencrypted password appears on the command line\&. -  -.PP -When using the \fBcrypt()\fR algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&. -  -.PP -The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&. -  -.PP -The SHA and \fBcrypt()\fR formats are insecure by today's standards\&. -  -.SH "RESTRICTIONS" -  -.PP -On the Windows platform, passwords encrypted with \fBhtdbm\fR are limited to no more than \fB255\fR characters in length\&. Longer passwords will be truncated to 255 characters\&. -  -.PP -The MD5 algorithm used by \fBhtdbm\fR is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers\&. -  -.PP -Usernames are limited to \fB255\fR bytes and may not include the character \fB:\fR\&. -  + htdbm -cbp passwords\&.dbm bogus bogus + awk ‘BEGIN { FS=”:” }; {system (“htdbm -bp passwords\&.dbm ” $1 ” ” $2)}’ passwords + htdbm -x bogus + +.fi + +.PP +The first line creates a new password database with a temporary placeholder entry, and the thrid line removes that placeholder\&. + +.SH "SECURITY CONSIDERATIONS" + +.PP +Web password files such as those managed by \fBhtdbm\fR should \fInot\fR be within the Web server's URI space -- that is, they should not be fetchable with a browser\&. + +.PP +The use of the \fB-b\fR option is discouraged, since when it is used the unencrypted password appears on the command line\&. + +.PP +When using the \fBcrypt()\fR algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&. + +.PP +The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&. + +.PP +The SHA and \fBcrypt()\fR formats are insecure by today's standards\&. + +.SH "RESTRICTIONS" + +.PP +On the Windows platform, passwords encrypted with \fBhtdbm\fR are limited to no more than \fB255\fR characters in length\&. Longer passwords will be truncated to 255 characters\&. + +.PP +The MD5 algorithm used by \fBhtdbm\fR is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers\&. + +.PP +Usernames are limited to \fB255\fR bytes and may not include the character \fB:\fR\&. + diff --git a/docs/man/htdigest.1 b/docs/man/htdigest.1 index 0e3ca0015b..19d717b8e4 100644 --- a/docs/man/htdigest.1 +++ b/docs/man/htdigest.1 @@ -1,62 +1,62 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HTDIGEST" 1 "@date@" "Apache HTTP Server" "htdigest" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "HTDIGEST" 1 "2018-09-27" "Apache HTTP Server" "htdigest" -.SH NAME -htdigest \- manage user files for digest authentication +.SH NAME +htdigest \- manage user files for digest authentication -.SH "SYNOPSIS" -  -.PP -\fB\fBhtdigest\fR [ -\fBc\fR ] \fIpasswdfile\fR \fIrealm\fR \fIusername\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBhtdigest\fR [ -\fBc\fR ] \fIpasswdfile\fR \fIrealm\fR \fIusername\fR\fR + -.SH "SUMMARY" -  -.PP -\fBhtdigest\fR is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users\&. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBhtdigest\fR\&. -  -.PP -This manual page only lists the command line arguments\&. For details of the directives necessary to configure digest authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. -  +.SH "SUMMARY" + +.PP +\fBhtdigest\fR is used to create and update the flat-files used to store usernames, realm and password for digest authentication of HTTP users\&. Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBhtdigest\fR\&. + +.PP +This manual page only lists the command line arguments\&. For details of the directives necessary to configure digest authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. + -.SH "OPTIONS" -  -  -.TP -\fB-c\fR -Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is deleted first\&.   -.TP -\fB\fIpasswdfile\fR\fR -Name of the file to contain the username, realm and password\&. If \fB-c\fR is given, this file is created if it does not already exist, or deleted and recreated if it does exist\&.   -.TP -\fB\fIrealm\fR\fR -The realm name to which the user name belongs\&. See http://tools\&.ietf\&.org/html/rfc2617#section-3\&.2\&.1 for more details\&.   -.TP -\fB\fIusername\fR\fR -The user name to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist is this file, an entry is added\&. If it does exist, the password is changed\&.   -  -.SH "SECURITY CONSIDERATIONS" -  -.PP -This program is not safe as a setuid executable\&. Do \fInot\fR make it setuid\&. -  +.SH "OPTIONS" + + +.TP +\fB-c\fR +Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is deleted first\&. +.TP +\fB\fIpasswdfile\fR\fR +Name of the file to contain the username, realm and password\&. If \fB-c\fR is given, this file is created if it does not already exist, or deleted and recreated if it does exist\&. +.TP +\fB\fIrealm\fR\fR +The realm name to which the user name belongs\&. See http://tools\&.ietf\&.org/html/rfc2617#section-3\&.2\&.1 for more details\&. +.TP +\fB\fIusername\fR\fR +The user name to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist is this file, an entry is added\&. If it does exist, the password is changed\&. + +.SH "SECURITY CONSIDERATIONS" + +.PP +This program is not safe as a setuid executable\&. Do \fInot\fR make it setuid\&. + diff --git a/docs/man/htpasswd.1 b/docs/man/htpasswd.1 index ec9a2921df..8ada546f6f 100644 --- a/docs/man/htpasswd.1 +++ b/docs/man/htpasswd.1 @@ -1,170 +1,170 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HTPASSWD" 1 "@date@" "Apache HTTP Server" "htpasswd" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "HTPASSWD" 1 "2018-09-27" "Apache HTTP Server" "htpasswd" -.SH NAME -htpasswd \- Manage user files for basic authentication +.SH NAME +htpasswd \- Manage user files for basic authentication -.SH "SYNOPSIS" -  -.PP -\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR\fR -  -.PP -\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR -  -.PP -\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR -  -.PP -\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBhtpasswd\fR [ -\fBc\fR ] [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR\fR + +.PP +\fB\fBhtpasswd\fR -\fBb\fR [ -\fBc\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] [ -\fBD\fR ] [ -\fBv\fR ] \fIpasswdfile\fR \fIusername\fR \fIpassword\fR\fR + +.PP +\fB\fBhtpasswd\fR -\fBn\fR [ -\fBi\fR ] [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR\fR + +.PP +\fB\fBhtpasswd\fR -\fBnb\fR [ -\fBm\fR | -\fBB\fR | -\fBd\fR | -\fBs\fR | -\fBp\fR ] [ -\fBC\fR \fIcost\fR ] \fIusername\fR \fIpassword\fR\fR + -.SH "SUMMARY" -  -.PP -\fBhtpasswd\fR is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users\&. If \fBhtpasswd\fR cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes\&. -  -.PP -Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBhtpasswd\fR\&. This program can only manage usernames and passwords stored in a flat-file\&. It can encrypt and display password information for use in other types of data stores, though\&. To use a DBM database see dbmmanage or htdbm\&. -  -.PP -\fBhtpasswd\fR encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's \fBcrypt()\fR routine\&. Files managed by \fBhtpasswd\fR may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with \fBcrypt()\fR\&. -  -.PP -This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. -  +.SH "SUMMARY" + +.PP +\fBhtpasswd\fR is used to create and update the flat-files used to store usernames and password for basic authentication of HTTP users\&. If \fBhtpasswd\fR cannot access a file, such as not being able to write to the output file or not being able to read the file in order to update it, it returns an error status and makes no changes\&. + +.PP +Resources available from the Apache HTTP server can be restricted to just the users listed in the files created by \fBhtpasswd\fR\&. This program can only manage usernames and passwords stored in a flat-file\&. It can encrypt and display password information for use in other types of data stores, though\&. To use a DBM database see dbmmanage or htdbm\&. + +.PP +\fBhtpasswd\fR encrypts passwords using either bcrypt, a version of MD5 modified for Apache, SHA1, or the system's \fBcrypt()\fR routine\&. Files managed by \fBhtpasswd\fR may contain a mixture of different encoding types of passwords; some user records may have bcrypt or MD5-encrypted passwords while others in the same file may have passwords encrypted with \fBcrypt()\fR\&. + +.PP +This manual page only lists the command line arguments\&. For details of the directives necessary to configure user authentication in httpd see the Apache manual, which is part of the Apache distribution or can be found at http://httpd\&.apache\&.org/\&. + -.SH "OPTIONS" -  -  -.TP -\fB-b\fR -Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&. For script use see the \fB-i\fR option\&. Available in 2\&.4\&.4 and later\&.   -.TP -\fB-i\fR -Read the password from stdin without verification (for script usage)\&.   -.TP -\fB-c\fR -Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the \fB-n\fR option\&.   -.TP -\fB-n\fR -Display the results on standard output rather than updating a file\&. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores\&. This option changes the syntax of the command line, since the \fIpasswdfile\fR argument (usually the first one) is omitted\&. It cannot be combined with the \fB-c\fR option\&.   -.TP -\fB-m\fR -Use MD5 encryption for passwords\&. This is the default (since version 2\&.2\&.18)\&.   -.TP -\fB-B\fR -Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&.   -.TP -\fB-C\fR -This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&.   -.TP -\fB-d\fR -Use \fBcrypt()\fR encryption for passwords\&. This is not supported by the httpd server on Windows and Netware\&. This algorithm limits the password length to 8 characters\&. This algorithm is \fBinsecure\fR by today's standards\&. It used to be the default algorithm until version 2\&.2\&.17\&.   -.TP -\fB-s\fR -Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&.   -.TP -\fB-p\fR -Use plaintext passwords\&. Though \fBhtpasswd\fR will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&.   -.TP -\fB-D\fR -Delete user\&. If the username exists in the specified htpasswd file, it will be deleted\&.   -.TP -\fB-v\fR -Verify password\&. Verify that the given password matches the password of the user stored in the specified htpasswd file\&. Available in 2\&.4\&.5 and later\&.   -.TP -\fB\fIpasswdfile\fR\fR -Name of the file to contain the user name and password\&. If \fB-c\fR is given, this file is created if it does not already exist, or rewritten and truncated if it does exist\&.   -.TP -\fB\fIusername\fR\fR -The username to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist in this file, an entry is added\&. If it does exist, the password is changed\&.   -.TP -\fB\fIpassword\fR\fR -The plaintext password to be encrypted and stored in the file\&. Only used with the \fB-b\fR flag\&.   -  -.SH "EXIT STATUS" -  -.PP -\fBhtpasswd\fR returns a zero status ("true") if the username and password have been successfully added or updated in the \fIpasswdfile\fR\&. \fBhtpasswd\fR returns \fB1\fR if it encounters some problem accessing files, \fB2\fR if there was a syntax problem with the command line, \fB3\fR if the password was entered interactively and the verification entry didn't match, \fB4\fR if its operation was interrupted, \fB5\fR if a value is too long (username, filename, password, or final computed record), \fB6\fR if the username contains illegal characters (see the Restrictions section), and \fB7\fR if the file is not a valid password file\&. -  -.SH "EXAMPLES" -  -.nf +.SH "OPTIONS" + + +.TP +\fB-b\fR +Use batch mode; \fIi\&.e\&.\fR, get the password from the command line rather than prompting for it\&. This option should be used with extreme care, since \fBthe password is clearly visible\fR on the command line\&. For script use see the \fB-i\fR option\&. Available in 2\&.4\&.4 and later\&. +.TP +\fB-i\fR +Read the password from stdin without verification (for script usage)\&. +.TP +\fB-c\fR +Create the \fIpasswdfile\fR\&. If \fIpasswdfile\fR already exists, it is rewritten and truncated\&. This option cannot be combined with the \fB-n\fR option\&. +.TP +\fB-n\fR +Display the results on standard output rather than updating a file\&. This is useful for generating password records acceptable to Apache for inclusion in non-text data stores\&. This option changes the syntax of the command line, since the \fIpasswdfile\fR argument (usually the first one) is omitted\&. It cannot be combined with the \fB-c\fR option\&. +.TP +\fB-m\fR +Use MD5 encryption for passwords\&. This is the default (since version 2\&.2\&.18)\&. +.TP +\fB-B\fR +Use bcrypt encryption for passwords\&. This is currently considered to be very secure\&. +.TP +\fB-C\fR +This flag is only allowed in combination with \fB-B\fR (bcrypt encryption)\&. It sets the computing time used for the bcrypt algorithm (higher is more secure but slower, default: 5, valid: 4 to 31)\&. +.TP +\fB-d\fR +Use \fBcrypt()\fR encryption for passwords\&. This is not supported by the httpd server on Windows and Netware\&. This algorithm limits the password length to 8 characters\&. This algorithm is \fBinsecure\fR by today's standards\&. It used to be the default algorithm until version 2\&.2\&.17\&. +.TP +\fB-s\fR +Use SHA encryption for passwords\&. Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif)\&. This algorithm is \fBinsecure\fR by today's standards\&. +.TP +\fB-p\fR +Use plaintext passwords\&. Though \fBhtpasswd\fR will support creation on all platforms, the httpd daemon will only accept plain text passwords on Windows and Netware\&. +.TP +\fB-D\fR +Delete user\&. If the username exists in the specified htpasswd file, it will be deleted\&. +.TP +\fB-v\fR +Verify password\&. Verify that the given password matches the password of the user stored in the specified htpasswd file\&. Available in 2\&.4\&.5 and later\&. +.TP +\fB\fIpasswdfile\fR\fR +Name of the file to contain the user name and password\&. If \fB-c\fR is given, this file is created if it does not already exist, or rewritten and truncated if it does exist\&. +.TP +\fB\fIusername\fR\fR +The username to create or update in \fIpasswdfile\fR\&. If \fIusername\fR does not exist in this file, an entry is added\&. If it does exist, the password is changed\&. +.TP +\fB\fIpassword\fR\fR +The plaintext password to be encrypted and stored in the file\&. Only used with the \fB-b\fR flag\&. + +.SH "EXIT STATUS" + +.PP +\fBhtpasswd\fR returns a zero status ("true") if the username and password have been successfully added or updated in the \fIpasswdfile\fR\&. \fBhtpasswd\fR returns \fB1\fR if it encounters some problem accessing files, \fB2\fR if there was a syntax problem with the command line, \fB3\fR if the password was entered interactively and the verification entry didn't match, \fB4\fR if its operation was interrupted, \fB5\fR if a value is too long (username, filename, password, or final computed record), \fB6\fR if the username contains illegal characters (see the Restrictions section), and \fB7\fR if the file is not a valid password file\&. + +.SH "EXAMPLES" + +.nf -      htpasswd /usr/local/etc/apache/\&.htpasswd-users jsmith -     -.fi -  -.PP -Adds or modifies the password for user \fBjsmith\fR\&. The user is prompted for the password\&. The password will be encrypted using the modified Apache MD5 algorithm\&. If the file does not exist, \fBhtpasswd\fR will do nothing except return an error\&. -  -.nf + htpasswd /usr/local/etc/apache/\&.htpasswd-users jsmith + +.fi + +.PP +Adds or modifies the password for user \fBjsmith\fR\&. The user is prompted for the password\&. The password will be encrypted using the modified Apache MD5 algorithm\&. If the file does not exist, \fBhtpasswd\fR will do nothing except return an error\&. + +.nf -      htpasswd -c /home/doe/public_html/\&.htpasswd jane -     -.fi -  -.PP -Creates a new file and stores a record in it for user \fBjane\fR\&. The user is prompted for the password\&. If the file exists and cannot be read, or cannot be written, it is not altered and \fBhtpasswd\fR will display a message and return an error status\&. -  -.nf + htpasswd -c /home/doe/public_html/\&.htpasswd jane + +.fi + +.PP +Creates a new file and stores a record in it for user \fBjane\fR\&. The user is prompted for the password\&. If the file exists and cannot be read, or cannot be written, it is not altered and \fBhtpasswd\fR will display a message and return an error status\&. + +.nf -      htpasswd -db /usr/web/\&.htpasswd-all jones Pwd4Steve -     -.fi -  -.PP -Encrypts the password from the command line (\fBPwd4Steve\fR) using the \fBcrypt()\fR algorithm, and stores it in the specified file\&. -  -.SH "SECURITY CONSIDERATIONS" -  -.PP -Web password files such as those managed by \fBhtpasswd\fR should \fInot\fR be within the Web server's URI space -- that is, they should not be fetchable with a browser\&. -  -.PP -This program is not safe as a setuid executable\&. Do \fInot\fR make it setuid\&. -  -.PP -The use of the \fB-b\fR option is discouraged, since when it is used the unencrypted password appears on the command line\&. -  -.PP -When using the \fBcrypt()\fR algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&. -  -.PP -The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&. -  -.PP -The SHA and \fBcrypt()\fR formats are insecure by today's standards\&. -  -.SH "RESTRICTIONS" -  -.PP -On the Windows platform, passwords encrypted with \fBhtpasswd\fR are limited to no more than \fB255\fR characters in length\&. Longer passwords will be truncated to 255 characters\&. -  -.PP -The MD5 algorithm used by \fBhtpasswd\fR is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers\&. -  -.PP -Usernames are limited to \fB255\fR bytes and may not include the character \fB:\fR\&. -  + htpasswd -db /usr/web/\&.htpasswd-all jones Pwd4Steve + +.fi + +.PP +Encrypts the password from the command line (\fBPwd4Steve\fR) using the \fBcrypt()\fR algorithm, and stores it in the specified file\&. + +.SH "SECURITY CONSIDERATIONS" + +.PP +Web password files such as those managed by \fBhtpasswd\fR should \fInot\fR be within the Web server's URI space -- that is, they should not be fetchable with a browser\&. + +.PP +This program is not safe as a setuid executable\&. Do \fInot\fR make it setuid\&. + +.PP +The use of the \fB-b\fR option is discouraged, since when it is used the unencrypted password appears on the command line\&. + +.PP +When using the \fBcrypt()\fR algorithm, note that only the first 8 characters of the password are used to form the password\&. If the supplied password is longer, the extra characters will be silently discarded\&. + +.PP +The SHA encryption format does not use salting: for a given password, there is only one encrypted representation\&. The \fBcrypt()\fR and MD5 formats permute the representation by prepending a random salt string, to make dictionary attacks against the passwords more difficult\&. + +.PP +The SHA and \fBcrypt()\fR formats are insecure by today's standards\&. + +.SH "RESTRICTIONS" + +.PP +On the Windows platform, passwords encrypted with \fBhtpasswd\fR are limited to no more than \fB255\fR characters in length\&. Longer passwords will be truncated to 255 characters\&. + +.PP +The MD5 algorithm used by \fBhtpasswd\fR is specific to the Apache software; passwords encrypted using it will not be usable with other Web servers\&. + +.PP +Usernames are limited to \fB255\fR bytes and may not include the character \fB:\fR\&. + diff --git a/docs/man/httpd.8 b/docs/man/httpd.8 index 07610b2181..c38869127c 100644 --- a/docs/man/httpd.8 +++ b/docs/man/httpd.8 @@ -1,119 +1,119 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HTTPD" 8 "@date@" "Apache HTTP Server" "httpd" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "HTTPD" 8 "2018-09-27" "Apache HTTP Server" "httpd" -.SH NAME -httpd \- Apache Hypertext Transfer Protocol Server +.SH NAME +httpd \- Apache Hypertext Transfer Protocol Server -.SH "SYNOPSIS" -  -.PP -\fB\fBhttpd\fR [ -\fBd\fR \fIserverroot\fR ] [ -\fBf\fR \fIconfig\fR ] [ -\fBC\fR \fIdirective\fR ] [ -\fBc\fR \fIdirective\fR ] [ -\fBD\fR \fIparameter\fR ] [ -\fBe\fR \fIlevel\fR ] [ -\fBE\fR \fIfile\fR ] [ \fB-k\fR start|restart|graceful|stop|graceful-stop ] [ -\fBh\fR ] [ -\fBl\fR ] [ -\fBL\fR ] [ -\fBS\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBV\fR ] [ -\fBX\fR ] [ -\fBM\fR ] [ -\fBT\fR ] \fR -  -.PP -On Windows systems, the following additional arguments are available: -  -.PP -\fB\fBhttpd\fR [ -\fBk\fR install|config|uninstall ] [ -\fBn\fR \fIname\fR ] [ -\fBw\fR ]\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBhttpd\fR [ -\fBd\fR \fIserverroot\fR ] [ -\fBf\fR \fIconfig\fR ] [ -\fBC\fR \fIdirective\fR ] [ -\fBc\fR \fIdirective\fR ] [ -\fBD\fR \fIparameter\fR ] [ -\fBe\fR \fIlevel\fR ] [ -\fBE\fR \fIfile\fR ] [ \fB-k\fR start|restart|graceful|stop|graceful-stop ] [ -\fBh\fR ] [ -\fBl\fR ] [ -\fBL\fR ] [ -\fBS\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBV\fR ] [ -\fBX\fR ] [ -\fBM\fR ] [ -\fBT\fR ] \fR + +.PP +On Windows systems, the following additional arguments are available: + +.PP +\fB\fBhttpd\fR [ -\fBk\fR install|config|uninstall ] [ -\fBn\fR \fIname\fR ] [ -\fBw\fR ]\fR + -.SH "SUMMARY" -  -.PP -\fBhttpd\fR is the Apache HyperText Transfer Protocol (HTTP) server program\&. It is designed to be run as a standalone daemon process\&. When used like this it will create a pool of child processes or threads to handle requests\&. -  -.PP -In general, \fBhttpd\fR should not be invoked directly, but rather should be invoked via apachectl on Unix-based systems or as a service on Windows NT, 2000 and XP and as a console application on Windows 9x and ME\&. -  +.SH "SUMMARY" + +.PP +\fBhttpd\fR is the Apache HyperText Transfer Protocol (HTTP) server program\&. It is designed to be run as a standalone daemon process\&. When used like this it will create a pool of child processes or threads to handle requests\&. + +.PP +In general, \fBhttpd\fR should not be invoked directly, but rather should be invoked via apachectl on Unix-based systems or as a service on Windows NT, 2000 and XP and as a console application on Windows 9x and ME\&. + -.SH "OPTIONS" -  -  -.TP -\fB-d \fIserverroot\fR\fR -Set the initial value for the ServerRoot directive to \fIserverroot\fR\&. This can be overridden by the ServerRoot directive in the configuration file\&. The default is \fB/usr/local/apache2\fR\&.   -.TP -\fB-f \fIconfig\fR\fR -Uses the directives in the file \fIconfig\fR on startup\&. If \fIconfig\fR does not begin with a /, then it is taken to be a path relative to the ServerRoot\&. The default is \fBconf/httpd\&.conf\fR\&.   -.TP -\fB-k \fBstart|restart|graceful|stop|graceful-stop\fR\fR -Signals \fBhttpd\fR to start, restart, or stop\&. See Stopping Apache httpd for more information\&.   -.TP -\fB-C \fIdirective\fR\fR -Process the configuration \fIdirective\fR before reading config files\&.   -.TP -\fB-c \fIdirective\fR\fR -Process the configuration \fIdirective\fR after reading config files\&.   -.TP -\fB-D \fIparameter\fR\fR -Sets a configuration \fIparameter \fRwhich can be used with <IfDefine> sections in the configuration files to conditionally skip or process commands at server startup and restart\&. Also can be used to set certain less-common startup parameters including \fB-DNO_DETACH\fR (prevent the parent from forking) and \fB-DFOREGROUND\fR (prevent the parent from calling \fBsetsid()\fR et al)\&.   -.TP -\fB-e \fIlevel\fR\fR -Sets the LogLevel to \fIlevel\fR during server startup\&. This is useful for temporarily increasing the verbosity of the error messages to find problems during startup\&.   -.TP -\fB-E \fIfile\fR\fR -Send error messages during server startup to \fIfile\fR\&.   -.TP -\fB-h\fR -Output a short summary of available command line options\&.   -.TP -\fB-l\fR -Output a list of modules compiled into the server\&. This will \fBnot\fR list dynamically loaded modules included using the LoadModule directive\&.   -.TP -\fB-L\fR -Output a list of directives provided by static modules, together with expected arguments and places where the directive is valid\&. Directives provided by shared modules are not listed\&.   -.TP -\fB-M\fR -Dump a list of loaded Static and Shared Modules\&.   -.TP -\fB-S\fR -Show the settings as parsed from the config file (currently only shows the virtualhost settings)\&.   -.TP -\fB-T\fR (Available in 2\&.3\&.8 and later) -Skip document root check at startup/restart\&.   -.TP -\fB-t\fR -Run syntax tests for configuration files only\&. The program immediately exits after these syntax parsing tests with either a return code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error)\&. If -D \fIDUMP\fR_\fIVHOSTS \fRis also set, details of the virtual host configuration will be printed\&. If -D \fIDUMP\fR_\fIMODULES \fR is set, all loaded modules will be printed\&. If -D \fIDUMP\fR_\fICERTS \fR is set and mod_ssl is used, configured SSL certificates will be printed\&. If -D \fIDUMP\fR_\fICA\fR_\fI_CERTS \fR is set and mod_ssl is used, configured SSL CA certificates and configured directories containing SSL CA certificates will be printed\&.   -.TP -\fB-v\fR -Print the version of \fBhttpd\fR, and then exit\&.   -.TP -\fB-V\fR -Print the version and build parameters of \fBhttpd\fR, and then exit\&.   -.TP -\fB-X\fR -Run httpd in debug mode\&. Only one worker will be started and the server will not detach from the console\&.   -  -.PP -The following arguments are available only on the Windows platform: -  -  -.TP -\fB-k install|config|uninstall\fR -Install Apache httpd as a Windows NT service; change startup options for the Apache httpd service; and uninstall the Apache httpd service\&.   -.TP -\fB-n \fIname\fR\fR -The \fIname\fR of the Apache httpd service to signal\&.   -.TP -\fB-w\fR -Keep the console window open on error so that the error message can be read\&.   -  +.SH "OPTIONS" + + +.TP +\fB-d \fIserverroot\fR\fR +Set the initial value for the ServerRoot directive to \fIserverroot\fR\&. This can be overridden by the ServerRoot directive in the configuration file\&. The default is \fB/usr/local/apache2\fR\&. +.TP +\fB-f \fIconfig\fR\fR +Uses the directives in the file \fIconfig\fR on startup\&. If \fIconfig\fR does not begin with a /, then it is taken to be a path relative to the ServerRoot\&. The default is \fBconf/httpd\&.conf\fR\&. +.TP +\fB-k \fBstart|restart|graceful|stop|graceful-stop\fR\fR +Signals \fBhttpd\fR to start, restart, or stop\&. See Stopping Apache httpd for more information\&. +.TP +\fB-C \fIdirective\fR\fR +Process the configuration \fIdirective\fR before reading config files\&. +.TP +\fB-c \fIdirective\fR\fR +Process the configuration \fIdirective\fR after reading config files\&. +.TP +\fB-D \fIparameter\fR\fR +Sets a configuration \fIparameter \fRwhich can be used with <IfDefine> sections in the configuration files to conditionally skip or process commands at server startup and restart\&. Also can be used to set certain less-common startup parameters including \fB-DNO_DETACH\fR (prevent the parent from forking) and \fB-DFOREGROUND\fR (prevent the parent from calling \fBsetsid()\fR et al)\&. +.TP +\fB-e \fIlevel\fR\fR +Sets the LogLevel to \fIlevel\fR during server startup\&. This is useful for temporarily increasing the verbosity of the error messages to find problems during startup\&. +.TP +\fB-E \fIfile\fR\fR +Send error messages during server startup to \fIfile\fR\&. +.TP +\fB-h\fR +Output a short summary of available command line options\&. +.TP +\fB-l\fR +Output a list of modules compiled into the server\&. This will \fBnot\fR list dynamically loaded modules included using the LoadModule directive\&. +.TP +\fB-L\fR +Output a list of directives provided by static modules, together with expected arguments and places where the directive is valid\&. Directives provided by shared modules are not listed\&. +.TP +\fB-M\fR +Dump a list of loaded Static and Shared Modules\&. +.TP +\fB-S\fR +Show the settings as parsed from the config file (currently only shows the virtualhost settings)\&. +.TP +\fB-T\fR (Available in 2\&.3\&.8 and later) +Skip document root check at startup/restart\&. +.TP +\fB-t\fR +Run syntax tests for configuration files only\&. The program immediately exits after these syntax parsing tests with either a return code of 0 (Syntax OK) or return code not equal to 0 (Syntax Error)\&. If -D \fIDUMP\fR_\fIVHOSTS \fRis also set, details of the virtual host configuration will be printed\&. If -D \fIDUMP\fR_\fIMODULES \fR is set, all loaded modules will be printed\&. If -D \fIDUMP\fR_\fICERTS \fR is set and mod_ssl is used, configured SSL certificates will be printed\&. If -D \fIDUMP\fR_\fICA\fR_\fI_CERTS \fR is set and mod_ssl is used, configured SSL CA certificates and configured directories containing SSL CA certificates will be printed\&. +.TP +\fB-v\fR +Print the version of \fBhttpd\fR, and then exit\&. +.TP +\fB-V\fR +Print the version and build parameters of \fBhttpd\fR, and then exit\&. +.TP +\fB-X\fR +Run httpd in debug mode\&. Only one worker will be started and the server will not detach from the console\&. + +.PP +The following arguments are available only on the Windows platform: + + +.TP +\fB-k install|config|uninstall\fR +Install Apache httpd as a Windows NT service; change startup options for the Apache httpd service; and uninstall the Apache httpd service\&. +.TP +\fB-n \fIname\fR\fR +The \fIname\fR of the Apache httpd service to signal\&. +.TP +\fB-w\fR +Keep the console window open on error so that the error message can be read\&. + diff --git a/docs/man/httxt2dbm.1 b/docs/man/httxt2dbm.1 index f171e84eb9..2f3a94e1a8 100644 --- a/docs/man/httxt2dbm.1 +++ b/docs/man/httxt2dbm.1 @@ -1,65 +1,65 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "HTTXT2DBM" 1 "@date@" "Apache HTTP Server" "httxt2dbm" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "HTTXT2DBM" 1 "2018-09-27" "Apache HTTP Server" "httxt2dbm" -.SH NAME -httxt2dbm \- Generate dbm files for use with RewriteMap +.SH NAME +httxt2dbm \- Generate dbm files for use with RewriteMap -.SH "SYNOPSIS" -  -.PP -\fB\fBhttxt2dbm\fR [ -\fBv\fR ] [ -\fBf\fR \fIDBM_TYPE\fR ] -\fBi\fR \fISOURCE_TXT\fR -\fBo\fR \fIOUTPUT_DBM\fR \fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBhttxt2dbm\fR [ -\fBv\fR ] [ -\fBf\fR \fIDBM_TYPE\fR ] -\fBi\fR \fISOURCE_TXT\fR -\fBo\fR \fIOUTPUT_DBM\fR \fR + -.SH "SUMMARY" -  -.PP -\fBhttxt2dbm\fR is used to generate dbm files from text input, for use in RewriteMap with the \fBdbm\fR map type\&. -  -.PP -If the output file already exists, it will not be truncated\&. New keys will be added and existing keys will be updated\&. -  +.SH "SUMMARY" + +.PP +\fBhttxt2dbm\fR is used to generate dbm files from text input, for use in RewriteMap with the \fBdbm\fR map type\&. + +.PP +If the output file already exists, it will not be truncated\&. New keys will be added and existing keys will be updated\&. + -.SH "OPTIONS" -  -  -.TP -\fB-v\fR -More verbose output   -.TP -\fB-f \fIDBM_TYPE\fR\fR -Specify the DBM type to be used for the output\&. If not specified, will use the APR Default\&. Available types are: \fBGDBM\fR for GDBM files, \fBSDBM\fR for SDBM files, \fBDB\fR for berkeley DB files, \fBNDBM\fR for NDBM files, \fBdefault\fR for the default DBM type\&.   -.TP -\fB-i \fISOURCE_TXT\fR\fR -Input file from which the dbm is to be created\&. The file should be formated with one record per line, of the form: \fBkey value\fR\&. See the documentation for RewriteMap for further details of this file's format and meaning\&.   -.TP -\fB-o \fIOUTPUT_DBM\fR\fR -Name of the output dbm files\&.   -  -.SH "EXAMPLES" -  -.nf +.SH "OPTIONS" + + +.TP +\fB-v\fR +More verbose output +.TP +\fB-f \fIDBM_TYPE\fR\fR +Specify the DBM type to be used for the output\&. If not specified, will use the APR Default\&. Available types are: \fBGDBM\fR for GDBM files, \fBSDBM\fR for SDBM files, \fBDB\fR for berkeley DB files, \fBNDBM\fR for NDBM files, \fBdefault\fR for the default DBM type\&. +.TP +\fB-i \fISOURCE_TXT\fR\fR +Input file from which the dbm is to be created\&. The file should be formated with one record per line, of the form: \fBkey value\fR\&. See the documentation for RewriteMap for further details of this file's format and meaning\&. +.TP +\fB-o \fIOUTPUT_DBM\fR\fR +Name of the output dbm files\&. + +.SH "EXAMPLES" + +.nf -      httxt2dbm -i rewritemap\&.txt -o rewritemap\&.dbm -      httxt2dbm -f SDBM -i rewritemap\&.txt -o rewritemap\&.dbm  -.fi -  + httxt2dbm -i rewritemap\&.txt -o rewritemap\&.dbm + httxt2dbm -f SDBM -i rewritemap\&.txt -o rewritemap\&.dbm +.fi + diff --git a/docs/man/logresolve.1 b/docs/man/logresolve.1 index 81426b38d7..4ebe720178 100644 --- a/docs/man/logresolve.1 +++ b/docs/man/logresolve.1 @@ -1,51 +1,51 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "LOGRESOLVE" 1 "@date@" "Apache HTTP Server" "logresolve" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "LOGRESOLVE" 1 "2018-09-27" "Apache HTTP Server" "logresolve" -.SH NAME -logresolve \- Resolve IP-addresses to hostnames in Apache log files +.SH NAME +logresolve \- Resolve IP-addresses to hostnames in Apache log files -.SH "SYNOPSIS" -  -.PP -\fB\fBlogresolve\fR [ -\fBs\fR \fIfilename\fR ] [ -\fBc\fR ] < \fIaccess_log\fR > \fIaccess_log\&.new\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBlogresolve\fR [ -\fBs\fR \fIfilename\fR ] [ -\fBc\fR ] < \fIaccess_log\fR > \fIaccess_log\&.new\fR\fR + -.SH "SUMMARY" -  -.PP -\fBlogresolve\fR is a post-processing program to resolve IP-addresses in Apache's access logfiles\&. To minimize impact on your nameserver, logresolve has its very own internal hash-table cache\&. This means that each IP number will only be looked up the first time it is found in the log file\&. -  -.PP -Takes an Apache log file on standard input\&. The IP addresses must be the first thing on each line and must be separated from the remainder of the line by a space\&. -  +.SH "SUMMARY" + +.PP +\fBlogresolve\fR is a post-processing program to resolve IP-addresses in Apache's access logfiles\&. To minimize impact on your nameserver, logresolve has its very own internal hash-table cache\&. This means that each IP number will only be looked up the first time it is found in the log file\&. + +.PP +Takes an Apache log file on standard input\&. The IP addresses must be the first thing on each line and must be separated from the remainder of the line by a space\&. + -.SH "OPTIONS" -  -  -.TP -\fB-s \fIfilename\fR\fR -Specifies a filename to record statistics\&.   -.TP -\fB-c\fR -This causes \fBlogresolve\fR to apply some DNS checks: after finding the hostname from the IP address, it looks up the IP addresses for the hostname and checks that one of these matches the original address\&.   -  +.SH "OPTIONS" + + +.TP +\fB-s \fIfilename\fR\fR +Specifies a filename to record statistics\&. +.TP +\fB-c\fR +This causes \fBlogresolve\fR to apply some DNS checks: after finding the hostname from the IP address, it looks up the IP addresses for the hostname and checks that one of these matches the original address\&. + diff --git a/docs/man/rotatelogs.8 b/docs/man/rotatelogs.8 index 319a85c859..2959155e65 100644 --- a/docs/man/rotatelogs.8 +++ b/docs/man/rotatelogs.8 @@ -1,180 +1,180 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "ROTATELOGS" 8 "@date@" "Apache HTTP Server" "rotatelogs" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "ROTATELOGS" 8 "2018-09-27" "Apache HTTP Server" "rotatelogs" -.SH NAME -rotatelogs \- Piped logging program to rotate Apache logs +.SH NAME +rotatelogs \- Piped logging program to rotate Apache logs -.SH "SYNOPSIS" -  -.PP -\fB\fBrotatelogs\fR [ -\fBl\fR ] [ -\fBL\fR \fIlinkname\fR ] [ -\fBp\fR \fIprogram\fR ] [ -\fBf\fR ] [ -\fBD\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBe\fR ] [ -\fBc\fR ] [ -\fBn\fR \fInumber-of-files\fR ] \fIlogfile\fR \fIrotationtime\fR|\fIfilesize\fR(B|K|M|G) [ \fIoffset\fR ]\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBrotatelogs\fR [ -\fBl\fR ] [ -\fBL\fR \fIlinkname\fR ] [ -\fBp\fR \fIprogram\fR ] [ -\fBf\fR ] [ -\fBD\fR ] [ -\fBt\fR ] [ -\fBv\fR ] [ -\fBe\fR ] [ -\fBc\fR ] [ -\fBn\fR \fInumber-of-files\fR ] \fIlogfile\fR \fIrotationtime\fR|\fIfilesize\fR(B|K|M|G) [ \fIoffset\fR ]\fR + -.SH "SUMMARY" -  -.PP -\fBrotatelogs\fR is a simple program for use in conjunction with Apache's piped logfile feature\&. It supports rotation based on a time interval or maximum size of the log\&. -  +.SH "SUMMARY" + +.PP +\fBrotatelogs\fR is a simple program for use in conjunction with Apache's piped logfile feature\&. It supports rotation based on a time interval or maximum size of the log\&. + -.SH "OPTIONS" -  -  -.TP -\fB-l\fR -Causes the use of local time rather than GMT as the base for the interval or for \fBstrftime(3)\fR formatting with size-based rotation\&.   -.TP -\fB-L\fR \fIlinkname\fR -Causes a hard link to be made from the current logfile to the specified link name\&. This can be used to watch the log continuously across rotations using a command like \fBtail -F linkname\fR\&.   -.TP -\fB-p\fR \fIprogram\fR -If given, \fBrotatelogs\fR will execute the specified program every time a new log file is opened\&. The filename of the newly opened file is passed as the first argument to the program\&. If executing after a rotation, the old log file is passed as the second argument\&. \fBrotatelogs\fR does not wait for the specified program to terminate before continuing to operate, and will not log any error code returned on termination\&. The spawned program uses the same stdin, stdout, and stderr as rotatelogs itself, and also inherits the environment\&.   -.TP -\fB-f\fR -Causes the logfile to be opened immediately, as soon as \fBrotatelogs\fR starts, instead of waiting for the first logfile entry to be read (for non-busy sites, there may be a substantial delay between when the server is started and when the first request is handled, meaning that the associated logfile does not "exist" until then, which causes problems from some automated logging tools)   -.TP -\fB-D\fR -Creates the parent directories of the path that the log file will be placed in if they do not already exist\&. This allows \fBstrftime(3)\fR formatting to be used in the path and not just the filename\&.   -.TP -\fB-t\fR -Causes the logfile to be truncated instead of rotated\&. This is useful when a log is processed in real time by a command like tail, and there is no need for archived data\&. No suffix will be added to the filename, however format strings containing '%' characters will be respected\&.   -.TP -\fB-v\fR -Produce verbose output on STDERR\&. The output contains the result of the configuration parsing, and all file open and close actions\&.   -.TP -\fB-e\fR -Echo logs through to stdout\&. Useful when logs need to be further processed in real time by a further tool in the chain\&.   -.TP -\fB-c\fR -Create log file for each interval, even if empty\&.   -.TP -\fB-n \fInumber-of-files\fR\fR -Use a circular list of filenames without timestamps\&. With -n 3, the series of log files opened would be "logfile", "logfile\&.1", "logfile\&.2", then overwriting "logfile"\&. Available in 2\&.4\&.5 and later\&.   -.TP -\fB\fIlogfile\fR\fR -.PP The path plus basename of the logfile\&. If \fIlogfile\fR includes any '%' characters, it is treated as a format string for \fBstrftime(3)\fR\&. Otherwise, the suffix \fI\&.nnnnnnnnnn\fR is automatically added and is the time in seconds (unless the -t option is used)\&. Both formats compute the start time from the beginning of the current period\&. For example, if a rotation time of 86400 is specified, the hour, minute, and second fields created from the \fBstrftime(3)\fR format will all be zero, referring to the beginning of the current 24-hour period (midnight)\&. .PP When using \fBstrftime(3)\fR filename formatting, be sure the log file format has enough granularity to produce a different file name each time the logs are rotated\&. Otherwise rotation will overwrite the same file instead of starting a new one\&. For example, if \fIlogfile\fR was \fB/var/log/errorlog\&.%Y-%m-%d\fR with log rotation at 5 megabytes, but 5 megabytes was reached twice in the same day, the same log file name would be produced and log rotation would keep writing to the same file\&.   -.TP -\fB\fIrotationtime\fR\fR -The time between log file rotations in seconds\&. The rotation occurs at the beginning of this interval\&. For example, if the rotation time is 3600, the log file will be rotated at the beginning of every hour; if the rotation time is 86400, the log file will be rotated every night at midnight\&. (If no data is logged during an interval, no file will be created\&.)   -.TP -\fB\fIfilesize\fR(B|K|M|G)\fR -The maximum file size in followed by exactly one of the letters \fBB\fR (Bytes), \fBK\fR (KBytes), \fBM\fR (MBytes) or \fBG\fR (GBytes)\&. .PP When time and size are specified, the size must be given after the time\&. Rotation will occur whenever either time or size limits are reached\&.   -.TP -\fB\fIoffset\fR\fR -The number of minutes offset from UTC\&. If omitted, zero is assumed and UTC is used\&. For example, to use local time in the zone UTC -5 hours, specify a value of \fB-300\fR for this argument\&. In most cases, \fB-l\fR should be used instead of specifying an offset\&.   -  -.SH "EXAMPLES" -  -.nf +.SH "OPTIONS" + + +.TP +\fB-l\fR +Causes the use of local time rather than GMT as the base for the interval or for \fBstrftime(3)\fR formatting with size-based rotation\&. +.TP +\fB-L\fR \fIlinkname\fR +Causes a hard link to be made from the current logfile to the specified link name\&. This can be used to watch the log continuously across rotations using a command like \fBtail -F linkname\fR\&. +.TP +\fB-p\fR \fIprogram\fR +If given, \fBrotatelogs\fR will execute the specified program every time a new log file is opened\&. The filename of the newly opened file is passed as the first argument to the program\&. If executing after a rotation, the old log file is passed as the second argument\&. \fBrotatelogs\fR does not wait for the specified program to terminate before continuing to operate, and will not log any error code returned on termination\&. The spawned program uses the same stdin, stdout, and stderr as rotatelogs itself, and also inherits the environment\&. +.TP +\fB-f\fR +Causes the logfile to be opened immediately, as soon as \fBrotatelogs\fR starts, instead of waiting for the first logfile entry to be read (for non-busy sites, there may be a substantial delay between when the server is started and when the first request is handled, meaning that the associated logfile does not "exist" until then, which causes problems from some automated logging tools) +.TP +\fB-D\fR +Creates the parent directories of the path that the log file will be placed in if they do not already exist\&. This allows \fBstrftime(3)\fR formatting to be used in the path and not just the filename\&. +.TP +\fB-t\fR +Causes the logfile to be truncated instead of rotated\&. This is useful when a log is processed in real time by a command like tail, and there is no need for archived data\&. No suffix will be added to the filename, however format strings containing '%' characters will be respected\&. +.TP +\fB-v\fR +Produce verbose output on STDERR\&. The output contains the result of the configuration parsing, and all file open and close actions\&. +.TP +\fB-e\fR +Echo logs through to stdout\&. Useful when logs need to be further processed in real time by a further tool in the chain\&. +.TP +\fB-c\fR +Create log file for each interval, even if empty\&. +.TP +\fB-n \fInumber-of-files\fR\fR +Use a circular list of filenames without timestamps\&. With -n 3, the series of log files opened would be "logfile", "logfile\&.1", "logfile\&.2", then overwriting "logfile"\&. Available in 2\&.4\&.5 and later\&. +.TP +\fB\fIlogfile\fR\fR +.PP The path plus basename of the logfile\&. If \fIlogfile\fR includes any '%' characters, it is treated as a format string for \fBstrftime(3)\fR\&. Otherwise, the suffix \fI\&.nnnnnnnnnn\fR is automatically added and is the time in seconds (unless the -t option is used)\&. Both formats compute the start time from the beginning of the current period\&. For example, if a rotation time of 86400 is specified, the hour, minute, and second fields created from the \fBstrftime(3)\fR format will all be zero, referring to the beginning of the current 24-hour period (midnight)\&. .PP When using \fBstrftime(3)\fR filename formatting, be sure the log file format has enough granularity to produce a different file name each time the logs are rotated\&. Otherwise rotation will overwrite the same file instead of starting a new one\&. For example, if \fIlogfile\fR was \fB/var/log/errorlog\&.%Y-%m-%d\fR with log rotation at 5 megabytes, but 5 megabytes was reached twice in the same day, the same log file name would be produced and log rotation would keep writing to the same file\&. +.TP +\fB\fIrotationtime\fR\fR +The time between log file rotations in seconds\&. The rotation occurs at the beginning of this interval\&. For example, if the rotation time is 3600, the log file will be rotated at the beginning of every hour; if the rotation time is 86400, the log file will be rotated every night at midnight\&. (If no data is logged during an interval, no file will be created\&.) +.TP +\fB\fIfilesize\fR(B|K|M|G)\fR +The maximum file size in followed by exactly one of the letters \fBB\fR (Bytes), \fBK\fR (KBytes), \fBM\fR (MBytes) or \fBG\fR (GBytes)\&. .PP When time and size are specified, the size must be given after the time\&. Rotation will occur whenever either time or size limits are reached\&. +.TP +\fB\fIoffset\fR\fR +The number of minutes offset from UTC\&. If omitted, zero is assumed and UTC is used\&. For example, to use local time in the zone UTC -5 hours, specify a value of \fB-300\fR for this argument\&. In most cases, \fB-l\fR should be used instead of specifying an offset\&. + +.SH "EXAMPLES" + +.nf -     CustomLog "|bin/rotatelogs /var/log/logfile 86400" common + CustomLog "|bin/rotatelogs /var/log/logfile 86400" common -.fi -  -.PP -This creates the files /var/log/logfile\&.nnnn where nnnn is the system time at which the log nominally starts (this time will always be a multiple of the rotation time, so you can synchronize cron scripts with it)\&. At the end of each rotation time (here after 24 hours) a new log is started\&. -  -.nf +.fi + +.PP +This creates the files /var/log/logfile\&.nnnn where nnnn is the system time at which the log nominally starts (this time will always be a multiple of the rotation time, so you can synchronize cron scripts with it)\&. At the end of each rotation time (here after 24 hours) a new log is started\&. + +.nf -     CustomLog "|bin/rotatelogs -l /var/log/logfile\&.%Y\&.%m\&.%d 86400" common + CustomLog "|bin/rotatelogs -l /var/log/logfile\&.%Y\&.%m\&.%d 86400" common -.fi -  -.PP -This creates the files /var/log/logfile\&.yyyy\&.mm\&.dd where yyyy is the year, mm is the month, and dd is the day of the month\&. Logging will switch to a new file every day at midnight, local time\&. -  -.nf +.fi + +.PP +This creates the files /var/log/logfile\&.yyyy\&.mm\&.dd where yyyy is the year, mm is the month, and dd is the day of the month\&. Logging will switch to a new file every day at midnight, local time\&. + +.nf -     CustomLog "|bin/rotatelogs /var/log/logfile 5M" common + CustomLog "|bin/rotatelogs /var/log/logfile 5M" common -.fi -  -.PP -This configuration will rotate the logfile whenever it reaches a size of 5 megabytes\&. -  -.nf +.fi + +.PP +This configuration will rotate the logfile whenever it reaches a size of 5 megabytes\&. + +.nf -     ErrorLog "|bin/rotatelogs /var/log/errorlog\&.%Y-%m-%d-%H_%M_%S 5M" + ErrorLog "|bin/rotatelogs /var/log/errorlog\&.%Y-%m-%d-%H_%M_%S 5M" -.fi -  -.PP -This configuration will rotate the error logfile whenever it reaches a size of 5 megabytes, and the suffix to the logfile name will be created of the form \fBerrorlog\&.YYYY-mm-dd-HH_MM_SS\fR\&. -  -.nf +.fi + +.PP +This configuration will rotate the error logfile whenever it reaches a size of 5 megabytes, and the suffix to the logfile name will be created of the form \fBerrorlog\&.YYYY-mm-dd-HH_MM_SS\fR\&. + +.nf -     CustomLog "|bin/rotatelogs -t /var/log/logfile 86400" common + CustomLog "|bin/rotatelogs -t /var/log/logfile 86400" common -.fi -  -.PP -This creates the file /var/log/logfile, truncating the file at startup and then truncating the file once per day\&. It is expected in this scenario that a separate process (such as tail) would process the file in real time\&. -  -.SH "PORTABILITY" -  -.PP -The following logfile format string substitutions should be supported by all \fBstrftime(3)\fR implementations, see the \fBstrftime(3)\fR man page for library-specific extensions\&. -   -.Ip "\(bu \s-1\fB%A\fR\s0 \- full weekday name (localized) -  -.Ip "\(bu \s-1\fB%a\fR\s0 \- 3-character weekday name (localized) -  -.Ip "\(bu \s-1\fB%B\fR\s0 \- full month name (localized) -  -.Ip "\(bu \s-1\fB%b\fR\s0 \- 3-character month name (localized) -  -.Ip "\(bu \s-1\fB%c\fR\s0 \- date and time (localized) -  -.Ip "\(bu \s-1\fB%d\fR\s0 \- 2-digit day of month -  -.Ip "\(bu \s-1\fB%H\fR\s0 \- 2-digit hour (24 hour clock) -  -.Ip "\(bu \s-1\fB%I\fR\s0 \- 2-digit hour (12 hour clock) -  -.Ip "\(bu \s-1\fB%j\fR\s0 \- 3-digit day of year -  -.Ip "\(bu \s-1\fB%M\fR\s0 \- 2-digit minute -  -.Ip "\(bu \s-1\fB%m\fR\s0 \- 2-digit month -  -.Ip "\(bu \s-1\fB%p\fR\s0 \- am/pm of 12 hour clock (localized) -  -.Ip "\(bu \s-1\fB%S\fR\s0 \- 2-digit second -  -.Ip "\(bu \s-1\fB%U\fR\s0 \- 2-digit week of year (Sunday first day of week) -  -.Ip "\(bu \s-1\fB%W\fR\s0 \- 2-digit week of year (Monday first day of week) -  -.Ip "\(bu \s-1\fB%w\fR\s0 \- 1-digit weekday (Sunday first day of week) -  -.Ip "\(bu \s-1\fB%X\fR\s0 \- time (localized) -  -.Ip "\(bu \s-1\fB%x\fR\s0 \- date (localized) -  -.Ip "\(bu \s-1\fB%Y\fR\s0 \- 4-digit year -  -.Ip "\(bu \s-1\fB%y\fR\s0 \- 2-digit year -  -.Ip "\(bu \s-1\fB%Z\fR\s0 \- time zone name -  -.Ip "\(bu \s-1\fB%%\fR\s0 \- literal `%' -   +.fi + +.PP +This creates the file /var/log/logfile, truncating the file at startup and then truncating the file once per day\&. It is expected in this scenario that a separate process (such as tail) would process the file in real time\&. + +.SH "PORTABILITY" + +.PP +The following logfile format string substitutions should be supported by all \fBstrftime(3)\fR implementations, see the \fBstrftime(3)\fR man page for library-specific extensions\&. + +.Ip "\(bu \s-1\fB%A\fR\s0 \- full weekday name (localized) + +.Ip "\(bu \s-1\fB%a\fR\s0 \- 3-character weekday name (localized) + +.Ip "\(bu \s-1\fB%B\fR\s0 \- full month name (localized) + +.Ip "\(bu \s-1\fB%b\fR\s0 \- 3-character month name (localized) + +.Ip "\(bu \s-1\fB%c\fR\s0 \- date and time (localized) + +.Ip "\(bu \s-1\fB%d\fR\s0 \- 2-digit day of month + +.Ip "\(bu \s-1\fB%H\fR\s0 \- 2-digit hour (24 hour clock) + +.Ip "\(bu \s-1\fB%I\fR\s0 \- 2-digit hour (12 hour clock) + +.Ip "\(bu \s-1\fB%j\fR\s0 \- 3-digit day of year + +.Ip "\(bu \s-1\fB%M\fR\s0 \- 2-digit minute + +.Ip "\(bu \s-1\fB%m\fR\s0 \- 2-digit month + +.Ip "\(bu \s-1\fB%p\fR\s0 \- am/pm of 12 hour clock (localized) + +.Ip "\(bu \s-1\fB%S\fR\s0 \- 2-digit second + +.Ip "\(bu \s-1\fB%U\fR\s0 \- 2-digit week of year (Sunday first day of week) + +.Ip "\(bu \s-1\fB%W\fR\s0 \- 2-digit week of year (Monday first day of week) + +.Ip "\(bu \s-1\fB%w\fR\s0 \- 1-digit weekday (Sunday first day of week) + +.Ip "\(bu \s-1\fB%X\fR\s0 \- time (localized) + +.Ip "\(bu \s-1\fB%x\fR\s0 \- date (localized) + +.Ip "\(bu \s-1\fB%Y\fR\s0 \- 4-digit year + +.Ip "\(bu \s-1\fB%y\fR\s0 \- 2-digit year + +.Ip "\(bu \s-1\fB%Z\fR\s0 \- time zone name + +.Ip "\(bu \s-1\fB%%\fR\s0 \- literal `%' + diff --git a/docs/man/suexec.8 b/docs/man/suexec.8 index 640fb22604..e879caa2fd 100644 --- a/docs/man/suexec.8 +++ b/docs/man/suexec.8 @@ -1,48 +1,48 @@ -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.\" DO NOT EDIT! Generated from XML source. -.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "SUEXEC" 8 "@date@" "Apache HTTP Server" "suexec" +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.\" DO NOT EDIT! Generated from XML source. +.\" XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "SUEXEC" 8 "2018-09-27" "Apache HTTP Server" "suexec" -.SH NAME -suexec \- Switch user before executing external programs +.SH NAME +suexec \- Switch user before executing external programs -.SH "SYNOPSIS" -  -.PP -\fB\fBsuexec\fR -\fBV\fR\fR -  +.SH "SYNOPSIS" + +.PP +\fB\fBsuexec\fR -\fBV\fR\fR + -.SH "SUMMARY" -  -.PP -\fBsuexec\fR is used by the Apache HTTP Server to switch to another user before executing CGI programs\&. In order to achieve this, it must run as \fBroot\fR\&. Since the HTTP daemon normally doesn't run as \fBroot\fR, the \fBsuexec\fR executable needs the setuid bit set and must be owned by \fBroot\fR\&. It should never be writable for any other person than \fBroot\fR\&. -  -.PP -For further information about the concepts and the security model of suexec please refer to the suexec documentation (http://httpd\&.apache\&.org/docs/trunk/suexec\&.html)\&. -  +.SH "SUMMARY" + +.PP +\fBsuexec\fR is used by the Apache HTTP Server to switch to another user before executing CGI programs\&. In order to achieve this, it must run as \fBroot\fR\&. Since the HTTP daemon normally doesn't run as \fBroot\fR, the \fBsuexec\fR executable needs the setuid bit set and must be owned by \fBroot\fR\&. It should never be writable for any other person than \fBroot\fR\&. + +.PP +For further information about the concepts and the security model of suexec please refer to the suexec documentation (http://httpd\&.apache\&.org/docs/trunk/suexec\&.html)\&. + -.SH "OPTIONS" -  -  -.TP -\fB-V\fR -If you are \fBroot\fR, this option displays the compile options of \fBsuexec\fR\&. For security reasons all configuration options are changeable only at compile time\&.   -  +.SH "OPTIONS" + + +.TP +\fB-V\fR +If you are \fBroot\fR, this option displays the compile options of \fBsuexec\fR\&. For security reasons all configuration options are changeable only at compile time\&. + |