suEXEC: Add Suexec directive to disable suEXEC without renaming the

binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On).  Change SuexecUserGroup to fail 
startup instead of just printing a warning if suEXEC is disabled.

Additionally, ap_unixd_config.suexec_disabled_reason has a message,
suitable for logging/messaging, explaining why the feature isn't
available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1033519 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 19 insertions, 0 deletions

diff --git a/docs/manual/mod/mod_unixd.xml b/docs/manual/mod/mod_unixd.xml
index 257e3edc71..9c8fe0636a 100644
--- a/docs/manual/mod/mod_unixd.xml
+++ b/docs/manual/mod/mod_unixd.xml
@@ -26,6 +26,8 @@
 <description>Basic (required) security for Unix-family platforms.</description>
 <status>Base</status>
 
+<seealso><a href="../suexec.html">suEXEC support</a></seealso>
+
 <directivesynopsis>
 <name>Group</name>
 <description>Group under which the server will answer
@@ -139,4 +141,21 @@ requests</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>Suexec</name>
+<description>Enable or disable the suEXEC feature</description>
+<syntax>Suexec On|Off</syntax>
+<default>On if suexec binary exists with proper owner and mode,
+Off otherwise</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>Available in Apache httpd 2.3.9 and later</compatibility>
+
+<usage>
+    <p>When On, startup will fail if the suexec binary doesn't exist
+    or has an invalid owner or file mode.</p>
+    <p>When Off, suEXEC will be disabled even if the suexec binary exists
+    and has a valid owner and file mode.</p>
+</usage>
+</directivesynopsis>
+
 </modulesynopsis>