Apple don’t ship suexec for Apache with OS X or OS X Server, but it’s quite simple to install yourself. Here’s how:
1. Check the version of Apache httpd that you have installed.
httpd -v
In 10.4.3, this will show I have version 1.3.33:
Server version: Apache/1.3.33 (Darwin) Server built: Mar 20 2005 15:08:27
2. Grab the source for the corresponding version of Apache httpd and compile it with suexec support, then copy the suexec binary to the expected location. You’ll see in this case I’ve added the sympa install path to the docroot setting, as I’m using this for installing Sympa, which will be covered in a forthcoming post. If you need suexec to work in another docroot, like /Library/WebServer/Documents, then substitute that instead. I don’t think the docroot setting is absolutely required for Sympa, as it gets used via a ScriptAlias, so you probably don’t need to stress about this if you’re using suexec for cgi-bin/fast-cgi scripts.
mkdir -p /usr/local/src cd /usr/local/src curl -O http://apache.planetmirror.com.au/dist/httpd/apache_1.3.33.tar.gz cd apache_1.3.33 ./configure \ --enable-suexec \ --suexec-caller=www \ --suexec-docroot=/usr/local/sympa \ --suexec-safepath="/usr/local/bin:/usr/bin:/bin" make cp src/support/suexec /usr/sbin/ chmod u+s /usr/sbin/suexec
3. Now restart apache with:
apachectl stop apachectl start
and check that you see a line like this in your Apache httpd error log, by default /var/log/httpd/error_log
[Tue Nov 22 11:41:03 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
Done! You now have a working suexec.