I need to read an environment variable in a ScriptAlias script.
So I have SetEnv directives to set these variables, in the following apache configuration.
<VirtualHost *:80>
ServerName ...
DocumentRoot /srv/www
ServerAlias git
DocumentRoot /srv/www/git-web
<Location />
# Crowd auth
AuthType Basic
AuthName "Git repositories"
AuthBasicProvider crowd
CrowdAppName ...
CrowdAppPassword ...
CrowdURL http://localhost:8080/crowd/
CrowdGroupsEnvName REMOTE_USER_GROUPS
Require valid-user
</Location>
SuexecUserGroup git git
SetEnv GIT_PROJECT_ROOT /home/dev_tools/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GITOLITE_HTTP_HOME /home/dev_tools/git
SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
ScriptAliasMatch "(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}\.(pack|idx)) | git-(upload|receive)-pack))$" /srv/www/gitolite_suexec_wrapper.sh/$1
<Directory /srv/www>
<Files gitolite_suexec_wrapper.sh>
Order allow,deny
Allow from all
</Files>
</Directory>
<Directory "/srv/www/git-web">
Options ExecCGI
AllowOverride None
AddHandler cgi-script .cgi
DirectoryIndex gitweb.cgi
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
In the script I see the environment variable declared in this file, but if I change it (add or remove a SetEnv directive, change one of the value, or add UnsetEnv directives) the shell script sees no change in its environment variables.
When I change the configuration I restart apache2 which indeeds reparse the file I changed (if i write unparseable content in this file apache2 tells me it could not start).
To see the environment in /srv/www/gitolite_suexec_wrapper.sh I use:
#!/bin/bash
printenv >> log_file
The following warning is given in for SetEnv directive:
The internal environment variables set by this directive are set after most early request processing directives are run, such as access control and URI-to-filename mapping. If the environment variable you're setting is meant as input into this early phase of processing such as the RewriteRule directive, you should instead set the environment variable with SetEnvIf.
But I don't think I'm concerced by this warning since my script sees some environment variables and the SetEnv/ScriptAliasMatch is used by multiple tutorials to setup git on a http server.
Does anybody know why my log file is always filled with the same environemnt even when I change my apache2 configuration?
Server version: Apache/2.2.15 (Linux/SUSE)
Server built: 2011-11-29 15:51:01.000000000 +0000
Best Answer
I succeeded in forwarding user variables via suexec by prefixing them with
HTTP_which is in the hardcoded list of authorized environment variables by suexec.I'm quite surprized this is so a hidden behavior, I cannot even find again my sources on google.
Also, I still don't understand why the first values I set for other environment variables are still visible but cannot be changed.
But anyway, fixed my problem.