suEXEC: Add Suexec directive to disable suEXEC without renaming the

binary (Suexec Off), or force startup failure if suEXEC is required
but not supported (Suexec On).  Change SuexecUserGroup to fail 
startup instead of just printing a warning if suEXEC is disabled.

Additionally, ap_unixd_config.suexec_disabled_reason has a message,
suitable for logging/messaging, explaining why the feature isn't
available.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1033519 13f79535-47bb-0310-9956-ffa450edef68

docs/manual/mod/mod_suexec.xml

@@ -62,8 +62,11 @@ later.</compatibility>
     SuexecUserGroup nobody nogroup
     </example>
 
+    <p>In Apache httpd 2.3.9 and later, startup will fail if this
+    directive is specified but the suEXEC feature is disabled.</p>
 </usage>
-
+<seealso><directive module="mod_unixd">Suexec</directive></seealso>
 </directivesynopsis>
+
 </modulesynopsis>
 

docs/manual/mod/mod_unixd.xml

@@ -26,6 +26,8 @@
 <description>Basic (required) security for Unix-family platforms.</description>
 <status>Base</status>
 
+<seealso><a href="../suexec.html">suEXEC support</a></seealso>
+
 <directivesynopsis>
 <name>Group</name>
 <description>Group under which the server will answer
@@ -139,4 +141,21 @@ requests</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>Suexec</name>
+<description>Enable or disable the suEXEC feature</description>
+<syntax>Suexec On|Off</syntax>
+<default>On if suexec binary exists with proper owner and mode,
+Off otherwise</default>
+<contextlist><context>server config</context></contextlist>
+<compatibility>Available in Apache httpd 2.3.9 and later</compatibility>
+
+<usage>
+    <p>When On, startup will fail if the suexec binary doesn't exist
+    or has an invalid owner or file mode.</p>
+    <p>When Off, suEXEC will be disabled even if the suexec binary exists
+    and has a valid owner and file mode.</p>
+</usage>
+</directivesynopsis>
+
 </modulesynopsis>