Re: AW: Run apache without master [wd-vc]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

As i have seen in my system that master process also binds to port that i have given in my configuration. Then how master process is binding to port 80 ? If i am running my apache other than root user then how can master binds to port 80 ? 
 
If i am running apache as root user then on any port my apache is working but other than root user, i need to give port greater than 1024. 

Thanks
Hemant

On Sep 13, 2017 5:56 PM, "Bremser, Kurt (Allianz Technology GmbH)" <Kurt.Bremser@xxxxxxxxxx> wrote:
Spawning children servers one very important purpose: while the master has to be run as root to bind to the privileged port 80, the child is spawned as the user named in the configuration, reducing security issues by orders of magnitude.
Changing that and running the whole server process (inlcuding spawned cgi scripts etc) as root would be extremely stupid, IMO.

Kurt Bremser
Allianz Technology GmbH

Newton was wrong. There is no gravity. The Earth sucks.
________________________________________
Von: Hemant Chaudhary [hemantdude.chaudhary@gmail.com]
Gesendet: Mittwoch, 13. September 2017 14:03
An: users@xxxxxxxxxxxxxxxx
Betreff: Re: Run apache without master [wd-vc]

Yes true. I want to start only one process and it should not spawn child processes.
In apache, we have master process and then it spawns child. After that child serves requests by client.
My aim is to start master process and it should not spawn child as well as it should serve requests from client.

Thanks
Hemant

On Wed, Sep 13, 2017 at 5:18 PM, Bremser, Kurt (Allianz Technology GmbH) <Kurt.Bremser@xxxxxxxxxx<mailto:Kurt.Bremser@xxxxxxxxxx>> wrote:
In most cases, you can only have ONE process binding to ONE IP-address/port combination. Children of this process will then inherit the socket, which is the way how apache works.

On Linux and BSD, there is the SO_REUSEPORT option that can be set by a listening process, so that other processes can also bind to the socket, and let the OS handle which incoming data ends up where.
If you think about that, it opens the port up for hijacking, as the initial listener process has no idea which other processes might also bind to the port and intercept traffic.

So the apache method of one master process binding to the port and spawning children is the prudent one.

Kurt Bremser
Allianz Technology GmbH

Newton was wrong. There is no gravity. The Earth sucks.
________________________________________
Von: Hemant Chaudhary [hemantdude.chaudhary@gmail.com<mailto:hemantdude.chaudhary@xxxxxxxxx>]
Gesendet: Mittwoch, 13. September 2017 13:29
An: users@xxxxxxxxxxxxxxxx<mailto:users@xxxxxxxxxxxxxxxx>
Betreff: Re: Run apache without master [wd-vc]

Hi

I want to create different processes not forking from parent or anywhere.
It is still okay if parent process is started and parent process will not fork child processes but parent should serve requests.

On Sep 13, 2017 4:47 PM, "Eric Covener" <covener@xxxxxxxxx<mailto:covener@xxxxxxxxx><mailto:covener@gmail.com<mailto:covener@gmail.com>>> wrote:
On Wed, Sep 13, 2017 at 7:09 AM, Hemant Chaudhary
<hemantdude.chaudhary@gmail.com<mailto:hemantdude.chaudhary@xxxxxxxxx><mailto:hemantdude.chaudhary@xxxxxxxxx<mailto:hemantdude.chaudhary@gmail.com>>> wrote:
> Hi,
>
> I want to start my apache without master process means when I will give
> "httpd" command, it should start 5 worker process which has access to
> httpd.conf as well as serve requests.
>
> Is it possible to achieve this ? If yes, then how should to achieve this ?

Not really. Why not just ignore the parent process? The worst thing
that can happen is that it doesn't manage the children, which you're
already losing in this hypothetical setup.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx><mailto:users-unsubscribe@httpd.apache.org<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>>
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx<mailto:users-help@httpd.apache.org><mailto:users-help@httpd.apache.org<mailto:users-help@xxxxxxxxxxxxxxxx>>


Allianz Technology GmbH
1130 Wien, Hietzinger Kai 101-105
FN 365014k, Handelsgericht Wien
UID: ATU 66614737

http://www.allianz.at

********************************************************
Dieses E-Mail und allfaellig daran angeschlossene Anhaenge
enthalten Informationen, die vertraulich und
ausschliesslich fuer den (die) bezeichneten Adressaten
bestimmt sind.
Wenn Sie nicht der genannte Adressat sind, darf dieses
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen
Personen zugaenglich gemacht noch in anderer Weise
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen.

Please note: This email and any files transmitted with it is
intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose
the contents of this communication to others and notify the
sender immediately. Then please delete the email and any
copies of it. Thank you.

********************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx<mailto:users-help@httpd.apache.org>



Allianz Technology GmbH
1130 Wien, Hietzinger Kai 101-105
FN 365014k, Handelsgericht Wien
UID: ATU 66614737

http://www.allianz.at

********************************************************
Dieses E-Mail und allfaellig daran angeschlossene Anhaenge
enthalten Informationen, die vertraulich und
ausschliesslich fuer den (die) bezeichneten Adressaten
bestimmt sind.
Wenn Sie nicht der genannte Adressat sind, darf dieses
E-Mail samt allfaelliger Anhaenge von Ihnen weder anderen
Personen zugaenglich gemacht noch in anderer Weise
verwertet werden.
Wenn Sie nicht der beabsichtigte Empfaenger sind, bitten
wir Sie, dieses E-Mail und saemtliche angeschlossene
Anhaenge zu loeschen.

Please note: This email and any files transmitted with it is
intended only for the named recipients and may contain
confidential and/or privileged information. If you are not the
intended recipient, please do not read, copy, use or disclose
the contents of this communication to others and notify the
sender immediately. Then please delete the email and any
copies of it. Thank you.

********************************************************

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux