Thanks much. This explains why my installation did not need root privileges - I was running it on port 1150 or so. This also brings up the question: is there a reason to set the port to be below 1024 so that only root can start it up? Is there a downside to running Apache on a port greater than 1024? There must have been some reason for designing it in such a way that the process owner gets dropped from root to a non-zero UID account. I guess I am confused because if you need to be root to start it up, why should the process owner be dropped after binding to the privileged port to a non-zero UID account? And if you weren't root to begin with you wouldn't be able to startup Apache anyway. Amalan -----Original Message----- From: Ross A. Del Duca [mailto:RDelDuca@xxxxxxxxxxxxx] Sent: Wednesday, April 05, 2006 1:10 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] RE: failure notice The catch is the port. If your server is not listening on standard ports (80 or 443) you can start your server up as any user. However, the privileged ports (1-1024) are generally (always?) restricted so that only UID 0 can create listeners that bind to them. As indicated by a previous post, the general idea is to start up the listener as UID 0, bind to the privileged port, and then drop the process owner to a non-UID 0 account after the bind is successful. On 4/5/06 9:43 AM, "Amalan, S" <Sountharanayaga.Amalan@xxxxxxxxxxxx> wrote: > Not to interrupt an on-going discussion, but I am interested in the > user/group requirements for Apache as well. > > I didn't see anywhere on the Apache website for installation steps that > one needs to be root in order to start or run the Apache server, but I > have heard it from others. So which way is it? > > I have been able to install and run Apache as a regular user with no > root privileges, which is what confuses me when some say the user needs > be root. > > Can anyone explain the requirements for me? > > Thanks much. > Amalan -- Ross A. Del Duca, GCIH Security Officer Infrastructure Architect RDelDuca@xxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|