Re: [users@httpd] RE: failure notice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
If the UID of the apache process somehow gets compromised, it would be better to have that account running as a non-privileged account than as root. At least then the UID is somewhat confined to the account's access restrictions, rather than have access to the entire file system as root.
-Victor
On 4/5/06, Amalan, S <Sountharanayaga.Amalan@xxxxxxxxxxxx> wrote:
Thanks much. This explains why my installation did not need root
privileges - I was running it on port 1150 or so.
This also brings up the question: is there a reason to set the port to
be below 1024 so that only root can start it up? Is there a downside to
running Apache on a port greater than 1024?
There must have been some reason for designing it in such a way that the
process owner gets dropped from root to a non-zero UID account. I guess
I am confused because if you need to be root to start it up, why should
the process owner be dropped after binding to the privileged port to a
non-zero UID account? And if you weren't root to begin with you wouldn't
be able to startup Apache anyway.
Amalan
--
http://www.victortrac.com
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
