How do I get Apache to run as non-root user? As you can see below,
inspite of setting in httpd.conf, Apache is listening on port 8080 as
root.
I googled around, but could not find a way to start Apache as "apache".
Some web pages/emails claim that Apache starts as root, and then switches
to user "apache". After connecting to port 8080 using telnet, I do not see
any new httpd process created. So, I do not trust these claims.
None of the docs is definitive. Why should the program start as root in
the first place? Can anyone help me?
--Sudhakar
#before telnet port 8080
[root@localhost ~]# !ps
ps aux|grep httpd
root 19828 0.0 1.9 25996 9996 ? Ss 10:14 0:00
/usr/sbin/httpd
apache 19830 0.0 1.0 25996 5628 ? S 10:14 0:00
/usr/sbin/httpd
apache 19831 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19832 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19833 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19834 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19835 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19836 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19837 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
root 19906 0.0 0.1 3880 664 pts/2 R+ 10:30 0:00 grep
httpd
# after telneting to port 8080:
[root@localhost ~]# ps aux|grep httpd
root 19828 0.0 1.9 25996 9996 ? Ss 10:14 0:00
/usr/sbin/httpd
apache 19830 0.0 1.0 25996 5628 ? S 10:14 0:00
/usr/sbin/httpd
apache 19831 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19832 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19833 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19834 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19835 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19836 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
apache 19837 0.0 0.9 25996 4992 ? S 10:14 0:00
/usr/sbin/httpd
root 19908 0.0 0.1 3884 668 pts/2 R+ 10:30 0:00 grep
httpd
[root@localhost ~]#
/etc/http/httpd.conf:
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, in addition to the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (
0.0.0.0)
#
#Listen
12.34.56.78:80
#Listen 80
Listen
192.168.211.30:8080#Listen 8080
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
[root@localhost ~]# ps aux|grep httpd
root 19682 0.0 1.9 26000 10008 ? Ss 09:51 0:00
/usr/sbin/httpd
apache 19684 0.0 1.0 26000 5636 ? S 09:51 0:00
/usr/sbin/httpd
apache 19685 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
apache 19686 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
apache 19687 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
apache 19688 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
apache 19689 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
apache 19690 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
apache 19691 0.0 0.9 26000 4996 ? S 09:51 0:00
/usr/sbin/httpd
root 19729 0.0 0.1 3880 664 pts/2 R+ 10:06 0:00 grep
httpd
[root@localhost ~]# netstat -tuwnlpe |grep httpd
tcp 0 0 :::80 :::*
LISTEN 0 192297 19682/httpd
tcp 0 0 :::443 :::*
LISTEN 0 192302 19682/httpd
[root@localhost ~]#
