Re: Need help in getting apache to run in a non-root account

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Feb 9, 2008 7:47 PM, sudhakar govindavajhala
<sudhakarg79spam@xxxxxxxxx> wrote:
>
>
> Hi all,
>
> I manage the Information Security of a major financial institution.
>
> How do I get Apache to run as non-root user?  As you can see below,
> inspite of setting in httpd.conf, Apache is listening on port 8080 as
> root.
>
> I googled around, but could not find a way to start Apache as "apache".
>  Some web pages/emails claim that Apache starts as root, and then switches
> to user "apache". After connecting to port 8080 using telnet, I do not see
> any new httpd process created.  So, I do not trust these claims.

Apache is a pre-forking server. It keeps a pool of processes available
to serve incoming requests and therefore doesn't need to start new
processes for each new connection. As your process listing shows, all
processes except the master (control) process are running as user
"apache", not as root. These are the processes that do the actual
serving.

>
> None of the docs is definitive. Why should the program start as root in
> the first place?  Can anyone help me?

Apache normally starts as root because it needs root permission to
bind to port 80.

In your case, since you are using a non-privileged port, you can have
the master process run as non-root as well.

The reason the master process is currently running as root is because
you have root privileges when you start it. If you want it to run as a
different user, simply change to that userid before starting the
server. (How you do that depends on your OS.)

Also note, however, that you may need to change file permissions. For
example, if you start the server as the "apache" user, then that user
will need to be able to write to the log directory. Normally, only
root needs to be able to write there.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux