You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by mc 02 <mc...@mail.com> on 2003/07/30 05:58:02 UTC

[users@httpd] [SPAM?] [users@httpd] Starting httpd as non-root user

This mail is probably spam.  The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future.  See http://spamassassin.org/tag/ for more details.

Content preview:  Hi all, I understand that start httpd as root has its
  security risks. Here my question: 1. How do i go about start and
  restarting apache as a non-root user? Does logging in into a non-root
  user account and starting httpd will do the trick? [...] 

Content analysis details:   (6.00 points, 5 required)
FROM_ENDS_IN_NUMS  (0.7 points)  From: ends in numbers
MSG_ID_ADDED_BY_MTA_2 (0.4 points)  'Message-Id' was added by a relay (2)
RCVD_IN_NJABL      (0.9 points)  RBL: Received via a relay in dnsbl.njabl.org
                   [RBL check: found 4.18.160.202.dnsbl.njabl.org.]
RCVD_IN_OSIRUSOFT_COM (0.6 points)  RBL: Received via a relay in relays.osirusoft.com
                   [RBL check: found 4.18.160.202.relays.osirusoft.com.]
X_OSIRU_OPEN_RELAY (2.9 points)  RBL: DNSBL: sender is Confirmed Open Relay
X_NJABL_OPEN_PROXY (0.5 points)  RBL: NJABL: sender is proxy/relay/formmail/spam-source

Re: [users@httpd] Starting httpd as non-root user

Posted by Aaron Morris <aa...@mindspring.com>.
Even though you may start Apache as root, the child processes normally 
do not run as root;  they usually run as nobody or another non-root 
service account (check out the User and Group directives).  Starting as 
root is necessary if you want to run the server on ports lower than 1024.

1.  You can log into the account you wish to run Apache as, but this can 
be a security risk.  The user that runs services should not be able to 
be logged into.  Use "su" or "sudo".

2.  You would have to do this with a script.  But someone could always 
run the httpd executable directly.  Setting special permissions on the 
document root or the executable may work.

[overly simplistic] script example:

#!/bin/bash
if [ "$USER" != "apacheuser" ]; then {
	exit 1
} fi
apachectl $1


mc 02 wrote:

> Hi all,
> 
> I understand that start httpd as root has its security risks. Here my question:
> 
> 1. How do i go about start and restarting apache as a non-root user? Does logging in into a non-root 
> user account and starting httpd will do the trick? 
> 
> 2. how do i make sure that only a non-root user is starting the httpd?
> 
> Please advise.
> 
> Thank you in advance
> 
> Regards,
> MC

-- 
Aaron W Morris <aa...@mindspring.com> (decep)




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org