You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by mc 02 <mc...@mail.com> on 2003/07/30 05:58:02 UTC
[users@httpd] [SPAM?] [users@httpd] Starting httpd as non-root user
This mail is probably spam. The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future. See http://spamassassin.org/tag/ for more details.
Content preview: Hi all, I understand that start httpd as root has its
security risks. Here my question: 1. How do i go about start and
restarting apache as a non-root user? Does logging in into a non-root
user account and starting httpd will do the trick? [...]
Content analysis details: (6.00 points, 5 required)
FROM_ENDS_IN_NUMS (0.7 points) From: ends in numbers
MSG_ID_ADDED_BY_MTA_2 (0.4 points) 'Message-Id' was added by a relay (2)
RCVD_IN_NJABL (0.9 points) RBL: Received via a relay in dnsbl.njabl.org
[RBL check: found 4.18.160.202.dnsbl.njabl.org.]
RCVD_IN_OSIRUSOFT_COM (0.6 points) RBL: Received via a relay in relays.osirusoft.com
[RBL check: found 4.18.160.202.relays.osirusoft.com.]
X_OSIRU_OPEN_RELAY (2.9 points) RBL: DNSBL: sender is Confirmed Open Relay
X_NJABL_OPEN_PROXY (0.5 points) RBL: NJABL: sender is proxy/relay/formmail/spam-source
Re: [users@httpd] Starting httpd as non-root user
Posted by Aaron Morris <aa...@mindspring.com>.
Even though you may start Apache as root, the child processes normally
do not run as root; they usually run as nobody or another non-root
service account (check out the User and Group directives). Starting as
root is necessary if you want to run the server on ports lower than 1024.
1. You can log into the account you wish to run Apache as, but this can
be a security risk. The user that runs services should not be able to
be logged into. Use "su" or "sudo".
2. You would have to do this with a script. But someone could always
run the httpd executable directly. Setting special permissions on the
document root or the executable may work.
[overly simplistic] script example:
#!/bin/bash
if [ "$USER" != "apacheuser" ]; then {
exit 1
} fi
apachectl $1
mc 02 wrote:
> Hi all,
>
> I understand that start httpd as root has its security risks. Here my question:
>
> 1. How do i go about start and restarting apache as a non-root user? Does logging in into a non-root
> user account and starting httpd will do the trick?
>
> 2. how do i make sure that only a non-root user is starting the httpd?
>
> Please advise.
>
> Thank you in advance
>
> Regards,
> MC
--
Aaron W Morris <aa...@mindspring.com> (decep)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org