You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by mc 02 <mc...@mail.com> on 2003/07/30 05:58:02 UTC

[users@httpd] Starting httpd as non-root user

Hi all,

I understand that start httpd as root has its security risks. Here my question:

1. How do i go about start and restarting apache as a non-root user? Does logging in into a non-root 
user account and starting httpd will do the trick? 

2. how do i make sure that only a non-root user is starting the httpd?

Please advise.

Thank you in advance

Regards,
MC
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

CareerBuilder.com has over 400,000 jobs. Be smarter about your job search
http://corp.mail.com/careers


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Starting httpd as non-root user

Posted by Aaron Morris <aa...@mindspring.com>.
Even though you may start Apache as root, the child processes normally 
do not run as root;  they usually run as nobody or another non-root 
service account (check out the User and Group directives).  Starting as 
root is necessary if you want to run the server on ports lower than 1024.

1.  You can log into the account you wish to run Apache as, but this can 
be a security risk.  The user that runs services should not be able to 
be logged into.  Use "su" or "sudo".

2.  You would have to do this with a script.  But someone could always 
run the httpd executable directly.  Setting special permissions on the 
document root or the executable may work.

[overly simplistic] script example:

#!/bin/bash
if [ "$USER" != "apacheuser" ]; then {
	exit 1
} fi
apachectl $1


mc 02 wrote:

> Hi all,
> 
> I understand that start httpd as root has its security risks. Here my question:
> 
> 1. How do i go about start and restarting apache as a non-root user? Does logging in into a non-root 
> user account and starting httpd will do the trick? 
> 
> 2. how do i make sure that only a non-root user is starting the httpd?
> 
> Please advise.
> 
> Thank you in advance
> 
> Regards,
> MC

-- 
Aaron W Morris <aa...@mindspring.com> (decep)




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org