You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Warren Beldad <ad...@gmail.com> on 2005/10/12 08:19:22 UTC
[users@httpd] how can I serve pages while running as a root
Hi all,
I am new to this list and also a newbie on apache :-((
I just want to ask on how can I serve pages while running as a root. I know
this is a big security risk, but i really need to run as a root. ex. create
a user, etc...modify the sudoers file still no success.
i found another of this in the list last month but there are no answers.
I change the user to root in httpd.conf and restart the service. "Error,
apache has not been designed to run as a root... If you still desire, add
-DBIG_SECURITY_HOLE to the EXTRA_CFLAGS in src/Configuration file........"
I modify the src/Configuration file:
EXTRA_CFLAGS =-DBIG_SECURITY_HOLE
and then rebuild the server...
./configure --prefix=/usr/local/apache --server-uid=root --server-gid=root
make
make install
and the start apachectl
still fails...the same error.
what should be my possible error?
any help would be greatly appreciated,
warren
Re: [users@httpd] how can I serve pages while running as a root
Posted by Joshua Slive <js...@gmail.com>.
On 10/14/05, Warren Beldad <ad...@gmail.com> wrote:
> what i did is, i really install new FC4 on another harddisk.
> download apache_1.3.33.tar.gz
> tar -xvzf apache_1.3.33.tar.gz
> edit src/Configuration
> EXTRA_CFLAGS=-DBIG_SECURITY_HOLE
>
> ./configure --prefix=/usr/local/apache --server-uid=root --server-gid=root
> make
> make install
> /usr/local/apache/bin/apachectl start
> cannot start, same error.....apache not designed to serve as root...........
> if i change the user in the httpd.conf to another user, ok it can start
> is there any log files that we can trace what's really wrong with this?
It's been so long since I installed 1.3 that I forgot: you can't mix
and match the src/Configuration and ./configure method of configuring
apache. If you use ./configure, you need to actually set the
environment variable EXTRA_CFLAGS (or just CFLAGS) to
-DBIG_SECURITY_HOLE in your shell before running ./configure.
(Alternatively, you can edit src/Configuration.tmpl.) The reason is
that the ./configure script overwrites src/Configuration with default
values before it begins.
But again, you shouldn't be doing this. It's a "bad idea" (tm).
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how can I serve pages while running as a root
Posted by Warren Beldad <ad...@gmail.com>.
what i did is, i really install new FC4 on another harddisk.
download apache_1.3.33.tar.gz
tar -xvzf apache_1.3.33.tar.gz
edit src/Configuration
EXTRA_CFLAGS=-DBIG_SECURITY_HOLE
./configure --prefix=/usr/local/apache --server-uid=root --server-gid=root
make
make install
/usr/local/apache/bin/apachectl start
cannot start, same error.....apache not designed to serve as root...........
if i change the user in the httpd.conf to another user, ok it can start
is there any log files that we can trace what's really wrong with this?
thanks,
warren
On 10/13/05, Joshua Slive <js...@gmail.com> wrote:
>
> On 10/13/05, Warren Beldad <ad...@gmail.com> wrote:
> > thanks for the help,
> > but still it doesn't work. I modify again the src/Configuration and
> rebuild
> > EXTRA_CFLAGS=-DBIG_SECURITY_HOLE
> > (actually the src/Configuration doesnt have the space before the equal,
> just
> > a typo error in my mail)
> > still I got the same error.
>
> Try starting with a fresh install (or, at minimum, starting with a
> "make clean").
>
> > I am creating a NAS like web, just like create users, create
> shares..etc...
> >
> > i have tried modifying the sudoers file but looks like it cannot really
> > perform what i'm expected. just like create user, you need to modify the
> > sudoers file permitting to execute useradd, but what about smbpasswd,
> the
> > shadow, etc...maybe i need more research on this.
> > but if i got the root running, then all my problems seems to be solve
> :-))
> > dont worry about the security, only the root still can access this.
> > I really need your help.
>
> Still a very bad idea. Apache is not designed to run as root, and
> doing so may create many unexpected security problems.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] how can I serve pages while running as a root
Posted by Joshua Slive <js...@gmail.com>.
On 10/13/05, Warren Beldad <ad...@gmail.com> wrote:
> thanks for the help,
> but still it doesn't work. I modify again the src/Configuration and rebuild
> EXTRA_CFLAGS=-DBIG_SECURITY_HOLE
> (actually the src/Configuration doesnt have the space before the equal, just
> a typo error in my mail)
> still I got the same error.
Try starting with a fresh install (or, at minimum, starting with a
"make clean").
> I am creating a NAS like web, just like create users, create shares..etc...
>
> i have tried modifying the sudoers file but looks like it cannot really
> perform what i'm expected. just like create user, you need to modify the
> sudoers file permitting to execute useradd, but what about smbpasswd, the
> shadow, etc...maybe i need more research on this.
> but if i got the root running, then all my problems seems to be solve :-))
> dont worry about the security, only the root still can access this.
> I really need your help.
Still a very bad idea. Apache is not designed to run as root, and
doing so may create many unexpected security problems.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how can I serve pages while running as a root
Posted by Warren Beldad <ad...@gmail.com>.
thanks for the help,
but still it doesn't work. I modify again the src/Configuration and rebuild
EXTRA_CFLAGS=-DBIG_SECURITY_HOLE
(actually the src/Configuration doesnt have the space before the equal, just
a typo error in my mail)
still I got the same error.
I am creating a NAS like web, just like create users, create shares..etc...
i have tried modifying the sudoers file but looks like it cannot really
perform what i'm expected. just like create user, you need to modify the
sudoers file permitting to execute useradd, but what about smbpasswd, the
shadow, etc...maybe i need more research on this.
but if i got the root running, then all my problems seems to be solve :-))
dont worry about the security, only the root still can access this.
I really need your help.
have patience with my english,
warren
On 10/12/05, Joshua Slive <js...@gmail.com> wrote:
>
> On 10/12/05, Warren Beldad <ad...@gmail.com> wrote:
> > Hi all,
> >
> > I am new to this list and also a newbie on apache :-((
> > I just want to ask on how can I serve pages while running as a root. I
> know
> > this is a big security risk, but i really need to run as a root. ex.
> create
> > a user, etc...modify the sudoers file still no success.
> > i found another of this in the list last month but there are no answers.
>
> You really don't want to do this. If you are having a problem with
> sudo, then you should look into how to fix that problem. Running
> apache as root is a very bad idea.
>
> > I change the user to root in httpd.conf and restart the service. "Error,
> > apache has not been designed to run as a root... If you still desire,
> add
> > -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS in src/Configuration
> file........"
> > I modify the src/Configuration file:
> > EXTRA_CFLAGS =-DBIG_SECURITY_HOLE
>
> It looks to me like you have an extra space before the equals sign
> that shouldn't be there.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] how can I serve pages while running as a root
Posted by Joshua Slive <js...@gmail.com>.
On 10/12/05, Warren Beldad <ad...@gmail.com> wrote:
> Hi all,
>
> I am new to this list and also a newbie on apache :-((
> I just want to ask on how can I serve pages while running as a root. I know
> this is a big security risk, but i really need to run as a root. ex. create
> a user, etc...modify the sudoers file still no success.
> i found another of this in the list last month but there are no answers.
You really don't want to do this. If you are having a problem with
sudo, then you should look into how to fix that problem. Running
apache as root is a very bad idea.
> I change the user to root in httpd.conf and restart the service. "Error,
> apache has not been designed to run as a root... If you still desire, add
> -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS in src/Configuration file........"
> I modify the src/Configuration file:
> EXTRA_CFLAGS =-DBIG_SECURITY_HOLE
It looks to me like you have an extra space before the equals sign
that shouldn't be there.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org