[expert] httpd as root
has anyone had any problem with changing user directive in /etc/httpd/conf/httpd.conf to user and group root, in Mandrake 8.0 ? httpd service can not start if I change the directive to user/group root. any help would be appreciated. -- Best regards, Mulusmailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] httpd as root
It would help to know what version of apache, what your error log says (/var/log/httpd/error_log), and what line(s) in the apache configuration file you are trying to change. Michael -- Michael Viron Registered Linux User #81978 Senior Systems & Administration Consultant Web Spinners, University of West Florida At 10:21 AM 09/10/2001 +0700, Mulus wrote: >has anyone had any problem with changing user directive in >/etc/httpd/conf/httpd.conf to user and group root, in Mandrake 8.0 ? >httpd service can not start if I change the directive to user/group >root. >any help would be appreciated. > > >-- >Best regards, > Mulusmailto:[EMAIL PROTECTED] > > > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] httpd as root
On Monday, Sep 10, 2001, Mulus wrote: > has anyone had any problem with changing user directive in > /etc/httpd/conf/httpd.conf to user and group root, in Mandrake 8.0 ? > httpd service can not start if I change the directive to user/group > root. > any help would be appreciated. Why would you want to do that? That's not a very secure thing to do (which is why it won't let you). -- Paul Cox Kernel: 2.4.7-12.3mdk - Uptime: 2 days 3 hours 59 minutes. Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] httpd as root
changing the httpd user to root is a BAD Idea, it wo0uld give super-user privlidges to processes run as a remote web server connected to your box. don't do it. veery bad luck, much less opening your wallet to every script kiddie in the internet. On Sunday 09 September 2001 23:21, Mulus wrote: > has anyone had any problem with changing user directive in > /etc/httpd/conf/httpd.conf to user and group root, in Mandrake 8.0 ? > httpd service can not start if I change the directive to user/group > root. > any help would be appreciated. Content-Type: text/plain; charset="us-ascii"; name="message.footer" Content-Transfer-Encoding: 8bit Content-Description: Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re[2]: [expert] httpd as root
Hello Michael, Monday, September 10, 2001, 11:18:27 AM, you wrote: MDV> It would help to know what version of apache, what your error log says i installed it from Mandrake 8.0 rpm package. MDV> (/var/log/httpd/error_log), and what line(s) in the apache configuration [root@starwars conf]# service httpd start Starting httpd-perl: Error: Apache has not been designed to serve pages while running as root. There are known race conditions that will allow any local user to read any file on the system. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your src/Configuration file and rebuild the server. It is strongly suggested that you instead modify the User directive in your httpd.conf file to list a non-root user. [FAILED] Starting httpd: Error: Apache has not been designed to serve pages while running as root. There are known race conditions that will allow any local user to read any file on the system. If you still desire to serve pages as root then add -DBIG_SECURITY_HOLE to the EXTRA_CFLAGS line in your src/Configuration file and rebuild the server. It is strongly suggested that you instead modify the User directive in your httpd.conf file to list a non-root user. [FAILED] MDV> file you are trying to change. in /etc/httpd/conf/commonhttpd.conf : ### Common server configuration # User apache Group apache ... do i have to download tgz package, and compile a new apache..? :( -- Best regards, Mulusmailto:[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com