Apache starts running as root, and binds to port 80 during initialization. Then to server requests (at least on *nix systems, and the details my very for Apache 2.0 depending on the MPM), it forks itself. The child process then changes it's identity to the non-privileged user. However, since the socket was already created, it can continue to use it.
There is jakarta-commons-sandbox/daemon (http://jakarta.apache.org/commons/sandbox/daemon/index.html) which allows you to do much the same thing for Tomcat. "john-paul delaney" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello List... > > I'm just using the latest release 4.1.24 as my webserver (no apache) with the intention of generating all (or nearly all) content from a back-end db. > > However I'm worried about starting the server and running as root - security issues. How does the apache server use it's own account to run a service below port 1024? And can I do similar for my tomcat setup? > > Any leads much appreciated, > /j-p. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]