Hi all, I manage the Information Security of a major financial institution.
How do I get Apache to run as non-root user? As you can see below, inspite of setting in httpd.conf, Apache is listening on port 8080 as root. I googled around, but could not find a way to start Apache as "apache". Some web pages/emails claim that Apache starts as root, and then switches to user "apache". After connecting to port 8080 using telnet, I do not see any new httpd process created. So, I do not trust these claims. None of the docs is definitive. Why should the program start as root in the first place? Can anyone help me? --Sudhakar #before telnet port 8080 [EMAIL PROTECTED] ~]# !ps ps aux|grep httpd root 19828 0.0 1.9 25996 9996 ? Ss 10:14 0:00 /usr/sbin/httpd apache 19830 0.0 1.0 25996 5628 ? S 10:14 0:00 /usr/sbin/httpd apache 19831 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19832 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19833 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19834 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19835 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19836 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19837 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd root 19906 0.0 0.1 3880 664 pts/2 R+ 10:30 0:00 grep httpd # after telneting to port 8080: [EMAIL PROTECTED] ~]# ps aux|grep httpd root 19828 0.0 1.9 25996 9996 ? Ss 10:14 0:00 /usr/sbin/httpd apache 19830 0.0 1.0 25996 5628 ? S 10:14 0:00 /usr/sbin/httpd apache 19831 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19832 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19833 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19834 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19835 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19836 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd apache 19837 0.0 0.9 25996 4992 ? S 10:14 0:00 /usr/sbin/httpd root 19908 0.0 0.1 3884 668 pts/2 R+ 10:30 0:00 grep httpd [EMAIL PROTECTED] ~]# /etc/http/httpd.conf: # # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to # prevent Apache from glomming onto all bound IP addresses (0.0.0.0) # #Listen 12.34.56.78:80 <http://12.34.56.78/> #Listen 80 Listen 192.168.211.30:8080 #Listen 8080 # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User apache Group apache [EMAIL PROTECTED] ~]# ps aux|grep httpd root 19682 0.0 1.9 26000 10008 ? Ss 09:51 0:00 /usr/sbin/httpd apache 19684 0.0 1.0 26000 5636 ? S 09:51 0:00 /usr/sbin/httpd apache 19685 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd apache 19686 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd apache 19687 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd apache 19688 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd apache 19689 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd apache 19690 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd apache 19691 0.0 0.9 26000 4996 ? S 09:51 0:00 /usr/sbin/httpd root 19729 0.0 0.1 3880 664 pts/2 R+ 10:06 0:00 grep httpd [EMAIL PROTECTED] ~]# netstat -tuwnlpe |grep httpd tcp 0 0 :::80 :::* LISTEN 0 192297 19682/httpd tcp 0 0 :::443 :::* LISTEN 0 192302 19682/httpd [EMAIL PROTECTED] ~]#
