Apache port 80 to 80xx

I had apache 1.3.9 with redhat 6.0. It is working fine with port 80 ( I use root login and install from /usr/local/apache)

It works fine. However, I would like to change to install a new one with less access, such that using www user. with uid 500 group. (Plan to have 8090)

I know that I can not work with port under 1024 if there is not a root.

So how can I show

http://aaa.bbb.com.sg instead of

(If I use www user to install my apache)
Can I use Virtual host ?
Can I use listen port ?
Who is Participating?
munsieConnect With a Mentor Commented:
well, it looks like you have a couple of things here...

if all you are doing is trying to make apache run under something besides root, your mostly there already.

by default, apache will not keep root when it starts up.  It only uses root to bind to the listen port.  It then switches to the specified user in the configuration file.  Look for the User and Group directives in your config files.  On my default RH6.1 install, User and Group are set to nobody.  And a quick look with ps -ef shows that only the first httpd is running as root.. the rest are all nobody/nobody.

If you want to change the user/group, just enter the name or number of the user and group in the above fields and restart the server.

Now, if you still want to run another server on port 8090, you can add a Listen directive to your config files.  Just look for the Listen 80 thats already there and on the next line put in a Listen 8090.  This will cause apache to listen and reply on both ports.

If you want to run two separate servers, one on 80, one on 8090, you need to create a new directory of configuration files, and start another copy of apache.  But typically, you shouldn't need to do this, because the security measures built in to Apache prevent most problems you would encounter.

good luck,
edmundliAuthor Commented:

I got some feedback. I am using apache installed with root and running on port 80. (For my first apache web server). Afterward, I am planning to build a new apache with more secuity issue. I will go some user like www, and group www as my apache. As I know that only root user has the right to use port under 1024. As as result I can not use port 80. Am I right ?

Since I did build a web site under my first apache (installed by root) eg.

(ip address

But Now I will rebuild a new apache with new machine by using www user and www group. of course this is not a root user, As a result I can not start port 80. I have to start it above 1024 let say 8090. (

Afterward, I will use DNS to chnage the web server ip address to

The question is :

Can I use http://xxx.yyy.zzzz in my new web server ?

I can try

Am I correct ?
ok, i might have missed something here, so bear with me.

your first apache server, the one running on port 80, was started as root.  But after apache starts, it binds to port 80, and then all of the server processes run as the user/group specified in the config file.  The only process that remains as root, is the initial process, which is used to start up new servers if needed (which is why it stays root).

You can run as www under port 80 by changing the config file.

As for running on the other port, unless you do some fancy port redirection at your router/gateway, clients will have to refer to your machine as http://your.hostname.com:8090/  This is mildly annoying, as most users never see a port number with other web sites.

Is there another reason that you want to listen on port 8090?  Or is it just so you don't have to start the server as root?

I would honestly recommend that you start the server as root, have apache change it's user/group id and run it on port 80, unless you have other reasons for using another port (security by obscurity comes to mind, but it's not a good strategy).

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

edmundliAuthor Commented:
Dear Dennis,

For your point:
Is there another reason that you want to listen on port 8090?  Or is it just so you don't                    have to start the server as root?

I would honestly recommend that you start the server as root, have apache change it's
user/group id and run it on port 80, unless you have other reasons for using another port
(security by obscurity comes to mind, but it's not a good strategy).

There is no special reason to run as port 8090 at all this is just a example.

From your recommenation,

I will login as root and uncompress, configure, make , make all in /usr/local/apache ?

If I use user www with group www and group id let say 505 then login as www and install .....

Can I do this by using port 80 ?

Can you recommend me steps by steps to do this ? I will follow your steps since I am new learner of apache web

Best Regards

well, the easiest way to install apache under RedHat is via the RPMs.  On my box, Apache is running as user nobody group nodody, which is the safest user/group you can run with.  Go to ftp.redhat.com, and download the apache RPM for your distribution, or you can use your original instalation disc.

to install Apache via the rpm, do the following as root:

rpm --install apache.rpm

where apache.rpm is the name of the RPM file for Apache.

After you do this, Apache will automatically be configured to startup, and will run as user nobody, group nobody.  The html documents will go in /home/httpd/htdocs, the cgi's in /home/httpd/cgi-bin.

If you need to change any other configuration, go to /etc/httpd and edit the configuration files there.  To reread the configuration, type /etc/rc.d/init.d/httpd start

You can verify that you are not running as root by doing a ps -ef | grep httpd.

Only the first process should be root, all others will be nobody.

You shouldn't need a www user, because nobody is going to have less privaleges than any other user you create.

At this point, you should be ready to go

good luck,
edmundliAuthor Commented:
Dear dennis,

Since I do experinece in the tar .. configure, make, make all commends to setup apache, and I can predefine my apache location e.g


And I can start, stop process in /usr/local/apache/bin

Configure /usr/local/apache/conf etc

This is the reason I use a user www,

login in as www and start install the apache

So In this case, Can I set www as user access right as nobody, group as nobody ... any ideas ?

I did not try before.

it doesn't matter what user you use to compile apache.  root typically has to do the make install step because the directories it installs to are owned by root, but you can use any user as long as the user has the permissions to install in the directories you specified in the configuration.

After you install, you can have Apache run as any user/group you want.  If you want to have it run as www after installing as root, that will still work.  If you want to have it run as nobody after installing as www or as root, it will still work.

typically, if I'm installing a new package, I will compile the package with my own login.  Then I will su to root to do the final install.  For apache, I set the user/group to nobody, and have root do the startup during normal system startup.

for your situation, after doing the install, just set the User and Group directives in your httpd.conf (or it may be in one of the other apache config files) to www.  Make sure that you have a www user and a www group, and make sure that the www user can read from the htdocs directory, and that all of the cgi's can still run as the www user.

The easiest way to check if the www user has the proper permissions is to su - www, and make sure you can read all of the html files and that you can still run the cgi's.

For additional security, before you bring the server live, disable logins on the www account by typing usermod -L www

This locks the password, so the user cannot login.  Apache will still startup as the www user, but anyone trying to telnet in will not be able to use the www user as a way in.

If for some reason you need to unlock the account, type usermod -U www.

good luck,
edmundliAuthor Commented:
Let me sum up your suggestion

Example: I will use /usr/local/apache as my apache program

Login as root:
cd /usr/local/apache

complie, make, make install by root

I set one user www and group nobody or I will user user nobody, group nobody

I has the home directory

if i use www , then I need to change
user www
group nobody

Am I correct ?
that will work.

good luck,
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.