Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Apache port 80 to 80xx

Posted on 2000-04-06
Medium Priority
Last Modified: 2010-03-18
I had apache 1.3.9 with redhat 6.0. It is working fine with port 80 ( I use root login and install from /usr/local/apache)

It works fine. However, I would like to change to install a new one with less access, such that using www user. with uid 500 group. (Plan to have 8090)

I know that I can not work with port under 1024 if there is not a root.

So how can I show

http://aaa.bbb.com.sg instead of

(If I use www user to install my apache)
Can I use Virtual host ?
Can I use listen port ?
Question by:edmundli
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Accepted Solution

munsie earned 160 total points
ID: 2689672
well, it looks like you have a couple of things here...

if all you are doing is trying to make apache run under something besides root, your mostly there already.

by default, apache will not keep root when it starts up.  It only uses root to bind to the listen port.  It then switches to the specified user in the configuration file.  Look for the User and Group directives in your config files.  On my default RH6.1 install, User and Group are set to nobody.  And a quick look with ps -ef shows that only the first httpd is running as root.. the rest are all nobody/nobody.

If you want to change the user/group, just enter the name or number of the user and group in the above fields and restart the server.

Now, if you still want to run another server on port 8090, you can add a Listen directive to your config files.  Just look for the Listen 80 thats already there and on the next line put in a Listen 8090.  This will cause apache to listen and reply on both ports.

If you want to run two separate servers, one on 80, one on 8090, you need to create a new directory of configuration files, and start another copy of apache.  But typically, you shouldn't need to do this, because the security measures built in to Apache prevent most problems you would encounter.

good luck,

Author Comment

ID: 2690079

I got some feedback. I am using apache installed with root and running on port 80. (For my first apache web server). Afterward, I am planning to build a new apache with more secuity issue. I will go some user like www, and group www as my apache. As I know that only root user has the right to use port under 1024. As as result I can not use port 80. Am I right ?

Since I did build a web site under my first apache (installed by root) eg.

(ip address

But Now I will rebuild a new apache with new machine by using www user and www group. of course this is not a root user, As a result I can not start port 80. I have to start it above 1024 let say 8090. (

Afterward, I will use DNS to chnage the web server ip address to

The question is :

Can I use http://xxx.yyy.zzzz in my new web server ?

I can try

Am I correct ?

Expert Comment

ID: 2690749
ok, i might have missed something here, so bear with me.

your first apache server, the one running on port 80, was started as root.  But after apache starts, it binds to port 80, and then all of the server processes run as the user/group specified in the config file.  The only process that remains as root, is the initial process, which is used to start up new servers if needed (which is why it stays root).

You can run as www under port 80 by changing the config file.

As for running on the other port, unless you do some fancy port redirection at your router/gateway, clients will have to refer to your machine as http://your.hostname.com:8090/  This is mildly annoying, as most users never see a port number with other web sites.

Is there another reason that you want to listen on port 8090?  Or is it just so you don't have to start the server as root?

I would honestly recommend that you start the server as root, have apache change it's user/group id and run it on port 80, unless you have other reasons for using another port (security by obscurity comes to mind, but it's not a good strategy).

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.


Author Comment

ID: 2691980
Dear Dennis,

For your point:
Is there another reason that you want to listen on port 8090?  Or is it just so you don't                    have to start the server as root?

I would honestly recommend that you start the server as root, have apache change it's
user/group id and run it on port 80, unless you have other reasons for using another port
(security by obscurity comes to mind, but it's not a good strategy).

There is no special reason to run as port 8090 at all this is just a example.

From your recommenation,

I will login as root and uncompress, configure, make , make all in /usr/local/apache ?

If I use user www with group www and group id let say 505 then login as www and install .....

Can I do this by using port 80 ?

Can you recommend me steps by steps to do this ? I will follow your steps since I am new learner of apache web

Best Regards


Expert Comment

ID: 2692040
well, the easiest way to install apache under RedHat is via the RPMs.  On my box, Apache is running as user nobody group nodody, which is the safest user/group you can run with.  Go to ftp.redhat.com, and download the apache RPM for your distribution, or you can use your original instalation disc.

to install Apache via the rpm, do the following as root:

rpm --install apache.rpm

where apache.rpm is the name of the RPM file for Apache.

After you do this, Apache will automatically be configured to startup, and will run as user nobody, group nobody.  The html documents will go in /home/httpd/htdocs, the cgi's in /home/httpd/cgi-bin.

If you need to change any other configuration, go to /etc/httpd and edit the configuration files there.  To reread the configuration, type /etc/rc.d/init.d/httpd start

You can verify that you are not running as root by doing a ps -ef | grep httpd.

Only the first process should be root, all others will be nobody.

You shouldn't need a www user, because nobody is going to have less privaleges than any other user you create.

At this point, you should be ready to go

good luck,

Author Comment

ID: 2692084
Dear dennis,

Since I do experinece in the tar .. configure, make, make all commends to setup apache, and I can predefine my apache location e.g


And I can start, stop process in /usr/local/apache/bin

Configure /usr/local/apache/conf etc

This is the reason I use a user www,

login in as www and start install the apache

So In this case, Can I set www as user access right as nobody, group as nobody ... any ideas ?

I did not try before.


Expert Comment

ID: 2693658
it doesn't matter what user you use to compile apache.  root typically has to do the make install step because the directories it installs to are owned by root, but you can use any user as long as the user has the permissions to install in the directories you specified in the configuration.

After you install, you can have Apache run as any user/group you want.  If you want to have it run as www after installing as root, that will still work.  If you want to have it run as nobody after installing as www or as root, it will still work.

typically, if I'm installing a new package, I will compile the package with my own login.  Then I will su to root to do the final install.  For apache, I set the user/group to nobody, and have root do the startup during normal system startup.

for your situation, after doing the install, just set the User and Group directives in your httpd.conf (or it may be in one of the other apache config files) to www.  Make sure that you have a www user and a www group, and make sure that the www user can read from the htdocs directory, and that all of the cgi's can still run as the www user.

The easiest way to check if the www user has the proper permissions is to su - www, and make sure you can read all of the html files and that you can still run the cgi's.

For additional security, before you bring the server live, disable logins on the www account by typing usermod -L www

This locks the password, so the user cannot login.  Apache will still startup as the www user, but anyone trying to telnet in will not be able to use the www user as a way in.

If for some reason you need to unlock the account, type usermod -U www.

good luck,

Author Comment

ID: 2693812
Let me sum up your suggestion

Example: I will use /usr/local/apache as my apache program

Login as root:
cd /usr/local/apache

complie, make, make install by root

I set one user www and group nobody or I will user user nobody, group nobody

I has the home directory

if i use www , then I need to change
user www
group nobody

Am I correct ?

Expert Comment

ID: 2693972
that will work.

good luck,

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question