Solved

How can I start the apache with specific user account?

Posted on 2002-03-06
13
346 Views
Last Modified: 2010-03-04
Hi,
   I want to start the apache service on UNIX platform with specific user, e.g "root".  How can I set it?  Thanks
0
Comment
Question by:HenryChang
  • 5
  • 3
  • 2
  • +2
13 Comments
 
LVL 1

Expert Comment

by:johnnyp
ID: 6843907
I am pretty certain that the first instance of httpd will always run as root.  The other 4 httpd processes, unless you changed the value of StartServers in your httpd.conf file, will run as the user you have specified in the httpd.conf (defaults to nobody).

Have you compiled apache from source or are you using an RPM?  If source, check ./configure --help there may be an option to set the username to run apache as.  I can't remember as its been a while since I compiled from source.
0
 
LVL 15

Expert Comment

by:samri
ID: 6844369
I think you should be able to run apache as any user, any user EXCEPT root, or specifically all user except those with UID 0.  Otherwise necessary, if you still insist on running as root, you will need to recompile apache, and specify the

If you want to configure apache to run as other user, look for the following Directive in httpd.conf, and changed it to whateer user (must exist in /etc/passwd), and rule applies  the same thing with group.

User www    
Group www  

Some caution, the directory where apache needs to write it;s PID file, logfiles, should be writeable by this user, or atlest group-writable by specified Group (in this case "www").
0
 
LVL 2

Expert Comment

by:mhonomichl
ID: 6846174
Any port below 1024 (eg 80 for http) has to be run by root.  Apache runs it's master process as root, then spawns the rest of the process based on what is specified in the httpd.conf file as user and group.  You never want to run it as root completely, otherwise people can do some nasty things to the server.

Now, if you are just talking about starting the process (not how it runs), it has to be started as root because of the 1024 issue.  If you are looking to let another user be able to start it without giving them access to root, the best way to do it is with sudo.
0
 
LVL 15

Expert Comment

by:samri
ID: 6846342
I tried to simulate with no success.

1. Upack apachec tarball, and run the configure scrips;

./configure --server-uid=root --server-gid=root

2. make, and make install.  Still does not work.
Apache still complains to add the following entry to EXTRA_CFLASG -DBIG_SECURITY_HOLE

3. I added the following -DBIG_SECURITY_HOLE to every,
EXTRA_CFLAGS in every Makefile I found.

4.  Compile, and make install.

5.  Make sure your httpd.conf has the right user/grou in it's User/Group Directive (root/root).

Ttry to start it.  And voila.  all httpd should be running by root now.

And you have be warned, running Apache as root is a BIG mistake.

I wonder why you still require the server to run as root.  If we could offer a better alternative to that.

good luck
0
 
LVL 1

Expert Comment

by:johnnyp
ID: 6846752
Isn't all this what I said to begin with!!!!!!!!!!!!!!!!!
0
 
LVL 15

Expert Comment

by:samri
ID: 6847422
johnnyp,

Yes, you are correct.  At least the "configure" is.  But that alone would not do any good.  Btw, have you tested the claim anyway.  I tried it and Apache still complains (at least on my machine - RH 7.2, Apache 1.3.23), it still refuses to run.  Added -DBIG_SECURITY_HOLE in src/Configuration as written in docs, does not work.  I end-up manually adding the flag in every Makefile (kinda stupid - I am not a C programmer).

If you had better alternatives, I certainly (or HenryChang would be most) likely would like to hear that, rather than bragging about a "hint" that you just gave.

cheers,
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 1

Expert Comment

by:johnnyp
ID: 6847439
:-D

Bragging!!!!!  I'm not bragging at all.  It's just that both of you have stated exactly what I said in the first place without reference to the fact that its already been said.  If your that desperate to get the points then go for it, knock yourself out.  I've got better things to do that start arguing with people on a website.
0
 
LVL 2

Expert Comment

by:mhonomichl
ID: 6847879
johnnyp -

Don't confuse your lack of articulation with plagiarism.  
0
 
LVL 15

Accepted Solution

by:
samri earned 100 total points
ID: 6849279
johnnyp,

Yes mhonomichl is correct.  That's the only way to get the problem solved, and when if comes to building software under Unix (or any C code), one would be looking and configuration file (so called ./Configure), make utilitiy, all the configuration switches, so forth.

The goal here is to help  HenryChang to get his problem solved, it's not about points (Heck, I wish I can buy cars with those).

I do agree with you that some portion of my solution (and even mhonomichl's) do sound like what you said.  THe problem is, yours are too simple, and too vague.  In fact I can go around in every SubjectArea, and start posting  "I used to do that", or "Make sure you configuration is correnct", or "Have you checked you XXXX installation", etc.  And when somebody else, started to detailed out, which portion of Configuration should be fixed in detail, or what to look in "what" log file, etc.  Did he/she use my idea?  Of course he/she did, but to elaborate further -  this is called Teamwork.  

Look back at EE policy

http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp 
0
 
LVL 5

Expert Comment

by:Netminder
ID: 6849649
Folks,

Let's see if we can keep the discussion on a professional, collaborative level; besides being completely unbecoming, it contributes to neither solving the Asker's problem nor to anyone's credibility as an Expert.

It is commonplace for one Expert to make a suggestion, and to have another expand on it; none of us can know how much information HenryChang had going in, and lacking any response from him, we can't know which, if any, of the suggestions were useful to him. Given his grading history, I'd be a little surprised if he decided a quick fix wasn't forthcoming, and has abandoned the question. If nothing else, your collective... behavior... has caused me to add yet another name to my list of people who will get at least one email from Admin. <grin>

It is perfectly possible (and altogether frequent, though in this case unlikely) that HenryChang will find a number of your collective suggestions at least partially useful, and will make the decision to split the points among you. He may also decide to award the points to the Expert who helped him the most. That's HIS decision, and his alone, unless he continues to demonstrate his deplorable tendency to make promises he has no intention of keeping -- but I'll deal with that when I have to.

In the meantime, let's leave the digs, insults, name-calling and so on at some other website, okay?

Netminder
Community Support Moderator
Experts Exchange
0
 
LVL 15

Expert Comment

by:samri
ID: 6928096
HenryChang,

Does any of our proposed solution works, or are you still tweaking your Apache?

cheers
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 9678860
No comment has been added lately, so it's time to clean up this TA.

I will leave a recommendation in the Cleanup topic area with the following recommendation for this question:

Answered by samri

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

periwinkle
EE Cleanup Volunteer
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
remove Handler and Add Handler for one file 3 39
IPv6 Networking 6 95
Running Guacamole on port 80 5 153
Why can I not access my httpd.conf from my WAMP menu... 9 61
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now