httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: running apache as root
Date Wed, 02 Apr 2003 16:47:18 GMT
* Jose Gutierrez wrote:

> Can anyone tell me  razonable reasons because apache must not run as root user?

It's not designed to be run as root. Look for example, how much effort is 
taken in suexec to make sure that the sytem won't be compromised. The httpd 
itself doesn't care much about such effort (except for the startup code, of 
course).
And - an httpd is designed to grant public access to resources. Do you 
really want to allow everybody to execute programs on your machine *as 
root*?

> i want to configures apache for hosting an unique web (my web) at my
> dedicated server, serving php and perl cgi's. I am mainly warred about
> stability of the system.

Especially the modular concept is dangerous for running as root. Do you 
*know* that mod_php and your cgis resp. any of the modules are safe? Nobody 
knows, so they're probably not. There are two much possibilities how the 
different components may interact.

Finally, I think, you're asking the wrong question. It should be: "Why do I 
want the httpd to be run as root?"

HTH, nd
-- 
"Eine Eieruhr", erklärt ihr Hermann, "besteht aus einem Ei. Du nimmst
das Ei und kochst es. Wenn es hart ist, sind fünf Minuten um. Dann weißt
du, daß die Zeit vergangen ist."
                             -- Hannes Hüttner in "Das Blaue vom Himmel"

Mime
View raw message