httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bgib...@wheatonma.edu
Subject Re: Running Apache with root
Date Sun, 17 Feb 2002 18:00:54 GMT
I ran into this as well, I have a script that I needed to run as root
from apache. By default the version of apache I use runs as the user apache and
I tried running i as root but there are issues when doing so.  The way I got 
around this was I kept running apache as the user apache.  I then enabled rsh 
on the server only from the user "apache" and only from the machine "localhost".
( I am using RedHat which uses xinetd.d instead of inetd. I am not sure which 
Suse uses.)  To enable rsh to root as the user apache I edited roots .rhosts 
file and I added the line

127.0.0.1 apache

I then had to add the line 

rsh

to the file 

/etc/securetty

I then had to edit /etc/xinetd.d/rsh to enable rsh then restart xinetd by 
running

service xinetd restart

I think in Suse you will have to edit /etc/inetd.conf and run 

service inetd restart  ( not sure ).

Anyway, from the perl script that I was running from the web browser I made a 
system call out to another script but I did it through rsh, like this

system("rsh -l root localhost /var/www/cgi-bin/scriptname");

I think that is pretty much all I had to do.  Be careful and test that rsh 
works only from localhost and only as the user "apache".  Also, if you want to 
pass any parameters to the new script you are running as root be careful.  If 
it is sensative information ( like a user's password in my case ) the rsh line 
you run appears in a log file, I believe it was either

/var/log/messages or /var/log/httpd/access_log

I ended up writing the info I wanted to pass to a file and handed that filename 
to the new script then the new script retrieved the data and deleted the file.

Apache does let you run as what is called "suexec" but I read in the their 
documentation that it will not let you do so as root at this time ( I bet they 
are worried about being hacked. )  Make sure the script are going to run is 
torture tested  so it cannot be hacked.  If so you are letting a potential 
unknown user run a script as root.






Quoting Csillag Zsolt <starsoft@interware.hu>:

> 
> Hi!
> 
> I'm developing a cgi application. I don't want to tell the whole story,
> in 
> brief the
> cgi works from command line and not from the web browser.
> 
> I've tried everything, my last try is to run Apache with root (currently
> is 
> running with wwwrun user)
> 
> I use Suse 7.1
> 
> Can you help me?
> 
> When I modify httpd.conf to root I get an error message.
> 
> Please write me in detail since I'm relative new to Linux.
> 
> Thank you in advance
> 
> Zsolt Csillag
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message