httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Owen Boyle <...@bourse.ch>
Subject Re: Running multiple apache instances
Date Fri, 17 May 2002 12:25:32 GMT
Boris Kimel wrote:
> 
> We wanted to use several IP addresses and port 80. 

That's fine.

> Non-root users
> should be enabled to restart their apaches though. Think it's possible
> however not sure it's secure enough. Still would be happy to see some
> real implementations.

One way to do this would be to make the apache binary owned by root and
then set the setuid bit in the user's permissions for the binary, i.e.

> cd /usr/local/apache/bin
> su
# chown root httpd
# chmod u+s httpd

Now when any user starts apache, it will start with effective uid of
root and will be able to bind to port 80 (among other things...). Note
that the apache binary will probably have to be local to the server for
this to work. Most set-ups do not allow setuid over NFS, for instance.

Rgds,

Owen Boyle.

PS - I make no guarantees about the security aspects of such an
approach. It is up to you to satisfy yourself that it is safe or that
you are happy with any risk.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message