httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pitfield, Nickolas" <>
Subject [users@httpd] Apache 2.0 questions
Date Mon, 14 Apr 2003 14:57:25 GMT

I last set up a web server back in mid-late 90's - this would have NCSA
httpd v1.3 (through to 1.5 IIRC).

Now in those days you didn't start your web server as root as this was
considered a security problem - instead you created a specific user (e.g.
webuser) and ran it as that user.

I see in Apache2 that there is now a choice:

1) start as root, stay as root - still seems a potentially bad choice.
2) start as a normal user, stay as that user.
3) start as root, but switch to a normal user via the use of the "User"
directive in conf/httpd.conf.

Which is the preferred solution, and why ? What advantages does (3) have
over (2) and vice-versa ?


    Nick Pitfield
Configuration Management Engineer
T: +44 (0)20 7348 1569 E:
MetaSolv Software Limited
Avon House, Kensington Village, Avonmore Road, London W14 8TS
T: +44 (0)20 7348 1500 F: +44 (0)20 7348 1501

View raw message