httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pitfield, Nickolas" <NPitfi...@metasolv.com>
Subject RE: [users@httpd] Apache 2.0 questions
Date Mon, 14 Apr 2003 15:22:19 GMT
Joshua,

>Not true, to the best of my recollection.  Apache today operates in the
>same way as NCSA httpd did back then.  It is necessary to start as root,
>because only the root user can bind to port 80 (the default http port).
>But all serving is done under a less privelged user.

Incorrect - with NCSA httpd if you used a higher port (e.g. 8000) then you
could start as non root - and in fact that's how I ran my servers in those
days. I am 100% sure there was no switching mechanism in those days - it was
either root with port<1024, or root or other user with port >1024.


>> I see in Apache2 that there is now a choice:
>>
>> 1) start as root, stay as root - still seems a potentially bad choice.
>
>This is not an option.

The "User directive" section
(http://httpd.apache.org/docs-2.0/mod/mpm_common.html#user) seems to
indicate (albeit indirectly) that it is an option when it says "If you do
start the server as root, then it is normal for the parent process to remain
running as root". I agree it's not a good one though.


>> 3) start as root, but switch to a normal user via the use of the "User"
>> directive in conf/httpd.conf.
>
>This is the standard way used by almost everyone.

But why ? I'm not saying it's wrong, just trying to understand the
rationale. I understand the non-priviledged user will do the actual document
serving, but why do you need the initial process to be root even when the
port is >1024 ? What needs the root perms ?

Regards.

    Nick Pitfield
___________________________________________________________________________
Configuration Management Engineer
T: +44 (0)20 7348 1569 E: npitfield@metasolv.com
MetaSolv Software Limited
Avon House, Kensington Village, Avonmore Road, London W14 8TS
T: +44 (0)20 7348 1500 F: +44 (0)20 7348 1501
www.metasolv.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message