httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Apache 2.0 questions
Date Mon, 14 Apr 2003 15:03:32 GMT

On Mon, 14 Apr 2003, Pitfield, Nickolas wrote:

> Greetings,
>
> I last set up a web server back in mid-late 90's - this would have NCSA
> httpd v1.3 (through to 1.5 IIRC).
>
> Now in those days you didn't start your web server as root as this was
> considered a security problem - instead you created a specific user
> (e.g. webuser) and ran it as that user.

Not true, to the best of my recollection.  Apache today operates in the
same way as NCSA httpd did back then.  It is necessary to start as root,
because only the root user can bind to port 80 (the default http port).
But all serving is done under a less privelged user.

>
> I see in Apache2 that there is now a choice:
>
> 1) start as root, stay as root - still seems a potentially bad choice.

This is not an option.

> 2) start as a normal user, stay as that user.

This is only an option if you use a non-standard port.  (Strictly
speaking, there are some other ways to accomplish this.  But they aren't
portable and widely available.)

> 3) start as root, but switch to a normal user via the use of the "User"
> directive in conf/httpd.conf.

This is the standard way used by almost everyone.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message