httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: [users@httpd] fopen of log files
Date Fri, 11 Feb 2005 13:19:03 GMT
User nobody
Group nogroup

1. Apache needs to be launched as root in order to bind to a port lower than
1024 - this is a basic security feature of all UNIX implementations.

----- fair enough

2. Immediately after "grabbing" the port, Apache changes its effective user ID
to something else, typically as user "nobody." This is for security reasons -
running your Web servers as root means that any hole in the server (be it
through the server itself, or through a CGI script, which is much more likely)
could be exploited by an outside user to run a command on your machine.

----- so given this, should the logging not then be conducted not by root, but
by the user/group defined?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message