httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Victor Trac" <>
Subject Re: [users@httpd] RE: failure notice
Date Thu, 06 Apr 2006 07:58:26 GMT
If the UID of the apache process somehow gets compromised, it would be
better to have that account running as a non-privileged account than as
root.  At least then the UID is somewhat confined to the account's access
restrictions, rather than have access to the entire file system as root.


On 4/5/06, Amalan, S <> wrote:
> Thanks much.  This explains why my installation did not need root
> privileges - I was running it on port 1150 or so.
> This also brings up the question: is there a reason to set the port to
> be below 1024 so that only root can start it up?  Is there a downside to
> running Apache on a port greater than 1024?
> There must have been some reason for designing it in such a way that the
> process owner gets dropped from root to a non-zero UID account.  I guess
> I am confused because if you need to be root to start it up, why should
> the process owner be dropped after binding to the privileged port to a
> non-zero UID account? And if you weren't root to begin with you wouldn't
> be able to startup Apache anyway.
> Amalan

View raw message