httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Need help in getting apache to run in a non-root account
Date Sun, 10 Feb 2008 14:29:29 GMT
On Feb 9, 2008 10:40 PM, sudhakar govindavajhala
<sudhakarg79spam@gmail.com> wrote:

> >
> > Apache is a pre-forking server. It keeps a pool of processes available
> > to serve incoming requests and therefore doesn't need to start new
> > processes for each new connection. As your process listing shows, all
> > processes except the master (control) process are running as user
> > "apache", not as root. These are the processes that do the actual
> > serving.
>
>
>
> SG: What is  a pre-forking server? How can I confirm that it is the worker
> threads that are serving the request and not master process.   I am a little
> bit uneasy that the master is running as root, I am connecting to a port
> held by the master, and some how the worker processes are serving the
> requests.   Since I am connecting to a port held by a master, and since
> master is running as root, my root account becomes vulnerable to a potential
> buffer overflow security problem.

The remainder of my paragraph above describes what I mean by
"pre-forking": A pool or processes is pre-forked and then a process
from that pool is allocated each time a new connection comes in.

As far as confirming that only the child processes do the serving, you
have a number of options:

1. Apache is open-source, so you can just read the code.

2. You can attach to the different processes with a debugger and
observe what they are doing.

3. You can use the server-status display (see mod_status) to observe
which processes serve requests.

Although root does open the port, it hands off the open file
descriptor to the children who then take care of all the processing.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message