httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] Need help in getting apache to run in a non-root account
Date Sun, 10 Feb 2008 14:29:29 GMT
On Feb 9, 2008 10:40 PM, sudhakar govindavajhala
<> wrote:

> >
> > Apache is a pre-forking server. It keeps a pool of processes available
> > to serve incoming requests and therefore doesn't need to start new
> > processes for each new connection. As your process listing shows, all
> > processes except the master (control) process are running as user
> > "apache", not as root. These are the processes that do the actual
> > serving.
> SG: What is  a pre-forking server? How can I confirm that it is the worker
> threads that are serving the request and not master process.   I am a little
> bit uneasy that the master is running as root, I am connecting to a port
> held by the master, and some how the worker processes are serving the
> requests.   Since I am connecting to a port held by a master, and since
> master is running as root, my root account becomes vulnerable to a potential
> buffer overflow security problem.

The remainder of my paragraph above describes what I mean by
"pre-forking": A pool or processes is pre-forked and then a process
from that pool is allocated each time a new connection comes in.

As far as confirming that only the child processes do the serving, you
have a number of options:

1. Apache is open-source, so you can just read the code.

2. You can attach to the different processes with a debugger and
observe what they are doing.

3. You can use the server-status display (see mod_status) to observe
which processes serve requests.

Although root does open the port, it hands off the open file
descriptor to the children who then take care of all the processing.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message