Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 04 Dec 2004 10:09:57 +0100
From:      Ondra Holecek <bln@deprese.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Is my Apache server running as the root user or not?
Message-ID:  <41B17EE5.90707@deprese.net>
In-Reply-To: <1164.213.112.198.152.1102141467.squirrel@mail.hackunite.net>
References:  <1164.213.112.198.152.1102141467.squirrel@mail.hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi,

Apache has to be started as root, because it needs to bind to port 80 
(ie. <1024). But this process doesn't serve clients, it only forks and 
then the id of forked process is changed to www and then it can serve 
clients...

Jesper Wallin wrote:
> Heya..
> 
> By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is
> running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me
> one of the forks are runned as root and listening on port 80 as well as the other forks
> are runned by www:www.. If I got a lot of users connecting to my server on port 80, will
> thier requests ever be answered by the root fork or the www:www forks?
> 
> --- snip ---
> [root@ninja:~]# sockstat -l4p80
> USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS www      httpd
>      18149 3  tcp4   *:80                  *:*
> www      httpd      18148 3  tcp4   *:80                  *:*
> www      httpd      18147 3  tcp4   *:80                  *:*
> www      httpd      14055 3  tcp4   *:80                  *:*
> www      httpd      14054 3  tcp4   *:80                  *:*
> www      httpd      14053 3  tcp4   *:80                  *:*
> www      httpd      14052 3  tcp4   *:80                  *:*
> www      httpd      14051 3  tcp4   *:80                  *:*
> root     httpd      14050 3  tcp4   *:80                  *:*
> [root@ninja:~]#
> --- snip ---
> 
> 
> Best regards,
> Jesper Wallin
> 
> 
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 

-- 
# If it happens once, it's a bug.
# If it happens twice, it's a feature.
# If it happens more then twice, it's a design philosophy.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41B17EE5.90707>