From owner-freebsd-security@FreeBSD.ORG Sat Dec 4 09:10:02 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EF8CA16A577 for ; Sat, 4 Dec 2004 09:10:02 +0000 (GMT) Received: from 168.18.broadband2.iol.cz (27.240.broadband2.iol.cz [83.208.240.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C2D843D49 for ; Sat, 4 Dec 2004 09:10:02 +0000 (GMT) (envelope-from bln@deprese.net) Received: from [172.16.2.2] (helo=[172.16.2.2]) by 168.18.broadband2.iol.cz with asmtp (Exim 4.41) id 1CaVvU-0008VW-BZ for freebsd-security@freebsd.org; Sat, 04 Dec 2004 10:10:00 +0100 Message-ID: <41B17EE5.90707@deprese.net> Date: Sat, 04 Dec 2004 10:09:57 +0100 From: Ondra Holecek User-Agent: Mozilla Thunderbird 0.8 (X11/20041014) X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: freebsd-security@freebsd.org References: <1164.213.112.198.152.1102141467.squirrel@mail.hackunite.net> In-Reply-To: <1164.213.112.198.152.1102141467.squirrel@mail.hackunite.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sat, 04 Dec 2004 13:33:10 +0000 Subject: Re: Is my Apache server running as the root user or not? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Dec 2004 09:10:03 -0000 Hi, Apache has to be started as root, because it needs to bind to port 80 (ie. <1024). But this process doesn't serve clients, it only forks and then the id of forked process is changed to www and then it can serve clients... Jesper Wallin wrote: > Heya.. > > By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is > running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me > one of the forks are runned as root and listening on port 80 as well as the other forks > are runned by www:www.. If I got a lot of users connecting to my server on port 80, will > thier requests ever be answered by the root fork or the www:www forks? > > --- snip --- > [root@ninja:~]# sockstat -l4p80 > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www httpd > 18149 3 tcp4 *:80 *:* > www httpd 18148 3 tcp4 *:80 *:* > www httpd 18147 3 tcp4 *:80 *:* > www httpd 14055 3 tcp4 *:80 *:* > www httpd 14054 3 tcp4 *:80 *:* > www httpd 14053 3 tcp4 *:80 *:* > www httpd 14052 3 tcp4 *:80 *:* > www httpd 14051 3 tcp4 *:80 *:* > root httpd 14050 3 tcp4 *:80 *:* > [root@ninja:~]# > --- snip --- > > > Best regards, > Jesper Wallin > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- # If it happens once, it's a bug. # If it happens twice, it's a feature. # If it happens more then twice, it's a design philosophy.