From owner-freebsd-security@FreeBSD.ORG Sat Dec 4 09:47:53 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C3D316A4CF for ; Sat, 4 Dec 2004 09:47:53 +0000 (GMT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id C239943D46 for ; Sat, 4 Dec 2004 09:47:50 +0000 (GMT) (envelope-from sirmoo@cowbert.net) Received: (qmail 14632 invoked by uid 1001); 4 Dec 2004 09:47:50 -0000 Date: Sat, 4 Dec 2004 04:47:49 -0500 From: "Peter C. Lai" To: Jesper Wallin Message-ID: <20041204094749.GA268@cowbert.net> References: <1164.213.112.198.152.1102141467.squirrel@mail.hackunite.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1164.213.112.198.152.1102141467.squirrel@mail.hackunite.net> User-Agent: Mutt/1.5.6i X-Mailman-Approved-At: Sat, 04 Dec 2004 13:33:10 +0000 cc: freebsd-questions@freebsd.org Subject: Re: Is my Apache server running as the root user or not? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Dec 2004 09:47:53 -0000 This isn't on-topic for the list, but I'll answer it anyway. The Apache parent runs as root so that it can attach to port 80. After a packet reaches port 80, Apache will hand it off to a child process running as www. The parent process also does other housekeeping duties as you would expect from any other parent process. On Sat, Dec 04, 2004 at 07:24:27AM +0100, Jesper Wallin wrote: > Heya.. > > By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is > running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me > one of the forks are runned as root and listening on port 80 as well as the other forks > are runned by www:www.. If I got a lot of users connecting to my server on port 80, will > thier requests ever be answered by the root fork or the www:www forks? > > --- snip --- > [root@ninja:~]# sockstat -l4p80 > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www httpd > 18149 3 tcp4 *:80 *:* > www httpd 18148 3 tcp4 *:80 *:* > www httpd 18147 3 tcp4 *:80 *:* > www httpd 14055 3 tcp4 *:80 *:* > www httpd 14054 3 tcp4 *:80 *:* > www httpd 14053 3 tcp4 *:80 *:* > www httpd 14052 3 tcp4 *:80 *:* > www httpd 14051 3 tcp4 *:80 *:* > root httpd 14050 3 tcp4 *:80 *:* > [root@ninja:~]# > --- snip --- > > > Best regards, > Jesper Wallin > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/