Date: Sun, 30 Dec 2001 18:15:14 -0700 From: Chris Fedde <chris@fedde.littleton.co.us> To: Troy <tdrake@myrealbox.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Getting Apache to run as user www only Message-ID: <200112310115.fBV1FEx12926@fedde.littleton.co.us> In-Reply-To: <1009759250.60bc5ff9tdrake@myrealbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 30 Dec 2001 18:40:50 -0600 Troy wrote:
+------------------
| Hi all,
| I've been running Apache for quite a while, but I'm trying to
| secure my system and keep as many things from running as root as
| possible. I have the Apache config set to the default www as the
| user to run under, but the initial httpdp rocess runs as root. Is
| there a way to get all the httpd processes to run as www?
+------------------
The process that opens port 80 needs to be user root. Apache forks
new port 80 listerners occasionaly so the master process needs to
run as root. I know that Solaris has a way of granting a user rights
to open a priveledged socket but I have not seen that feature in FreeBSD
yet.
If you don't need all the advanced features that apache is giving
you. And you are not running a huge CGI load. You might consider
using thttpd (in the ports collection or from www.acme.com.) It is
a single process chrootable server that drops privledges after the
master listening socket is opened. It uses poll(2) on OSes that
have it or select(2) to handle all connections from one process.
It even has a simple way of doing named virtual servers.
It is quite frugal with system resources and often performs better
under load than apache.
--
Chris Fedde
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112310115.fBV1FEx12926>