April 28th, 2003, 04:39 AM
Novice apache permisions question
I believe there are two (if not more) levels of permission to run apache under. I think one is equivalent to anonymous or a very restricted user. I think the other is equivalent to root, running under sudo possibily? Can someone tell me what benefits are there to running under root, what benefits there are to running under anonymous and why you would choose one or the other.
April 28th, 2003, 10:23 AM
Experience is something you don't get until just after you need it.
April 28th, 2003, 03:35 PM
You should leave it running with its default permissions (it loads up as root, then spawns off child as a 'nouser' or 'nobody' user, or if you insist have a 'webuser' with no permissions on the system). The reason the initial process must run as root is that the web daemon must bind to a port below 1024, which in unix requires root access (if you bound it to something > 1024, like 8080, then you don't even need root access for that, in which case it can be all 'nobody' user). After the port is bound to 80, a child process spawns that handles the requests and it only has enough privelages to handle the web requests of the clients and hand off the various data (usually through 'other' access on the file permissions in the web directories). The reason for this is that if someone does something bad to the daemon (like applies the latest greatest hack and your server is vulnerable, the most they get is 'nobody' access, in which case they must find some way to escalate their privelage before they can do anything (at least if your file permissions are proper). If you were to have run the web server as root (very very very bad idea), they would now have root access to your system, not nobody...
Hope that helps,
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
April 28th, 2003, 04:41 PM
There is absolutely no need to run any vaguely "normal" configuration under root.
Apache should be started as root, and then it reads its configuration file, and drops privileges accordingly before serving any requests.
It needs to be started as root:
- To bind to ports <1024
- To write to log files
However, patches are available for Linux (certainly) which enable (authorised) users other than root to bind to <1024, in which case it doesn't need even to start as root.
In principle, someone running CGI scripts, PHP etc, cannot gain access to root by virtue of running their processes as the same ID as apache (although they can do pretty effective DoS attacks, but they would be able to anyway).
Normally there is a user "nobody", "apache" or "www" set up for this purpose, who runs little else.
Note the Apache on Windows is a totally different beast, but that does not need to run as Administrator or LocalSystem either (on Windows the port 1024 restriction is nonexistent, as it's primarily a single-user system)
The only reason I can think of running Apache as root is if its only purpose is web-based administration; even then it probably shouldn't.