HPE Community
Operating System - HP-UX
1819744 Members
3044 Online
109606 Solutions
New Discussion юеВ

Re: non-root user wants to run apache and use port 80

 
SOLVED
Go to solution
Bill Costigan
Honored Contributor

тАО09-13-2005 04:28 AM

тАО09-13-2005 04:28 AM

non-root user wants to run apache and use port 80

Is there some permission that can be applied to a user to allow apache to run as that user and still bind to port 80?

Thanks
0 Kudos
Reply
7 REPLIES 7
Torsten.
Acclaimed Contributor

тАО09-13-2005 04:36 AM

тАО09-13-2005 04:36 AM

Re: non-root user wants to run apache and use port 80

Hi Bill,

the apache httpd will run as user configured in the httpd.conf file.

T.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Bill Costigan
Honored Contributor

тАО09-13-2005 05:26 AM

тАО09-13-2005 05:26 AM

Re: non-root user wants to run apache and use port 80

The issue is allowing apache to use port 80. Only root and system processes can open ports less than 1024 (or is it 1023.)

What I don't know is what the system looks at to determine if the user is root. Is it a UID of zero or something else.

Can I make the system allow another user to open port 80.
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО09-13-2005 05:34 AM

тАО09-13-2005 05:34 AM

Solution

Re: non-root user wants to run apache and use port 80

Httpd must be started with an effective uid of 0 in order to use a port <= 1023. This can be done via sudo by a regular user. After the daemon starts and opens the port, it can do a setuid/setgid to change to a non-root user if the User and Group entries in httpd.conf are defined.
If it ain't broke, I can fix that.
Reply
Bill Costigan
Honored Contributor

тАО09-13-2005 05:40 AM

тАО09-13-2005 05:40 AM

Re: non-root user wants to run apache and use port 80

Thanks.

I don't think I could get apache to issue the suid back after it opens the port. So I'd have to leave it running as 0.
0 Kudos
Reply
Torsten.
Acclaimed Contributor

тАО09-13-2005 05:42 AM

тАО09-13-2005 05:42 AM

Re: non-root user wants to run apache and use port 80

taken from the apache FAQ:

"...the typical Apache setup has the server started as root to bind to port 80, after which it changes UIDs to a non-privileged user to serve requests."

In fact, the non privileged user is that one defined in httpd.conf.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
Bill Costigan
Honored Contributor

тАО09-13-2005 05:51 AM

тАО09-13-2005 05:51 AM

Re: non-root user wants to run apache and use port 80

Torsten,

Thanks, That was the piece I was missing. I assumed that it would try to open the port as the user in the hpptd.conf file.

I'll have them try that
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО09-13-2005 05:57 AM

тАО09-13-2005 05:57 AM

Re: non-root user wants to run apache and use port 80

It is possible to configure apache to run in a chroot mode, which lessons the security hazards of running the product.

All and all lots and lots of folks use apache, grant it permission to run on port 80.

When you install the apache server as part of the HP-UX web suite, the user is added and configured correctly.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.