Thanks to Peter Bivesand for giving me the following method to run Apache as
a user other than root.
===========================
Hello.
Sorry for not answering before, but I've been away on a x-mas break ;)
The answer to your question about running apache as another user then
root is:
1. Add the new user you want the webserver to run as
with adduser. A good name could be www or web.
2. Add a new group for the web-user with addgroup.
3. Edit <webserver-root>/conf/httpd.conf. It should look
something like this:
User www
Group #42
User is the username you created and Group #42 is the number
on the group you created.
4. Make sure that the new user is part of the group you
created. And that the webserver-root is owned by the
newly created user and has the right group.
5. Shutdown and start the server again. I'm not sure if a
kill -HUP will change it to the new user.
You should never ever run a webserver as root. The reason is that if
someone finds a way of executing programs from remote via a bug or
cgi-script it will execute as root. Phf is such a cgi-script that can
be abused to execute programs on your server.
Good luck!
Peter Bivesand, System Manager
--
************************************************************
Peter R Bivesand, UNIT, Linköping University, SWEDEN
PetBi_at_UNIT.LiU.SE Telex: 812 6154 448 SICS
URL:http://www.bive.unit.liu.se/~bive
My public PGP-key can be found at any PGP-key-server.
************************************************************
=====================================
Daryl Fallin
dfallin_at_garfield.leesummit.k12.mo.us
Received on Mon Dec 30 1996 - 10:43:52 NZDT