Working as root while Apache is running; how much a risk? (repost after subject line error)
Michael Sullivan
michael at espersunited.com
Fri Jul 9 16:16:04 UTC 2004
I ran the ps -eax | grep httpd and it gave me this output:
[root at bullet root]# ps -eax | grep httpd
9128 ? S 0:02 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9131 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9132 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9133 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9134 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9135 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9136 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9137 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
9138 ? S 0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
11322 pts/1 S 0:00 grep httpd HOSTNAME=bullet.espersunited.com
PVM_RSH=/usr/bin/rsh TERM=xterm SHELL=/bin/bash HISTSIZE=1000
SSH_CLIENT=192.168.1.3 1033 22 QTDIR=/usr/lib/qt-3.1 SSH_TTY=/dev/pts/1
USER=root
LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05
I don't quite understand what all that means, but the only USER=
statement I saw in there was root. Is this correct? Is there anyway I
can make this process run as user apache instead?
> Message: 14
> Date: Fri, 09 Jul 2004 11:58:05 -0400
> From: "Scot L. Harris" <webid at cfl.rr.com>
> Subject: Re: Working as root while Apache is running; how much a risk?
> (repost after subject line error)
> To: Fedora List <fedora-list at redhat.com>
> Message-ID: <1089388685.6672.50.camel at lathe>
> Content-Type: text/plain
>
> On Fri, 2004-07-09 at 11:42, Michael Sullivan wrote:
> > Can you clarify what "_RUN_ the web server" means? My current practice
> > is this: The only way I work on my server PC is through ssh from a
> > client computer because my server PC doesn't have a monitor hooked up to
> > it. Anyway, I log in as root and the very first thing I do is "service
> > httpd stop". I go about doing whatever task I have to do in that
> > session and then I say, "service httpd start; exit". Are you saying
> > that I don't have to have Apache stopped while I'm logged in as root, or
> > are you saying I shouldn't stay logged in as root after I issue "service
> > httpd start"?
> >
>
> He means the user the processes for httpd run as. If you do a
>
> ps -eax | grep httpd
>
> on your system you will see a list of processes and the user they run
> as. In this case they should be showing apache as the user.
>
> In some systems they use nobody as the user for these process.
>
> So you don't need to shutdown apache when you do maintenance as root.
More information about the fedora-list
mailing list