Working as root while Apache is running; how much a risk? (repost after subject line error)

Michael Sullivan michael at espersunited.com
Fri Jul 9 16:16:04 UTC 2004


I ran the ps -eax | grep httpd and it gave me this output:

[root at bullet root]# ps -eax | grep httpd
 9128 ?        S      0:02 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9131 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9132 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9133 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9134 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9135 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9136 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9137 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
 9138 ?        S      0:00 /usr/sbin/httpd TERM=xterm
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
SHLVL=1 _=/sbin/initlog
11322 pts/1    S      0:00 grep httpd HOSTNAME=bullet.espersunited.com
PVM_RSH=/usr/bin/rsh TERM=xterm SHELL=/bin/bash HISTSIZE=1000
SSH_CLIENT=192.168.1.3 1033 22 QTDIR=/usr/lib/qt-3.1 SSH_TTY=/dev/pts/1
USER=root
LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05

I don't quite understand what all that means, but the only USER=
statement I saw in there was root.  Is this correct?  Is there anyway I
can make this process run as user apache instead?

> Message: 14
> Date: Fri, 09 Jul 2004 11:58:05 -0400
> From: "Scot L. Harris" <webid at cfl.rr.com>
> Subject: Re: Working as root while Apache is running; how much a	risk?
> 	(repost after subject line error)
> To: Fedora List <fedora-list at redhat.com>
> Message-ID: <1089388685.6672.50.camel at lathe>
> Content-Type: text/plain
> 
> On Fri, 2004-07-09 at 11:42, Michael Sullivan wrote:
> > Can you clarify what "_RUN_ the web server" means?  My current practice
> > is this:  The only way I work on my server PC is through ssh from a
> > client computer because my server PC doesn't have a monitor hooked up to
> > it.  Anyway, I log in as root and the very first thing I do is "service
> > httpd stop".  I go about doing whatever task I have to do in that
> > session and then I say, "service httpd start; exit".  Are you saying
> > that I don't have to have Apache stopped while I'm logged in as root, or
> > are you saying I shouldn't stay logged in as root after I issue "service
> > httpd start"?
> > 
> 
> He means the user the processes for httpd run as.  If you do a 
> 
> ps -eax | grep httpd
> 
> on your system you will see a list of processes and the user they run
> as.  In this case they should be showing apache as the user.
> 
> In some systems they use nobody as the user for these process.  
> 
> So you don't need to shutdown apache when you do maintenance as root.





More information about the fedora-list mailing list