Working as root while Apache is running; how much a risk? (repost after subject line error)
Jeff Vian
jvian10 at charter.net
Fri Jul 9 22:29:17 UTC 2004
On Fri, 2004-07-09 at 11:16, Michael Sullivan wrote:
> I ran the ps -eax | grep httpd and it gave me this output:
>
> [root at bullet root]# ps -eax | grep httpd
> 9128 ? S 0:02 /usr/sbin/httpd TERM=xterm
> PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
> SHLVL=1 _=/sbin/initlog
try "ps -aux | grep httpd" instead
The output should look like this
root 2168 0.0 1.8 23356 9700 ? S 14:57 0:00
/usr/sbin/httpd
apache 2249 0.0 1.8 23356 9720 ? S 14:57 0:00
/usr/sbin/httpd
apache 2250 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
apache 2251 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
apache 2268 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
apache 2269 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
apache 2270 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
apache 2271 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
apache 2272 0.0 1.8 23356 9716 ? S 14:57 0:00
/usr/sbin/httpd
Notice that the first column is the name of the user running the
process. (lines wrapped by my mailer)
> I don't quite understand what all that means, but the only USER=
> statement I saw in there was root. Is this correct? Is there anyway I
> can make this process run as user apache instead?
>
> > Message: 14
> > Date: Fri, 09 Jul 2004 11:58:05 -0400
> > From: "Scot L. Harris" <webid at cfl.rr.com>
> > Subject: Re: Working as root while Apache is running; how much a risk?
> > (repost after subject line error)
> > To: Fedora List <fedora-list at redhat.com>
> > Message-ID: <1089388685.6672.50.camel at lathe>
> > Content-Type: text/plain
> >
> > On Fri, 2004-07-09 at 11:42, Michael Sullivan wrote:
> > > Can you clarify what "_RUN_ the web server" means? My current practice
> > > is this: The only way I work on my server PC is through ssh from a
> > > client computer because my server PC doesn't have a monitor hooked up to
> > > it. Anyway, I log in as root and the very first thing I do is "service
> > > httpd stop". I go about doing whatever task I have to do in that
> > > session and then I say, "service httpd start; exit". Are you saying
> > > that I don't have to have Apache stopped while I'm logged in as root, or
> > > are you saying I shouldn't stay logged in as root after I issue "service
> > > httpd start"?
> > >
> >
> > He means the user the processes for httpd run as. If you do a
> >
> > ps -eax | grep httpd
> >
> > on your system you will see a list of processes and the user they run
> > as. In this case they should be showing apache as the user.
> >
> > In some systems they use nobody as the user for these process.
> >
> > So you don't need to shutdown apache when you do maintenance as root.
>
More information about the fedora-list
mailing list