简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Operation and Maintenance  >  How to start apache under ordinary user

How to start apache under ordinary user

王林
王林forward
2020-08-28 16:10:364183browse

How to start apache under ordinary user

Target:

(Recommended tutorial: apache)

Apache compiled by ordinary users must be started under this user Apache ports below port 1024.

1. Assume that the ordinary user is sims20. Use this user to compile and install an apache. The installation path is /opt/aspire/product/sims20/apache

./configure --prefix=/opt/aspire/product/sims20/apache   --enable-so --enable-modules=all   --enable-mods-shared=all   --enable-mods-shared='proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_rewrite'
make  
make install

2. After the compilation is completed, set The listening port of http.conf is 80

3. Start directly with ordinary user sims20

  [sims20@bcd-app01 bin]$ ./apachectl  start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

Cause of error: Under Linux, ordinary users can only use ports above 1024, and ports within 1024 The port can only be used by the root user

4. Use setuid to solve the problem, so that httpd can be run with root permissions

Log in with the root user and enter /opt/aspire/product/ sims20/apache/bin, use chown root httpd and chmod u s httpd respectively to set the owner of httpd to root and special permissions

[root@bcd-app01 bin]# ls  -l  httpd
-rwxr-xr-x 1 sims20 aspire 3517470  3月 15 17:12 httpd
[root@bcd-app01 bin]# chown root  httpd
[root@bcd-app01 bin]# ls  -l  httpd
-rwxr-xr-x 1 root aspire 3517470  3月 15 17:12 httpd
[root@bcd-app01 bin]# chmod u+s httpd
[root@bcd-app01 bin]# ls  -l  httpd
-rwsr-xr-x 1 root aspire 3517470  3月 15 17:12 httpd

5. Re-enter the ordinary user sims20 and start apache

[sims20@bcd-app01 bin]$ ./apachectl  start

Yes Started normally, no error reported

6. Try to access 

 [sims20@bcd-app01 bin]$ curl  http://10.24.12.159:80
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don&#39;t have permission to access /
on this server.</p>
</body></html>

and reported 403 Forbidden error

7. Check how the process 

[sims20@bcd-app01 bin]$ ps  -ef |grep httpd
root      7841     1  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7844  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7845  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7846  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7847  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7848  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    8006  3026  0 17:29 pts/4    00:00:00 grep httpd

ran out of the daemon User, it turns out that the httpd main process still runs with the permissions of the root user, and its child processes will run as a user with lower permissions, and this lower permissions user daemon is configured in http.conf

8 , configure it in http.conf, change the user to root

User daemon
Group daemon

to 

User root
Group root

9. Start apache

[sims20@bcd-app01 bin]$ ./apachectl  restart
Syntax error on line 76 of /opt/aspire/product/sims20/apache/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root.  
There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
## as a normal user again #No, you need to re-compile with parameters


10. Modify the configuration in http.conf again and change the user to an ordinary user

Change to


User sims20
Group aspire

11. Start apache again with ordinary user sims20

[sims20@bcd-app01 bin]$ ./apachectl  start
[sims20@bcd-app01 bin]$ ps  -ef  |grep  httpd
root      9720     1  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9721  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9722  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9723  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9724  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9725  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9739  3026  0 18:09 pts/4    00:00:00 grep httpd

12. Try to access 

[sims20@bcd-app01 bin]$ curl  http://10.248.12.159:80
<html><body><h1>It works!</h1></body></html>

successfully.

The above is the detailed content of How to start apache under ordinary user. For more information, please follow other related articles on the PHP Chinese website!

apache http linux
Statement:
This article is reproduced at:cnblogs.com. If there is any infringement, please contact admin@php.cn delete
Previous article:How does apache hide index.phpNext article:How does apache hide index.php

Related articles

See more