Spilled the Beans
Hi all,
I've got Ubuntu 10 running here and have just discovered that the processes for the HTTP server (apache2) appear to run as user root as opposed to user apache/www/whatever as is custom on most other Linux/Unix distros. Why would that be? Seems very insecure to me.
Boris.
Too much Ubuntu
Apache on Ubuntu runs as www-data. Did you change something?
Blog | Ubuntu User #15350 | Zsh FTW | Ubuntu Security | Nothing to hide?
AMD Phenom II X6 1075T @ 3GHz, Nvidia GTX 650, 8GB DDR3 RAM, 1 X 1TB, 2 X 3TB HDD
Please don't request support via PM
Walking moon
Can you post the output you are looking at please so we can see what you are asking about.Originally Posted by borepstein
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
First Cup of Ubuntu
I am hosting webserivces on apache2 in ubuntu10. I want to start the apache2 as root and then the service should run as the user www-data. The processes running are reproduced below -
USER PID CPU MEM VSZ RSS TTY STAT START TIME COMMAND
root 2824 0.0 0.1 8104 3752 ? Ss 08:37 0:00 /usr/sbin/apache2 -k start
www-data 2824 0.0 0.1 8104 3752 ? Ss 08:37 0:00 /usr/sbin/apache2 -k start
www-data 2824 0.0 0.1 8104 3752 ? Ss 08:37 0:00 /usr/sbin/apache2 -k start
www-data 2824 0.0 0.1 8104 3752 ? Ss 08:37 0:00 /usr/sbin/apache2 -k start
Continuing to run apache2 as root might not be secure thus i want that once the apache2 starts as root it should then move down to continue runing as the user www-data and it stop for user root.
Walking moon
Take a look at how apache works
The parent server runs as root and spawns child processes which run as www-data
The child processes are the ones listening for connections and doing the work, not the parent server.
See:While the parent process is usually started as root under Unix in order to bind to port 80, the child processes and threads are launched by Apache as a less-privileged user.
http://httpd.apache.org/docs/2.2/mod/prefork.html
http://httpd.apache.org/docs/2.2/mod/worker.html
Last edited by bodhi.zazen; August 4th, 2011 at 04:53 AM.
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
5 Cups of Ubuntu
That root process is the parent Apache process.
It is required to be root so that Apache can bind to port 80 (a privileged port).
The parent process does not serve any requests, so is not inherently insecure.
Posting Permissions
Adv Reply
Bookmarks