Working as root while Apache is running; how much a risk? (repost after subject line error)

Jeff Vian jvian10 at charter.net
Fri Jul 9 22:29:17 UTC 2004 

On Fri, 2004-07-09 at 11:16, Michael Sullivan wrote:
> I ran the ps -eax | grep httpd and it gave me this output:
> 
> [root at bullet root]# ps -eax | grep httpd
>  9128 ?        S      0:02 /usr/sbin/httpd TERM=xterm
> PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PWD=/ LANG=en_US.UTF-8
> SHLVL=1 _=/sbin/initlog

try "ps -aux | grep httpd" instead 

The output should look like this

root      2168  0.0  1.8 23356 9700 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2249  0.0  1.8 23356 9720 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2250  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2251  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2268  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2269  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2270  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2271  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd
apache    2272  0.0  1.8 23356 9716 ?        S    14:57   0:00
/usr/sbin/httpd


Notice that the first column is the name of the user running the
process. (lines wrapped by my mailer)

> I don't quite understand what all that means, but the only USER=
> statement I saw in there was root.  Is this correct?  Is there anyway I
> can make this process run as user apache instead?
> 
> > Message: 14
> > Date: Fri, 09 Jul 2004 11:58:05 -0400
> > From: "Scot L. Harris" <webid at cfl.rr.com>
> > Subject: Re: Working as root while Apache is running; how much a	risk?
> > 	(repost after subject line error)
> > To: Fedora List <fedora-list at redhat.com>
> > Message-ID: <1089388685.6672.50.camel at lathe>
> > Content-Type: text/plain
> > 
> > On Fri, 2004-07-09 at 11:42, Michael Sullivan wrote:
> > > Can you clarify what "_RUN_ the web server" means?  My current practice
> > > is this:  The only way I work on my server PC is through ssh from a
> > > client computer because my server PC doesn't have a monitor hooked up to
> > > it.  Anyway, I log in as root and the very first thing I do is "service
> > > httpd stop".  I go about doing whatever task I have to do in that
> > > session and then I say, "service httpd start; exit".  Are you saying
> > > that I don't have to have Apache stopped while I'm logged in as root, or
> > > are you saying I shouldn't stay logged in as root after I issue "service
> > > httpd start"?
> > > 
> > 
> > He means the user the processes for httpd run as.  If you do a 
> > 
> > ps -eax | grep httpd
> > 
> > on your system you will see a list of processes and the user they run
> > as.  In this case they should be showing apache as the user.
> > 
> > In some systems they use nobody as the user for these process.  
> > 
> > So you don't need to shutdown apache when you do maintenance as root.
>

More information about the users mailing list