1

I am running Apache in 8080 port. After starting the httpd, I noticed that the parent process is owned by root. 

[root@a ~]# ps -ef | grep httpd
root     13480     1  0 08:07 ?        00:00:00 /usr/sbin/httpd
apache   13505 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13506 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13507 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13508 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13509 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13510 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13511 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
apache   13512 13480  0 08:11 ?        00:00:00 /usr/sbin/httpd
[root@a ~]#

I saw below this post, but it says that by default, for the ports below 1024, root will start process.

If the apache works like this by default, where can I change this?

Thank you.

Community
  • 1
prado
  • 930
  • 1
  • 11
  • 33
  • start apache with apache user not root. – Ipor Sircer Nov 07 '16 at 13:42
  • 1
    Saying root is normally able to open ports < 1014 is different than saying root is starting the process; you may call it with the user apache, you would have to edit the init file. However you may well break it, I suspect. The security mechanism of the privilege separation between the user root and apache exists for a reason. – Rui F Ribeiro Nov 07 '16 at 13:44
  • Alright. I switched to another user and updated the permissions for /var/run/httpd/httpd.pid and /var/run/httpd/httpd.pid. Now it is starting with another user. I want to start httpd as root and have apache or another user as process owners. Is that possible? – prado Nov 09 '16 at 13:16
  • Maybe you tell us what you actually want. Why does the httpd launcher process running as root bother you? – countermode Nov 10 '16 at 13:22
  • I am just trying to learn things. Just want to know from where exactly the launcher process getting root as owner. Is it because root starting it? – prado Nov 11 '16 at 07:54

1 Answers1

0

https://www.thegeekstuff.com/2011/03/apache-hardening/

After this, if you restart apache, and do ps -ef, you’ll see that the apache is running as “apache” (Except the 1st httpd process, which will always run as root).

https://serverfault.com/questions/439307/apache-running-as-root-instead-of-user-specified-in-httpd-conf

kids
  • 1