Re: [tlug] Apache running as root?

[Bruno Raoult <br@example.com>]

I don't think log files is the reason, as:
1) The log files belong to apache server user (not root), usually (at 
least they should)
2) If a file is opened by a parent process before a fork, the child will 
get the same
    file descriptor, and could write, even after changing its uid/gid: 
there is no permission
    check on write() system call, only on open().

The main reason could be that one process only can listen to a socket 
port (port 80).
You can easily check, for apache, that even you have many httpd running, 
only one
is listening to the server port. This process should be able to:
- Know all its child processes (to kill, restart, increase/decrease the 
number, etc...)
- Reread configuration files, create new files in directories where only 
root could
  create files (even if the owner id changed later)
- Open new sockets on low-numbered port (eg. after a kill -USR1), if you 
changed the
   configuration file
- etc...

Bruno.

-- 
Computers are like air-conditions. They don't properly work, if you open
Windows.


br.

Batara Kesuma wrote:

>Hi Jc :)
>
>On Tue, 28 May 2002 17:24:36 +0900
>"Jean-Christian Imbeault" <jean_christian@example.com> wrote:
>
>  
>
>>Is having the httpd running as root normal? Is it safe? I read that
>>apache needed to start running as root in order to bind to port 80 but
>>that after that it would switch to user nobody . . . However I still
>>have the oneprocess running as root.
>>    
>>
>
>Yes, it is normal. 
>Because the child still needs its root, for example to write the apache
>log file, etc.
>
>--bk
>
>
>  
>