httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krist van Besien" <>
Subject Re: [users@httpd] apache as non-root
Date Thu, 08 Nov 2007 14:13:44 GMT
On Nov 8, 2007 2:55 PM, Joshua Slive <> wrote:
> On Nov 8, 2007 7:11 AM, Axel-Stephane  SMORGRAV
> <> wrote:
> > I think you would need to elaborate on that statement. Frankly I can see a few differences,
but I am not sure whether those are what you were thinking about. Apache also does a chuid/chgid
effectively changing the UID/GID of the process to something which is hopefully not privileged.
> >
> > Whether Apache is started with sudo or is suid root, anyone able start an Apache
instance with the configuration of his/her choice can do bad things on the server.
> No, if apache is started with normal user privileges, it can't do harm
> beyond the privileges of that user. By setting apache suid root,
> anyone on your system can obtain complete root access by using the -f
> flag to specify a config file. (I won't give specifics of what you
> need to put in the config file, but it is quite easy for anyone with
> some apache knowledge.)

You could use a wrapper script (as I do) that the user can't change.


Bremgarten b. Bern, Switzerland
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message