How to start apache under ordinary user
Target:
(Recommended tutorial: apache)
Apache compiled by ordinary users must be started under this user Apache ports below port 1024.
1. Assume that the ordinary user is sims20. Use this user to compile and install an apache. The installation path is /opt/aspire/product/sims20/apache
./configure --prefix=/opt/aspire/product/sims20/apache --enable-so --enable-modules=all --enable-mods-shared=all --enable-mods-shared='proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_rewrite' make make install
2. After the compilation is completed, set The listening port of http.conf is 80
3. Start directly with ordinary user sims20
[sims20@bcd-app01 bin]$ ./apachectl start (13)Permission denied: make_sock: could not bind to address [::]:80 (13)Permission denied: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs
Cause of error: Under Linux, ordinary users can only use ports above 1024, and ports within 1024 The port can only be used by the root user
4. Use setuid to solve the problem, so that httpd can be run with root permissions
Log in with the root user and enter /opt/aspire/product/ sims20/apache/bin, use chown root httpd and chmod u s httpd respectively to set the owner of httpd to root and special permissions
[root@bcd-app01 bin]# ls -l httpd -rwxr-xr-x 1 sims20 aspire 3517470 3月 15 17:12 httpd [root@bcd-app01 bin]# chown root httpd [root@bcd-app01 bin]# ls -l httpd -rwxr-xr-x 1 root aspire 3517470 3月 15 17:12 httpd [root@bcd-app01 bin]# chmod u+s httpd [root@bcd-app01 bin]# ls -l httpd -rwsr-xr-x 1 root aspire 3517470 3月 15 17:12 httpd
5. Re-enter the ordinary user sims20 and start apache
[sims20@bcd-app01 bin]$ ./apachectl start
Yes Started normally, no error reported
6. Try to access
[sims20@bcd-app01 bin]$ curl http://10.24.12.159:80 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access / on this server.</p> </body></html>
and reported 403 Forbidden error
7. Check how the process
[sims20@bcd-app01 bin]$ ps -ef |grep httpd root 7841 1 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7844 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7845 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7846 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7847 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start daemon 7848 7841 0 17:24 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 8006 3026 0 17:29 pts/4 00:00:00 grep httpd
ran out of the daemon User, it turns out that the httpd main process still runs with the permissions of the root user, and its child processes will run as a user with lower permissions, and this lower permissions user daemon is configured in http.conf
8 , configure it in http.conf, change the user to root
User daemon Group daemon
to
User root Group root
9. Start apache
[sims20@bcd-app01 bin]$ ./apachectl restart Syntax error on line 76 of /opt/aspire/product/sims20/apache/conf/httpd.conf: Error:\tApache has not been designed to serve pages while\n\trunning as root. There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
User sims20 Group aspire
[sims20@bcd-app01 bin]$ ./apachectl start [sims20@bcd-app01 bin]$ ps -ef |grep httpd root 9720 1 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9721 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9722 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9723 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9724 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9725 9720 0 18:09 ? 00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start sims20 9739 3026 0 18:09 pts/4 00:00:00 grep httpd
[sims20@bcd-app01 bin]$ curl http://10.248.12.159:80 <html><body><h1>It works!</h1></body></html>
The above is the detailed content of How to start apache under ordinary user. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1381
52
How to run the h5 project
Apr 06, 2025 pm 12:21 PM
Running the H5 project requires the following steps: installing necessary tools such as web server, Node.js, development tools, etc. Build a development environment, create project folders, initialize projects, and write code. Start the development server and run the command using the command line. Preview the project in your browser and enter the development server URL. Publish projects, optimize code, deploy projects, and set up web server configuration.
How to export pdf with xml
Apr 03, 2025 am 06:45 AM
There are two ways to export XML to PDF: using XSLT and using XML data binding libraries. XSLT: Create an XSLT stylesheet, specify the PDF format to convert XML data using the XSLT processor. XML Data binding library: Import XML Data binding library Create PDF Document object loading XML data export PDF files. Which method is better for PDF files depends on the requirements. XSLT provides flexibility, while the data binding library is simple to implement; for simple conversions, the data binding library is better, and for complex conversions, XSLT is more suitable.
How to set character encoding on the server side to solve Bootstrap Table garbled
Apr 07, 2025 pm 12:00 PM
To set character encoding on the server side to solve the garbled Bootstrap Table, you need to follow the following steps: check the server character encoding; edit the server configuration file; set the character encoding to UTF-8; save and restart the server; verify the encoding.
How to set the cgi directory in apache
Apr 13, 2025 pm 01:18 PM
To set up a CGI directory in Apache, you need to perform the following steps: Create a CGI directory such as "cgi-bin", and grant Apache write permissions. Add the "ScriptAlias" directive block in the Apache configuration file to map the CGI directory to the "/cgi-bin" URL. Restart Apache.
How to check Debian OpenSSL configuration
Apr 12, 2025 pm 11:57 PM
This article introduces several methods to check the OpenSSL configuration of the Debian system to help you quickly grasp the security status of the system. 1. Confirm the OpenSSL version First, verify whether OpenSSL has been installed and version information. Enter the following command in the terminal: If opensslversion is not installed, the system will prompt an error. 2. View the configuration file. The main configuration file of OpenSSL is usually located in /etc/ssl/openssl.cnf. You can use a text editor (such as nano) to view: sudonano/etc/ssl/openssl.cnf This file contains important configuration information such as key, certificate path, and encryption algorithm. 3. Utilize OPE
How to start apache
Apr 13, 2025 pm 01:06 PM
The steps to start Apache are as follows: Install Apache (command: sudo apt-get install apache2 or download it from the official website) Start Apache (Linux: sudo systemctl start apache2; Windows: Right-click the "Apache2.4" service and select "Start") Check whether it has been started (Linux: sudo systemctl status apache2; Windows: Check the status of the "Apache2.4" service in the service manager) Enable boot automatically (optional, Linux: sudo systemctl
How to use Debian Apache logs to improve website performance
Apr 12, 2025 pm 11:36 PM
This article will explain how to improve website performance by analyzing Apache logs under the Debian system. 1. Log Analysis Basics Apache log records the detailed information of all HTTP requests, including IP address, timestamp, request URL, HTTP method and response code. In Debian systems, these logs are usually located in the /var/log/apache2/access.log and /var/log/apache2/error.log directories. Understanding the log structure is the first step in effective analysis. 2. Log analysis tool You can use a variety of tools to analyze Apache logs: Command line tools: grep, awk, sed and other command line tools.
How to delete more than server names of apache
Apr 13, 2025 pm 01:09 PM
To delete an extra ServerName directive from Apache, you can take the following steps: Identify and delete the extra ServerName directive. Restart Apache to make the changes take effect. Check the configuration file to verify changes. Test the server to make sure the problem is resolved.
