首页 > 运维 > Apache > 正文

apache如何在普通用户下启动

王林
发布: 2020-08-28 16:10:36
转载
4259 人浏览过

apache如何在普通用户下启动

目标:

(推荐教程:apache

普通用户编译的apache,要在该用户下启动1024端口以下的apache端口。

1、假设普通用户为sims20,用该用户编译 安装了一个apache,安装路径为/opt/aspire/product/sims20/apache

./configure --prefix=/opt/aspire/product/sims20/apache   --enable-so --enable-modules=all   --enable-mods-shared=all   --enable-mods-shared='proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_rewrite'
make  
make install
登录后复制

2、编译完成后,设置http.conf的监听端口为80

3、直接用普通用户sims20启动

  [sims20@bcd-app01 bin]$ ./apachectl  start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
登录后复制

出错原因:在linux下,普通用户只能用1024以上的端口,而1024以内的端口只能由root用户才可以使用

4、利用setuid来解决问题,这样使用httpd能以root权限运行

用root用户登录,进入/opt/aspire/product/sims20/apache/bin,分别用chown root httpd、chmod u+s httpd 设置httpd的属主为root及特殊权限

[root@bcd-app01 bin]# ls  -l  httpd
-rwxr-xr-x 1 sims20 aspire 3517470  3月 15 17:12 httpd
[root@bcd-app01 bin]# chown root  httpd
[root@bcd-app01 bin]# ls  -l  httpd
-rwxr-xr-x 1 root aspire 3517470  3月 15 17:12 httpd
[root@bcd-app01 bin]# chmod u+s httpd
[root@bcd-app01 bin]# ls  -l  httpd
-rwsr-xr-x 1 root aspire 3517470  3月 15 17:12 httpd
登录后复制

5、重新进入普通用户sims20,启动apache

[sims20@bcd-app01 bin]$ ./apachectl  start
登录后复制

可以正常启动,没报错

6、试着访问一下

 [sims20@bcd-app01 bin]$ curl  http://10.24.12.159:80
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don&#39;t have permission to access /
on this server.</p>
</body></html>
登录后复制

报403 Forbidden错误

7、看一下进程

[sims20@bcd-app01 bin]$ ps  -ef |grep httpd
root      7841     1  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7844  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7845  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7846  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7847  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
daemon    7848  7841  0 17:24 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    8006  3026  0 17:29 pts/4    00:00:00 grep httpd
登录后复制

怎么跑出daemon 用户了, 原来httpd主进程仍然以root用户的权限运行,而它的子进程将以一个较低权限的用户运行 ,而这个较低权限用户daemon 在http.conf中配置

8、在http.conf中配置一下,将用户改成root

User daemon
Group daemon
登录后复制

改成

User root
Group root
登录后复制

9、再次用普通用户启动apache

[sims20@bcd-app01 bin]$ ./apachectl  restart
Syntax error on line 76 of /opt/aspire/product/sims20/apache/conf/httpd.conf:
Error:\tApache has not been designed to serve pages while\n\trunning as root.  
There are known race conditions that\n\twill allow any local user to read any file on the system.\n\tIf you still desire to serve pages as root then\n\tadd -DBIG_SECURITY_HOLE to the CFLAGS env variable\n\tand then rebuild the server.\n\tIt is strongly suggested that you instead modify the User\n\tdirective in your httpd.conf file to list a non-root\n\tuser.\n
登录后复制

不行的,要重新加参数编译

10、再次修改在http.conf中配置一下,将用户改成普通用户吧

改成

User sims20
Group aspire
登录后复制

11、再次用普通用户sims20启动apache

[sims20@bcd-app01 bin]$ ./apachectl  start
[sims20@bcd-app01 bin]$ ps  -ef  |grep  httpd
root      9720     1  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9721  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9722  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9723  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9724  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9725  9720  0 18:09 ?        00:00:00 /opt/aspire/product/sims20/apache/bin/httpd -k start
sims20    9739  3026  0 18:09 pts/4    00:00:00 grep httpd
登录后复制

12、试着访问一下

[sims20@bcd-app01 bin]$ curl  http://10.248.12.159:80
<html><body><h1>It works!</h1></body></html>
登录后复制

成功了。

以上是apache如何在普通用户下启动的详细内容。更多信息请关注PHP中文网其他相关文章!

相关标签:
来源:cnblogs.com
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
热门教程
更多>
最新下载
更多>
网站特效
网站源码
网站素材
前端模板