Shulou(Shulou.com)06/02 Report--

Editor to share with you how to start apache under ordinary users. I hope you will gain a lot after reading this article. Let's discuss it together.

Goal:

For an apache compiled by an ordinary user, start the apache port below port 1024 under that user.

1. Suppose the ordinary user is sims20, and an apache is compiled and installed with this user, and the installation path is / opt/aspire/product/sims20/apache.

. / configure-prefix=/opt/aspire/product/sims20/apache-enable-so-enable-modules=all-enable-mods-shared=all-enable-mods-shared='proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_rewrite'make make install

2. After compiling, set the listening port of http.conf to 80

3. Start directly with ordinary user sims20

[sims20@bcd-app01 bin] $. / apachectl start (13) Permission denied: make_sock: could not bind to address [:]: 80 (13) Permission denied: make_sock: could not bind to address 0.0.0.0:80no listening sockets available, shutting downUnable to open logs

Cause of error: under linux, ordinary users can only use more than 1024 ports, while ports less than 1024 can only be used by root users

4. Use setuid to solve the problem, so that you can run with root privileges with httpd

Log in with root user, enter / opt/aspire/product/sims20/apache/bin, and use chown root httpd and chmod Utility httpd to set the owner of httpd to root and special permissions respectively.

[root@bcd-app01 bin] # ls-l httpd-rwxr-xr-x 1 sims20 aspire 3517470 March 15 17:12 httpd [root@bcd-app01 bin] # chown root httpd [root@bcd-app01 bin] # ls-l httpd-rwxr-xr-x 1 root aspire 3517470 March 15 17:12 httpd [root@bcd-app01 bin] # chmod uits httpd [root@bcd-app01 bin] # ls-l httpd-rwsr-xr-x 1 root aspire 3517470 March 15 17:12 httpd

5. Re-enter the normal user sims20 and start apache

[sims20@bcd-app01 bin] $. / apachectl start

It can be started normally, and the report is correct.

6. Try to visit

[sims20@bcd-app01 bin] $curl http://10.24.12.159:80403 ForbiddenForbidden

You don't have permission to access / on this server.

403 Forbidden error reported

Take a look at the progress

[sims20@bcd-app01 bin] $ps-ef | grep httpdroot 7841 1 0 17:24? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startdaemon 7844 7841 0 17:24? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startdaemon 7845 7841 0 17:24? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startdaemon 7846 7841 0 17:24? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startdaemon 7847 7841 0 17:24? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startdaemon 7848 7841 0 17:24? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startsims20 8006 8006 17:29 pts/4 00:00:00 grep httpd

How to get out of the daemon user? the original httpd main process is still running with the privileges of the root user, while its child process will run with a lower privilege user, and this lower privilege user daemon is configured in http.conf.

8. Configure it in http.conf and change the user to root.

User daemonGroup daemon

Change to

User rootGroup root

9. Start apache with an ordinary user again

[sims20@bcd-app01 bin] $. / apachectl restartSyntax error on line 76 of / opt/aspire/product/sims20/apache/conf/httpd.conf:Error:\ tApache has not been designed to serve pages while\ n\ trunning as root. There are known race conditions that\ n\ twill allow any local user to read any file on the system.\ n\ tIf you still desire to serve pages as root then\ n\ tadd-DBIG_SECURITY_HOLE to the CFLAGS env variable\ n\ tand then rebuild the server.\ n\ tIt is strongly suggested that you instead modify the User\ n\ tdirective in your httpd.conf file to list a non-root\ n\ tuser.\ n

No, you have to add new parameters to compile.

10. Modify the configuration in http.conf again and change the user to an ordinary user.

Change to

User sims20Group aspire

11. Start apache again with ordinary user sims20

[sims20@bcd-app01 bin] $. / apachectl start [sims20@bcd-app01 bin] $ps-ef | grep httpdroot 9720 10 18:09? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startsims20 9721 9720 0 18:09? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startsims20 9722 9720 18:09? 00:00:00 / opt/aspire / product/sims20/apache/bin/httpd-k startsims20 9723 9720 0 18:09? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startsims20 9724 9720 0 18:09? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startsims20 9725 9720 0 18:09? 00:00:00 / opt/aspire/product/sims20/apache/bin/httpd-k startsims20 9739 3026 0 18 : 09 pts/4 00:00:00 grep httpd

12. Try to visit

[sims20@bcd-app01 bin] $curl http://10.248.12.159:80It works!

Succeed.

After reading this article, I believe you have a certain understanding of the method of starting apache under ordinary users. If you want to know more about it, welcome to follow the industry information channel. Thank you for your reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.