On Wed, Feb 20, 2002 at 07:04:21PM +0100, Guy Geens wrote: > >>>>> "Arnaud" == Arnaud Vandyck <[EMAIL PROTECTED]> writes: > > Arnaud> Thank you, I'll try ipchains, but I didn't know apache was set > Arnaud> root (thought www-data). > > Apache starts as root, in order to bind to port 80. It also opens some > log files in /var/log/apache with root privileges IIRC. > > This `master' process spawns a number of request handlers which drop > privileges before serving requests. > > If you do `ps ax', you can see this: one apache process will have user > `root', while the others are all listed as www-data. > > Tomcat cannot use this principle, because a Java program has no way to > change the UID.
Though at some point, Tomcat 4.x should be able to do this through a native code wrapper: http://cvs.apache.org/viewcvs/~checkout~/jakarta-commons-sandbox/daemon/PROPOSAL.html?rev=1.1.1.1&content-type=text/html http://cvs.apache.org/viewcvs/~checkout~/jakarta-commons-sandbox/daemon/src/docs/daemon.html?rev=1.1.1.1&content-type=text/html --Jeff > -- > G. ``Iggy'' Geens - ICQ: #64109250 > Home: <[EMAIL PROTECTED]> - Work: <[EMAIL PROTECTED]> > WWW: http://users.pandora.be/guy.geens/ > `I want quality, not quantity. But I want lots of it!' > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
