Re: [EMAIL PROTECTED] RE: failure notice

2006-04-06 Thread Victor Trac
If the UID of the apache process somehow gets compromised, it would be better to have that account running as a non-privileged account than as root.  At least then the UID is somewhat confined to the account's access restrictions, rather than have access to the entire file system as root. -VictorOn

[EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread httpd2
On Wed, 5 Apr 2006, Amalan, S wrote: > To: users@httpd.apache.org > From: "Amalan, S" <[EMAIL PROTECTED]> > Subject: RE: [EMAIL PROTECTED] RE: failure notice > > Thanks much. This explains why my installation did not need root > privileges - I was running it

Re: [EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread Sean Conner
It was thus said that the Great Amalan, S once stated: > > Thanks much. This explains why my installation did not need root > privileges - I was running it on port 1150 or so. > > This also brings up the question: is there a reason to set the port to > be below 1024 so that only root can start i

RE: [EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread Amalan, S
-zero UID account? And if you weren't root to begin with you wouldn't be able to startup Apache anyway. Amalan -Original Message- From: Ross A. Del Duca [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 05, 2006 1:10 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] R

RE: [EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread Axel-Stéphane SMORGRAV
:08 PM To: users@httpd.apache.org Subject: Re: [EMAIL PROTECTED] RE: failure notice Well.. on most unix systems I believe, you wont get a program to bind to a port number that's under 1024 unless the program is being run by root. The other ports are open to any user. -Dave - Or

Re: [EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread Ross A. Del Duca
The catch is the port. If your server is not listening on standard ports (80 or 443) you can start your server up as any user. However, the privileged ports (1-1024) are generally (always?) restricted so that only UID 0 can create listeners that bind to them. As indicated by a previous post, the

Re: [EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread David Salisbury
: Wednesday, April 05, 2006 10:43 AM Subject: RE: [EMAIL PROTECTED] RE: failure notice Not to interrupt an on-going discussion, but I am interested in the user/group requirements for Apache as well. I didn't see anywhere on the Apache website for installation steps that one needs to be root in

RE: [EMAIL PROTECTED] RE: failure notice

2006-04-05 Thread Amalan, S
ECTED] Sent: Saturday, April 01, 2006 8:43 AM To: users@httpd.apache.org Subject: [EMAIL PROTECTED] RE: failure notice Do you have the User and Group directives set in your httpd.conf file? Eg User wwwrun Group nogroup Apache will initially start as root user and bind to port 80, then swit

[EMAIL PROTECTED] RE: failure notice

2006-04-01 Thread httpd2
Do you have the User and Group directives set in your httpd.conf file? Eg User wwwrun Group nogroup Apache will initially start as root user and bind to port 80, then switch to running as the specified user and group. The group and user need to be valid system accounts on your server. You