LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-04-2004, 03:14 AM   #1
PennyroyalFrog
Member
 
Registered: Mar 2004
Location: Michigan
Distribution: Gentoo 2006.1
Posts: 107

Rep: Reputation: 15
safest way to run apache


What's the safest way to run apache, is there a way to run it not as root? make a user with privliges that allow it to start httpd but not enough where if apache is compromised a hacker can do harm to your computer? i still consider myself a linux newbie and probably will for a long time so keep that in mind . Thanks in advance.
 
Old 06-04-2004, 08:56 AM   #2
bruno buys
Senior Member
 
Registered: Sep 2003
Location: Rio
Distribution: Debian
Posts: 1,509

Rep: Reputation: 46
Well, apacheīs security isnīt root related, I guess. But I can be wrong. If you configure properly the httpd.conf file, apache will do ok. Also, you may wish to run a firewall.
There are several config options in httpd.conf, and many of them are security related. Take a good look in it, and read the docs. Iīm sure you can do a very secure http server by configuring this file.
 
Old 06-04-2004, 09:11 AM   #3
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Yeah, there is really very little chance of apache being compromised... it's very secure. The user and group that apache runs as are specified in the httpd.conf file. You can put "nobody" for both of them, or you can make a user and group called "apache" and put that for both.
 
Old 06-04-2004, 05:13 PM   #4
PennyroyalFrog
Member
 
Registered: Mar 2004
Location: Michigan
Distribution: Gentoo 2006.1
Posts: 107

Original Poster
Rep: Reputation: 15
Okay I created a user/group and edited the httpd.conf file as such. I still need to start httpd as root though right?

About firewalls, I currently use firestarter, is there a special way to configure where it leaves public access to port 80 but blocks any unwanted activity through port 80?

Thanks.
 
Old 06-04-2004, 09:14 PM   #5
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Yes, start apache as root. It will run as the user you specified in the conf file.

Sorry, no experience with firestarter.
 
Old 06-04-2004, 10:31 PM   #6
Tuttle
Senior Member
 
Registered: Jul 2003
Location: Wellington, NZ
Distribution: mainly slackware
Posts: 1,289

Rep: Reputation: 52
Quote:
Originally posted by PennyroyalFrog
About firewalls, I currently use firestarter, is there a special way to configure where it leaves public access to port 80 but blocks any unwanted activity through port 80?
I recommend This little beauty. Once you get used to the config file (/etc/iptables-firewall.conf) it's a winner!
 
Old 06-05-2004, 02:55 AM   #7
Kristijan
Member
 
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394

Rep: Reputation: 30
Also read up on chroot, its a wonderfull thing The url below works with Apache 1.3.x, but I'm sure you should be able to still do the same for Apache 2.x

http://www.linuxexposed.com/modules....rticle&sid=495
 
Old 06-05-2004, 11:57 AM   #8
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
Note that the method Kristijan recommended will not work with PHP or CGI or any other webscripting language. You may be better off using "suexec" which will work with these languages and will ensure that each user's webspace is running as their user and group. Since you're running Redhat (noted in your profile) it is fairly easy to setup suexec.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Safest: Firestarter or Fedora firewall ? Biased turkey Linux - Security 5 08-30-2004 02:05 AM
Safest XP/Mandrake 10.0 Dual Boot ljr2600 Mandriva 3 08-22-2004 10:17 PM
VMware or UML safest to run insecure OS? MikHud Linux - Security 5 08-06-2004 12:12 AM
Which is the safest way to convert ext2 > reiserfs? stelmed Slackware 5 02-27-2004 08:42 AM
Best/Safest way to link folders in VSFTPD webnoelle Linux - Security 3 01-03-2004 07:49 PM


All times are GMT -5. The time now is 08:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration