LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-16-2014, 07:32 PM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 737

Rep: Reputation: Disabled
Am I running Apache as the root user?


I am running Centos 6 and installed Apache/2.2.15 (CentOS) via Yum. I am also running PHP and definitely know it is not running as root. I was told by someone very knowledgeable that I should not be able to write to /var/log/httpd/test given the below permissions unless I was running as root. I have attempted to determine whether I am running Apache as root, but am not certain.

In my httpd.conf file, I have:
Code:
ErrorLog  /var/log/httpd/test/error.log
Can anyone please enlighten me?

Thank you

Code:
[root@devserver test]# pwd
/var/log/httpd/test
[root@devserver test]# ls -l
total 455756
-rw-r--r--. 1 root root  54859022 Dec 16 12:13 access.log
-rw-r--r--. 1 root root      1097 Dec 16 12:16 error.log
-rw-r--r--. 1 root root  24027750 Dec 16 12:13 forwarded.log
-rw-r--r--. 1 root root  54859022 Dec 16 12:13 log
-rw-r--r--. 1 root root 332912008 Dec 16 12:13 rewrite
-rw-------. 1 root root      1514 Dec 16 12:13 syslog.log
Code:
drwx------. 4 root  root      4096 Dec 14 03:06 httpd
Code:
drwxr-xr-x. 2 root  root      4096 Dec 16 13:20 test
Code:
[root@devserver ~]# ps aux | egrep '(apache|httpd)'
root     17936  0.0  0.1 404344 14592 ?        Ss   13:20   0:00 /usr/sbin/httpd
apache   17938  0.0  0.1 506148 18172 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17939  0.0  0.1 502068 14096 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17940  0.0  0.1 506932 21532 ?        S    13:20   0:01 /usr/sbin/httpd
apache   17941  0.0  0.1 508464 22892 ?        S    13:20   0:01 /usr/sbin/httpd
apache   17942  0.0  0.1 506688 18480 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17943  0.0  0.1 501992 13764 ?        S    13:20   0:03 /usr/sbin/httpd
apache   17944  0.0  0.1 506536 18460 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17945  0.0  0.1 506296 18296 ?        S    13:20   0:00 /usr/sbin/httpd
root     19375  0.0  0.0 101024   848 pts/0    S+   14:20   0:00 egrep (apache|httpd)
[root@devserver ~]# ps aux | grep apache2
root     19377  0.0  0.0 103252   840 pts/0    S+   14:20   0:00 grep apache2
[root@devserver ~]# ps axo user,group,comm | grep apache
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
[root@devserver ~]#

Last edited by NotionCommotion; 12-16-2014 at 07:35 PM.
 
Old 12-16-2014, 10:05 PM   #2
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,961
Blog Entries: 12

Rep: Reputation: Disabled
I'm pretty sure that you are running as root looking at this:
Quote:
[root@devserver ~]# ps aux | egrep '(apache|httpd)'

If not you would get: permission denied when you run /var/log/httpd/test/error.log.

-:-Running as root open's vulnerabilities and is not a wise choice It's a serious security risk-:-
-::-Once an attacker enters they can gain full root (admin) access to the entire server.-::-

The Red Hat Documentation is helpful. It always helps me.
http://www.redhat.com/en/search/how%2Bto%2Brun%2Bapache

Do you remember during your MariaDB installation setup did you disallow root login remotely?

Last edited by Ztcoracat; 12-16-2014 at 10:18 PM.
 
Old 12-16-2014, 11:03 PM   #3
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 737

Original Poster
Rep: Reputation: Disabled
Thanks Ztcoracat,

Believe me, I don't want to run as root! Just don't know how I started doing so. Where do you select which user will be used for Apache? As for MariaDB, using MySQL, and I don't see how the DB would define the user for Apache, but don't claim to know for sure.
 
Old 12-17-2014, 12:00 AM   #4
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,961
Blog Entries: 12

Rep: Reputation: Disabled
Your Welcome-

Quote:
Just don't know how I started doing so.
Probably by accident. We all have done it:- (at one point or another)

I'm not sure where to select the user; sorry:-

If I had to guess it's somewhere in the Apache Web Log In Authetication and a pop up box should open.

Best to wait for a member with more server experience.

http://httpd.apache.org/docs/2.2/howto/
http://www.yolinux.com/TUTORIALS/Lin...rotection.html
http://www.webreference.com/programm...ication/2.html
 
Old 12-17-2014, 08:17 AM   #5
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 737

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Ztcoracat View Post
I'm not sure where to select the user; sorry:-

If I had to guess it's somewhere in the Apache Web Log In Authetication and a pop up box should open.

Best to wait for a member with more server experience.
Thanks Ztcoracat,

It is a server only (no GUI). I would think it would have to be in /etc/http/conf/httpd.conf, no? I went through it and searched both "user" and "User", and found only these two lines:
Code:
User apache
Group apache
Nothing about root???

Hummm....
 
Old 12-17-2014, 05:50 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,714

Rep: Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280Reputation: 1280
You are not running apache as root. That is what the User and Group entries in the httpd.conf file are for.

What happens is that when apache is first started it MUST run as root.

1. it parses the configuration files
2. it opens privileged sockets (usually 80 and/or 443)
3. it opens log files.

THEN it does a setregid to set the group specified in the httpd.conf file,and setreuid to set the the user specified. After this, it is no longer root.

After that, the server will fork the configured number of worker processes.

This is also why the html/php files have to be readable by apache (either owned or group).

On CentOS 6 you also have SELinux security labels that can further protect the files.

Last edited by jpollard; 12-17-2014 at 05:52 PM.
 
Old 12-17-2014, 07:06 PM   #7
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,961
Blog Entries: 12

Rep: Reputation: Disabled
Quote:
What happens is that when apache is first started it MUST run as root.
Thanks; jpollard-

I didn't know.
 
Old 12-17-2014, 09:38 PM   #8
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 665

Rep: Reputation: Disabled
exactly as @jpollard said.

you acn also see if apache is keeping hold of processes :

Code:
lsof -i:<port>
ports can be 80 | 443 whichever in use
 
Old 12-17-2014, 10:14 PM   #9
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Noe that only the first Apache process (17936) is running as root. As jpollard said, the initial process must start as root . The other processes you see are the worker process, and they are running as the Apache user. So everything is as it should be.
 
Old 12-17-2014, 10:34 PM   #10
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,961
Blog Entries: 12

Rep: Reputation: Disabled
Quote:
Originally Posted by btmiller View Post
Noe that only the first Apache process (17936) is running as root. As jpollard said, the initial process must start as root . The other processes you see are the worker process, and they are running as the Apache user. So everything is as it should be.
I see that (17936) is running as root.

How can one tell that processes 17938 through 19375 are not as root?
(trying to understand)
 
Old 12-17-2014, 10:38 PM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
As the others above me have said, the results in the "ps aux | egrep '(apache|httpd)'" output in the OP are normal. The output of the same command on my system looks almost identical to that in the OP (just replace "apache" with "daemon"), and I am 100% sure that apache is running as "daemon" on my system based on the permissions of the files created by apache.
 
Old 12-17-2014, 10:39 PM   #12
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,561

Rep: Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127Reputation: 2127
Quote:
Originally Posted by Ztcoracat View Post
I see that (17936) is running as root.

How can one tell that processes 17938 through 19375 are not as root?
(trying to understand)
Because the owner of the process is clearly "apache", as indicated by the first column in your "ps aux" output.
 
Old 12-17-2014, 10:48 PM   #13
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,961
Blog Entries: 12

Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post
Because the owner of the process is clearly "apache", as indicated by the first column in your "ps aux" output.
Ok I see now:-
 
Old 12-20-2014, 11:08 PM   #14
Ztcoracat
LQ Guru
 
Registered: Dec 2011
Distribution: Slackware
Posts: 7,961
Blog Entries: 12

Rep: Reputation: Disabled
NotionCommotion:

I'm sorry that I was mistaken.
I had thought for sure that apache was running as 'root'-

Maybe try looking in /etc/httpd/conf and see if there's more than just User apache and
Group apache.
http://linuxsite.org/httpd-conf-location-on-linux
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Running a single command/script as root user through Apache/PHP nonshatter Ubuntu 1 02-06-2012 01:34 AM
How to change a process running in root-user to non-root user ???????????????????? narendra1310 Linux - Software 4 10-29-2009 03:11 AM
Running Apache as root user on an embedded distribution sharad Linux - General 1 09-11-2006 04:01 AM
Apache - running as root The_JinJ Linux - Software 2 11-26-2004 02:43 AM
Running apache as root at startup asktoby Linux - Security 2 01-07-2004 06:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration