Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-04-2004, 02:14 AM
|
#1
|
Member
Registered: Mar 2004
Location: Michigan
Distribution: Gentoo 2006.1
Posts: 107
Rep:
|
safest way to run apache
What's the safest way to run apache, is there a way to run it not as root? make a user with privliges that allow it to start httpd but not enough where if apache is compromised a hacker can do harm to your computer? i still consider myself a linux newbie and probably will for a long time so keep that in mind . Thanks in advance.
|
|
|
06-04-2004, 07:56 AM
|
#2
|
Senior Member
Registered: Sep 2003
Location: Rio
Distribution: Debian
Posts: 1,513
Rep:
|
Well, apacheīs security isnīt root related, I guess. But I can be wrong. If you configure properly the httpd.conf file, apache will do ok. Also, you may wish to run a firewall.
There are several config options in httpd.conf, and many of them are security related. Take a good look in it, and read the docs. Iīm sure you can do a very secure http server by configuring this file.
|
|
|
06-04-2004, 08:11 AM
|
#3
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
Yeah, there is really very little chance of apache being compromised... it's very secure. The user and group that apache runs as are specified in the httpd.conf file. You can put "nobody" for both of them, or you can make a user and group called "apache" and put that for both.
|
|
|
06-04-2004, 04:13 PM
|
#4
|
Member
Registered: Mar 2004
Location: Michigan
Distribution: Gentoo 2006.1
Posts: 107
Original Poster
Rep:
|
Okay I created a user/group and edited the httpd.conf file as such. I still need to start httpd as root though right?
About firewalls, I currently use firestarter, is there a special way to configure where it leaves public access to port 80 but blocks any unwanted activity through port 80?
Thanks.
|
|
|
06-04-2004, 08:14 PM
|
#5
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
Yes, start apache as root. It will run as the user you specified in the conf file.
Sorry, no experience with firestarter.
|
|
|
06-04-2004, 09:31 PM
|
#6
|
Senior Member
Registered: Jul 2003
Location: Wellington, NZ
Distribution: mainly slackware
Posts: 1,291
Rep:
|
Quote:
Originally posted by PennyroyalFrog
About firewalls, I currently use firestarter, is there a special way to configure where it leaves public access to port 80 but blocks any unwanted activity through port 80?
|
I recommend This little beauty. Once you get used to the config file (/etc/iptables-firewall.conf) it's a winner!
|
|
|
06-05-2004, 01:55 AM
|
#7
|
Member
Registered: Sep 2003
Location: Melbourne, Australia
Distribution: NetBSD 3.0.1, Slackware 10.1
Posts: 394
Rep:
|
Also read up on chroot, its a wonderfull thing The url below works with Apache 1.3.x, but I'm sure you should be able to still do the same for Apache 2.x
http://www.linuxexposed.com/modules....rticle&sid=495
|
|
|
06-05-2004, 10:57 AM
|
#8
|
Member
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736
Rep:
|
Note that the method Kristijan recommended will not work with PHP or CGI or any other webscripting language. You may be better off using "suexec" which will work with these languages and will ensure that each user's webspace is running as their user and group. Since you're running Redhat (noted in your profile) it is fairly easy to setup suexec.
|
|
|
All times are GMT -5. The time now is 10:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|