Working as root while Apache is running; how much a risk?
Michael Sullivan
michael at espersunited.com
Fri Jul 9 18:41:49 UTC 2004
When I issue a "ps -ef | grep httpd" I get:
[root at bullet root]# ps -ef | grep httpd
root 1938 1 0 13:06 ? 00:00:03 /usr/sbin/httpd
apache 2063 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2064 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2065 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2066 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2067 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2068 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2069 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
apache 2070 1938 0 13:06 ? 00:00:00 /usr/sbin/httpd
root 2419 2367 0 13:36 pts/1 00:00:00 grep httpd
How do I fix this? I've tried doing "su apache", but it tells me that
the account is not available....
> On Fri, Jul 09, 2004 at 12:47:15PM -0400, Wayne Leutwyler wrote:
> > Try this:
> >
> > ps -ef | grep httpd
> >
> > What you should see is something like below:
> >
> > apache 10423 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10424 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10425 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10426 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10427 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10428 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10429 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> > apache 10430 1125 0 04:02 ? 00:00:00 /usr/sbin/httpd
> > -DHAVE_ACCESS -D
> >
> > Now if you see root where apache is that means your httpd server was
> > started by the root user. You should change that ASAP. As you can see
> > in my example my httpd server was started by the apache user.
> >
> > I hope this example helps.
> >
> > Bottom line is that you can log into your server as root and you dont
> > have to stop the httpd server if the process or processes are owned by
> > the apache user.
More information about the fedora-list
mailing list