add user to apache can 't restart httpd

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

add user to apache can 't restart httpd

add user to apache can 't restart httpd

2005-06-21 - By Greg Hosler

Back

Reply: 1 2

On 21-Jun-2005 Leuy Eeelyu wrote:
> Hi.. Our httpd process is started with root and the
> owner of the process is apache. As apache is without
> shell /bin/nologin, I added a normal user to the
> apache group in /etc/group as below
>
> apache:x:48:csim
>
> But I still can't use the user account to restart
> httpd process. Do you know why?
>
> [csim@(protected) ~]$ /etc/init.d/httpd restart
> rm: cannot remove `/var/run/httpd.pid': Permission
> denied

ls -ld /var/run/
drwxr-xr-x 14 root root 1024 Jun 20 15:29 /var/run/

well, obviously, non-root accounts will not be able
to manage the pid files in /var/run :)

> Starting httpd:
> touch: cannot touch `/var/lock/subsys/httpd':
> Permission denied

ls -ld /var/lock/subsys
drwxr-xr-x 2 root root 1024 Jun 20 15:29 /var/lock/subsys

similarly here!

> P/s:I know about sudo function, just want to know the
> reason why the user account can't restart httpd even
> it is in apache user group

'creating' an apache user is not sufficient to start up the
httpd server. ignoring the above obvious pid / process
management directories, you will further have the issue
that apache will go to open port 80. port 80 is a privileged
port, and will thus *require* root level privileges in order
to open a socket on that port!

by the way, the same is true for virtually every other system
service (they typically will open a privileged port. e.g. sendmail
will open port 25, vsftpd will open ports 20,21, etc.) This is
one (of several) reasons that system services are started as the
root user, but then quickly 'drop' privileges to a non-root user
once they have opened their privileged port.

If you really have the need for a non-root user to be able to
start/stop/restart a system service, then sudo is your friend :)

best rgds,

-Greg

>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> --
> Taroon-list mailing list
> Taroon-list@(protected)
> http://www.redhat.com/mailman/listinfo/taroon-list

+-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------+
You can release software that's good, software that's inexpensive, or
software that's available on time. You can usually release software
that has 2 of these 3 attributes -- but not all 3.
| Greg Hosler greg@(protected) |
+-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------+

--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list

Earn $52 per hosting referral at Lunarpages.