Is my Apache server running as the root user or not?
Robert Watson
rwatson at freebsd.org
Sat Dec 4 10:49:32 PST 2004
On Sat, 4 Dec 2004, Jesper Wallin wrote:
>
> By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my
> Apache is running as the user "www" and the group "www" .. Yet, when I
> run sockstat, it tells me one of the forks are runned as root and
> listening on port 80 as well as the other forks are runned by www:www..
> If I got a lot of users connecting to my server on port 80, will thier
> requests ever be answered by the root fork or the www:www forks?
As other posts have pointed out, Apache runs initially as root in order to
bind a privileged port. What hasn't be mentioned explicitly is that the
credential of the process creating the initial socket is cached at
creation time, and that credential is what is later reported. The
credential is inheritted by any sockets accepted from a listen socket, so
that credential keeps being used. Since there isn't a 1:1 mapping
ofsockets to processes, or even a many:1 mapping, there's not really any
other credential around that "makes sense" to report.
You can tweak the OS policy on what id's can bind what ports using sysctl;
the ip(4) man page has details.
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Principal Research Scientist, McAfee Research
>
> --- snip ---
> [root at ninja:~]# sockstat -l4p80
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www httpd
> 18149 3 tcp4 *:80 *:*
> www httpd 18148 3 tcp4 *:80 *:*
> www httpd 18147 3 tcp4 *:80 *:*
> www httpd 14055 3 tcp4 *:80 *:*
> www httpd 14054 3 tcp4 *:80 *:*
> www httpd 14053 3 tcp4 *:80 *:*
> www httpd 14052 3 tcp4 *:80 *:*
> www httpd 14051 3 tcp4 *:80 *:*
> root httpd 14050 3 tcp4 *:80 *:*
> [root at ninja:~]#
> --- snip ---
>
>
> Best regards,
> Jesper Wallin
>
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>
More information about the freebsd-security
mailing list