RHEL - Running HTTP server under a non root account.
+ Reply to Thread
Posts 1 to 3 of 3
  1. #1

    Nice But Dim

    DaveB's Avatar
    Join Date
    Oct 2005
    Posts
    18,779
    Thanks (Given)
    42
    Thanks (Received)
    799
    Likes (Given)
    367
    Likes (Received)
    2414

    Default RHEL - Running HTTP server under a non root account.

    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

  2. #2

    Super poster


    Join Date
    Jan 2009
    Posts
    3,315
    Thanks (Given)
    175
    Thanks (Received)
    98
    Likes (Given)
    941
    Likes (Received)
    459

    Default

    Quote Originally Posted by DaveB View Post
    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    Yep that's how I remember it too.

    If you run ps -ef does it show root as the http process owner?

    I seem to remember there is a setting in the HTTP configuration file that sets the user to spawn to...

  3. #3

    More time posting than coding

    darrylmg's Avatar
    Join Date
    Sep 2012
    Location
    UK - South West
    Posts
    247
    Thanks (Given)
    2
    Thanks (Received)
    4
    Likes (Given)
    1
    Likes (Received)
    25

    Default

    Quote Originally Posted by DaveB View Post
    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    Correct. It still works that way.
    Starts as root then spawns a new load of processes.
    Don't believe it, until you see it!

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.