1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: RHEL - Running HTTP server under a non root account.

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "RHEL - Running HTTP server under a non root account."

Collapse
  • darrylmg
    replied
    Originally posted by DaveB View Post
    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    Correct. It still works that way.
    Starts as root then spawns a new load of processes.

    Leave a comment:

  • bobspud
    replied
    Originally posted by DaveB View Post
    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    Yep that's how I remember it too.

    If you run ps -ef does it show root as the http process owner?

    I seem to remember there is a setting in the HTTP configuration file that sets the user to spawn to...

    Leave a comment:

  • DaveB
    started a topic RHEL - Running HTTP server under a non root account.

    RHEL - Running HTTP server under a non root account.

    I'm rusty on the technical stuff these days but we have an issue a client co. that is causing headaches as we can't get a straight answer from the supplier.

    They have configured the HTTP server running on RHEL to run as Root. This has always been a no-no for me as it means that anyone compromising the server gains Root access to the box it's running on. The excuse given is that you can't bind privileged ports <1024 to non-root services.

    Back when I was still configuring these things the Root user would kick off the HTTPd Daemon which would start the HTTP server under it's own user ID, bind the ports and then exit dropping root privileges in the process, leaving the HTTP server to run under it's own ID with access to port 80,443 etc.

    Has this changed or am I remembering it i wrong after all this time?
    Tags: None

Advertisers

  1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
Working...
X